[MacPorts] #52623: Fails to properly complete operation and disconnect on Sierra

MacPorts noreply at macports.org
Sun Oct 16 04:37:42 CEST 2016 

#52623: Fails to properly complete operation and disconnect on Sierra
--------------------+--------------------------------
 Reporter:  uri@…   |      Owner:  macports-tickets@…
     Type:  defect  |     Status:  new
 Priority:  Normal  |  Milestone:
Component:  ports   |    Version:  2.3.4
 Keywords:          |       Port:  p11-kit
--------------------+--------------------------------
 The symptoms are described here:
 [https://github.com/OpenSC/libp11/issues/123]

 The following command hangs up when PKCS11_MODULE_PATH=/opt/local/lib/p11
 -kit-proxy.dylib:
 {{{
 $ openssl dgst -engine pkcs11 -keyform engine -sign
 "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -sha384
 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out t256.dat.sig
 t256.dat
 engine "pkcs11" set.
 PKCS#11 token PIN:
 ^C      [have to kill this hanging process]
 $ openssl dgst -engine pkcs11 -keyform engine -verify
 "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -sha384
 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature
 t256.dat.sig t256.dat
 engine "pkcs11" set.
 Verified OK
 $
 }}}
 The signature file t256.dat.sig is created, and can be verified (as shown
 above). But signing command does not exit, and has to be killed manually.


 If PKCS11_MODULE_PATH is set to, e.g., /Library/OpenSC/lib/opensc-
 pkcs11.dylib, it completes and exits correctly.

 Running with PKCS11_MODULE_PATH=/Library/OpenSC/lib/pkcs11-spy.dylib and
 PKCS11SPY=/opt/local/lib/p11-kit-proxy.dylib shows that everything seems
 to run fine, up until the very last step C_Finalize where it does not
 return:
 {{{
 . . . . .
 98: C_Sign
 2016-10-15 22:20:29.843
 [in] hSession = 0x11
 [in] pData[ulDataLen] 00007f99c7703cd0 / 256
     00000000  0B 10 33 11 4B 5D 72 30 6C A5 6C 94 4E B6 6C 4A
 ..3.K]r0l.l.N.lJ
     00000010  B3 FE A4 47 6A B4 01 64 01 9F C5 B7 7A 8F 62 10
 ...Gj..d....z.b.
     . . . . .
     000000F0  CA 30 0A D2 70 CC 25 36 AB DE C9 B4 CF 35 46 BC
 .0..p.%6.....5F.
 [out] pSignature[*pulSignatureLen] 00007f99c8002400 / 256
     00000000  6C D9 35 4C AC 1F 91 55 CB 89 5A FC 26 AB 83 0F
 l.5L...U..Z.&...
     00000010  F6 21 37 74 FE 4E 72 55 B7 00 B0 BF D7 84 F3 81
 .!7t.NrU........
     . . . . .
     000000F0  76 E0 1D AF CC EF 32 80 AD E0 5C 38 B2 3E 67 33
 v.....2...\8.>g3
 Returned:  0 CKR_OK

 99: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x10
 Returned:  0 CKR_OK

 100: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x11
 Returned:  0 CKR_OK

 101: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x12
 Returned:  0 CKR_OK

 102: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x13
 Returned:  0 CKR_OK

 103: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x14
 Returned:  0 CKR_OK

 104: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x15
 Returned:  0 CKR_OK

 105: C_CloseAllSessions
 2016-10-15 22:20:30.517
 [in] slotID = 0x16
 Returned:  0 CKR_OK

 106: C_Finalize
 2016-10-15 22:20:30.517
 ^C
 $
 }}}
 It appears to be seeing and trying to work with many more token slots than
 I seem to have/use.


 Here's what C_Finalize looks like if the above is invoked with
 PKCS11SPY=/Library/OpenSC/lib/opensc-pkcs11.dylib:
 {{{
 . . . . .
 87: C_Sign
 2016-10-13 10:30:37.731
 [in] hSession = 0x7fdbb3004e00
 [in] pData[ulDataLen] 00007fdbb160be30 / 256
     00000000  19 C7 12 37 09 18 52 8A 8B B1 53 ED B7 B3 7D A6
 ...7..R...S...}.
     00000010  AC 2D CA 07 AF 57 26 14 6F 1C 45 93 B5 76 6F 7C
 .-...W&.o.E..vo|
     . . . . .
     000000F0  0B 4A 57 A9 32 86 BD 35 C9 76 EB C5 AD 81 80 BC
 .JW.2..5.v......
 [out] pSignature[*pulSignatureLen] 00007fdbb2801000 / 256
     00000000  74 08 82 C2 1A A6 46 ED BF 50 80 EB DB C9 49 8C
 t.....F..P....I.
     00000010  53 42 3A 01 ED A1 E4 E3 8C 7A F4 E7 C2 4D 08 13
 SB:......z...M..
     . . . . .
     000000F0  FF BD 28 CD E3 37 C8 8D 2C 78 FC C6 88 F3 71 9E
 ..(..7..,x....q.
 Returned:  0 CKR_OK

 88: C_CloseAllSessions
 2016-10-13 10:30:38.402
 [in] slotID = 0x0
 Returned:  224 CKR_TOKEN_NOT_PRESENT

 89: C_CloseAllSessions
 2016-10-13 10:30:38.403
 [in] slotID = 0x4
 Returned:  0 CKR_OK

 90: C_Finalize
 2016-10-13 10:30:38.403
 Returned:  0 CKR_OK
 $
 }}}


 If any logs would be of help, I'd be happy to provide.

-- 
Ticket URL: <https://trac.macports.org/ticket/52623>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system

More information about the macports-tickets mailing list