Comments (6)
Jakuje
commented on July 18, 2024
Can you get a backtrace from the crash? It looks like some double-free or uninitialized value when freeing EVP_PKEY, but from this information, it is hard to guess what went wrong where. Most of the world is already on OpenSSL 3.0, can you check if #2930 will solve the problem for you?
from opensc.
fzakfeld
commented on July 18, 2024
Sure, here is the backtrace:
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xa9)
* frame #0: 0x00000001008a2bd4 libcrypto.3.dylib`evp_pkey_free_legacy + 44
frame #1: 0x00000001008a2c50 libcrypto.3.dylib`evp_pkey_free_it + 28
frame #2: 0x00000001008a094c libcrypto.3.dylib`EVP_PKEY_free + 72
frame #3: 0x000000010095171c libcrypto.3.dylib`x509_pubkey_ex_free + 56
frame #4: 0x00000001007bb874 libcrypto.3.dylib`ossl_asn1_template_free + 184
frame #5: 0x00000001007bb64c libcrypto.3.dylib`ossl_asn1_item_embed_free + 248
frame #6: 0x00000001007bb874 libcrypto.3.dylib`ossl_asn1_template_free + 184
frame #7: 0x00000001007bb64c libcrypto.3.dylib`ossl_asn1_item_embed_free + 248
frame #8: 0x00000001007bb548 libcrypto.3.dylib`ASN1_item_free + 28
frame #9: 0x00000001000316b4 openvpn`pkcs11_certificate_dn + 48
frame #10: 0x00000001000311b4 openvpn`show_pkcs11_ids + 424
frame #11: 0x0000000100041bf8 openvpn`add_option + 39528
frame #12: 0x0000000100038058 openvpn`parse_argv + 532
frame #13: 0x0000000100031da0 openvpn`main + 224
frame #14: 0x00000001af113e50 dyld`start + 2544
I am not quite sure how I should check if #2930 solves my issue. The openvpn command is using OpenSSL 3:
➜ ~ openvpn --version
OpenVPN 2.6.8 aarch64-apple-darwin22.6.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
Not sure if the library uses something else, if so please let me know how I can see this.
from opensc.
Jakuje
commented on July 18, 2024
I am not quite sure how I should check if #2930 solves my issue. The openvpn command is using OpenSSL 3:
You can go to checks and there should be OSX build for download as part of the test artifacts.
The problem is that the opensc is built against the openssl 1.1 (before #2930) and openvpn against 3 so it might theoretically cause some trouble. But technically, no openssl objects should be passed through the pkcs11 interface so I believe this would be some issue on the openvpn side.
I see that the openvpn is using pkcs11-helper to access opensc so I would also check the pkcs11-helper:
https://github.com/OpenSC/pkcs11-helper
from opensc.
frankmorgner
commented on July 18, 2024
I cannot reproduce this, the command is working as expected for me.
from opensc.
frankmorgner
commented on July 18, 2024
I cannot reproduce this, the command is working as expected for me.
Tested on Apple m1 Sonoma, OpenSC release 0.24.0, OpenVPN 3.2.1 from homebrew
from opensc.
frankmorgner
commented on July 18, 2024
Please try reading the OpenVPN debug files if there are any pkcs#11 related errors
https://openvpn.net/vpn-server-resources/logging-and-debug-flag-options-for-access-server/
from opensc.
Related Issues (20)
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
- Closing orphaned open sessions HOT 2
- Extend the tests with PivApplet to use piv-tool instead of yubico-piv-tool
- Understanding/Documentation of why after ssh-ing to a system the card readers dissapear. HOT 4
- Current master fails to build (problem with man pages?) HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.