[gnutls-devel] GnuTLS | Uninitialized lock when using pkcs11 private key for signing (#1060)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Aug 7 00:11:37 CEST 2020 


Stefan Berger created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1060



I am running into a locking issue when building my `swtpm` with the gnutls version in Rawhide. It's a single-threaded app that seems to run into an uninitialized lock that it doesn't get out of. Here's the backtrace:
```
(gdb) thread apply all bt

Thread 1 (Thread 0x7fe6d4f54940 (LWP 214219)):
#0  0x00007fe6d46e0ea0 in __lll_lock_wait () from /lib64/libpthread.so.0
#1  0x00007fe6d46d9763 in pthread_mutex_lock () from /lib64/libpthread.so.0
#2  0x00007fe6d55a2f7e in gnutls_system_mutex_lock (priv=<optimized out>) at system/threads.c:119
#3  0x00007fe6d55dc674 in _gnutls_pkcs11_privkey_sign (key=0x1d62b80, se=<optimized out>, hash=0x7ffc17f0c040, signature=0x7ffc17f0c0c0, spki_params=0x7ffc17f0c100) at pkcs11_privkey.c:368
#4  0x00007fe6d55b054e in privkey_sign_and_hash_data (signer=0x1d62b10, se=0x7fe6d5709f80 <sign_algorithms>, data=<optimized out>, signature=0x7ffc17f0c0c0, params=0x7ffc17f0c100) at privkey.c:1296
#5  0x00007fe6d561d215 in _gnutls_x509_pkix_sign (src=0x1e065d0, src_name=src_name at entry=0x7fe6d569c78c "tbsCertificate", dig=GNUTLS_DIG_SHA256, flags=flags at entry=0, issuer=issuer at entry=0x1e02fd0, issuer_key=issuer_key at entry=0x1d62b10) at sign.c:183
#6  0x00007fe6d562bfa4 in gnutls_x509_crt_privkey_sign (crt=0x1e032b0, issuer=0x1e02fd0, issuer_key=0x1d62b10, dig=<optimized out>, flags=0) at x509_write.c:1831
#7  0x0000000000403f25 in main (argc=<optimized out>, argv=<optimized out>) at ek-cert.c:1661
(gdb)

# rpm -q -a | grep gnutls
gnutls-3.6.14-2.fc33.x86_64
gnutls-dane-3.6.14-2.fc33.x86_64
gnutls-c++-3.6.14-2.fc33.x86_64
gnutls-devel-3.6.14-2.fc33.x86_64
gnutls-utils-3.6.14-2.fc33.x86_64
gnutls-debugsource-3.6.14-2.fc33.x86_64
gnutls-debuginfo-3.6.14-2.fc33.x86_64
```

The program I am using is this one here: 

https://github.com/stefanberger/swtpm/blob/stable-0.3.0/src/swtpm_cert/ek-cert.c#L1662

Cheers!

   Stefan

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1060
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200806/d8c3abd7/attachment.html>

More information about the Gnutls-devel mailing list