-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl operations involving pcks11 and softHSM result in segfault on exit #729
Comments
FWIW, I believe this issue is related: |
Its untested as of yet, but something like this I think would avoid the issue: |
For details see: openssl/openssl#22508 softhsm/SoftHSMv2#729 Signed-off-by: Michael Olbrich <[email protected]>
FTR: I've tried proposed patch, but it unfortunately brings another issue: SoftHSM throws the error on token creation in free slots. With the patch applied, and following executed:
Content of /home/zandrey/softhsm2/softhsm2.conf:
Strangely enough, there is a new slot that is created by that call. It is just that -- andrey |
@zandrey sorry about that, I don't have a setup here to test it out, it was really just meant to be a suggestion for a type of fix to the softHSM maintainers. They're going to have to come up with something more robust I'm afraid. Though I've not seen any activity herein some time, so I'm starting to wonder if theres a shortage of people on this project. |
Fixes (Maybe) softhsm#729. Reset objects_deleted after reset is called.
@michaelolbrich and me looked at this again and decided that this particular issue can be fixed by resettting the global variable during |
Correct, I've tested the updated patch and both the original |
@michaelweiser Thats good information, thank you. Any chance you have contacts with the SoftHSM maintainers and can get them to incorporate that? |
Is there a PR for this? |
Fixes (Maybe) softhsm#729. Reset objects_deleted after reset is called.
Sorry for the wait, there is #742 now. |
recently this bug was reported to openssl:
openssl/openssl#22508
Analysis of the problem revealed what is something of an intractable problem.
To summarize the issue:
There are a few potential workarounds for this, but it seems to me that the most correct fix would be for softHSM to not delete that data until all references to it were freed from using libraries. While this is more arguably a shortcoming in the C++ standard, I think the best fix would be for softHSM to modify the implementation of the PCKS api in main.cpp such that it can detect when its global object constructors have been called (via a global variable), and return an appropriate status code without attempting to access the now-deleted object data
The text was updated successfully, but these errors were encountered: