<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: smCom recv() sometimes fails with errno 4 and e4sss engine hangs in Secure Authentication</title>
    <link>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1740980#M1392</link>
    <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/224405"&gt;@szymon-kobylecki&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;As far as I know, the openssl config file should be&amp;nbsp;openssl11_sss_se050.cnf when you are using openssl 1.1.1l, and the MW version is not the latest, please kindly refer to&amp;nbsp;&lt;A href="https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&amp;amp;appType=license" target="_blank" rel="noopener"&gt;https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&amp;amp;appType=license&lt;/A&gt;&amp;nbsp;for details.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Please also update the cmake option of&amp;nbsp; PTMW_Applet according to the following :&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kan_Li_0-1697524120668.png" style="width: 758px;"&gt;&lt;img src="https://community.nxp.com/t5/image/serverpage/image-id/245440i1D3BB6EEB96E833A/image-dimensions/758x237?v=v2" width="758" height="237" role="button" title="Kan_Li_0-1697524120668.png" alt="Kan_Li_0-1697524120668.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;Hope that helps,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Have a great day,&lt;BR /&gt;Kan&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;-------------------------------------------------------------------------------&lt;BR /&gt;Note:&lt;BR /&gt;- If this post answers your question, please click the "Mark Correct" button. Thank you!&lt;BR /&gt;- We are following threads for 7 weeks after the last post, later replies are ignored&lt;BR /&gt;Please open a new thread and refer to the closed one, if you have a related question at a later point in time.&lt;BR /&gt;-------------------------------------------------------------------------------&lt;/P&gt;</description>
    <pubDate>Tue, 17 Oct 2023 06:29:41 GMT</pubDate>
    <dc:creator>Kan_Li</dc:creator>
    <dc:date>2023-10-17T06:29:41Z</dc:date>
    <item>
      <title>smCom recv() sometimes fails with errno 4 and e4sss engine hangs</title>
      <link>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1740421#M1388</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Environment:&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;Host:&amp;nbsp;Linux 5.4.199 aarch64&lt;/P&gt;&lt;P&gt;Secure element: SE050F2 (OEM ID: A9 2A)&lt;/P&gt;&lt;P&gt;Middleware: 04.01.01, built with the following flags:&lt;/P&gt;&lt;LI-CODE lang="c"&gt;-DPTMW_Log=Verbose
-DPTMW_SE05X_Auth=None \
-DPTMW_SCP=None \
-DPTMW_SMCOM=JRCP_V1_AM
-DWithAccessMgr_UnixSocket:BOOL=ON \
-DPTMW_Host=Raspbian \
-DPTMW_Applet=SE05X_A \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_TOOLCHAIN_FILE=../scripts/armgcc_force_cpp.cmake \
-DPTMW_HostCrypto=OPENSSL&lt;/LI-CODE&gt;&lt;P&gt;-&amp;nbsp;OpenSSL: 1.1.1l&lt;/P&gt;&lt;P&gt;&lt;FONT size="2"&gt;&lt;EM&gt;OpenSSL config attached (openssl-sss-se050.cnf, put in /etc/)&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;- HaProxy: 2.4.* (I'm using 2.4.22 but reproduced on recent 2.4.24 too)&lt;/P&gt;&lt;P&gt;&lt;FONT size="2"&gt;&lt;EM&gt;HaProxy config attached (haproxy_dynamic.conf, put in /tmp/)&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT size="3"&gt;Prerequisites:&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;- EC&amp;nbsp;secp384r1 key generated, stored in secure element and exported to /tmp/private_key&lt;/P&gt;&lt;P&gt;- Some HTTP server running on *:37777&lt;/P&gt;&lt;P&gt;&lt;FONT size="2"&gt;&lt;EM&gt;Basic Boost ASIO server attached (server.zip)&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Steps to reproduce:&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;- Generate a certificate for HaProxy:&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;export OPENSSL_CONF=/etc/openssl-sss-se050.cnf
openssl req -new -key /tmp/private_key -out /tmp/servercert.csr -subj "/CN="
openssl x509 -req -days 365 -in /tmp/servercert.csr -signkey /tmp/private_key -out /tmp/servercert.crt
cat /tmp/private_key /tmp/servercert.crt &amp;gt; /tmp/servercert.pem&lt;/LI-CODE&gt;&lt;P&gt;- Run HaProxy:&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;./haproxy -f /tmp/haproxy_dynamic.conf&lt;/LI-CODE&gt;&lt;P&gt;- Run script from another host to spam TLS handshake:&lt;/P&gt;&lt;P&gt;&lt;FONT size="2"&gt;&lt;EM&gt;Script attached (spam_tls.py)&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;python spam_tls.py &amp;lt;IP_address&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;- After some time (1-10 minutes), the following log can be seen in HaProxy process:&lt;/P&gt;&lt;P&gt;&lt;FONT size="2"&gt;&lt;EM&gt;I've modified the middleware source code to also show errno, so we can see the first recv errno is 4 (EINTR Interrupted system call)&lt;/EM&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;LI-CODE lang="c"&gt;ssse-flw: EmbSe_Simple_Compute_Key invoked (ecdh)
ssse-dbg: ** nid = 715 **
ssse-flw: EmbSe_Simple_Compute_Key invoked (ecdh)
ssse-dbg: ** nid = 715 **
ssse-flw: No matching key in SE. Invoking OpenSSL API: ECDH_compute_key.
ssse-flw: No matching key in SE. Invoking OpenSSL API: ECDH_compute_key.
smCom :WARN :Client: recv() failed: error -1--4
smCom :WARN :nxEnsure:'0' failed. At Line:323 Function:smComSocket_TransceiveRawFD
sss   :WARN :nxEnsure:'retStatus == SM_OK' failed. At Line:6987 Function:sss_se05x_channel_txn
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6884 Function:sss_se05x_TXn
sss   :ERROR:Error in Se05x_API_CheckObjectExists
ssse-err: sss_key_object_get_handle for keyPair failed&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;- From now on, each request will generate the following error:&lt;/P&gt;&lt;P&gt;&lt;EM&gt;&lt;FONT size="2"&gt;Each recv() call yields errno 11 (EAGAIN Try again)&lt;/FONT&gt;&lt;/EM&gt;&lt;/P&gt;&lt;LI-CODE lang="c"&gt;ssse-flw: ECDH_compute_key by OpenSSL PASS
ssse-dbg: Using keyId=0x00000001
ssse-dbg: shaAlgo: 772
ssse-flw: SSS based sign (keyId=0x00000001, dgstLen=48)

APDU  :DEBUG:CheckObjectExists []
APDU  :DEBUG:kSE05x_TAG_1 [object id] = 0x1
smCom :DEBUG:Cmd (Len=11)
      80 04 00 27    06 41 04 00    00 00 01 
smCom :WARN :Client: recv() failed: error -1--11
smCom :WARN :nxEnsure:'0' failed. At Line:323 Function:smComSocket_TransceiveRawFD
sss   :WARN :nxEnsure:'retStatus == SM_OK' failed. At Line:6987 Function:sss_se05x_channel_txn
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6884 Function:sss_se05x_TXn
sss   :ERROR:Error in Se05x_API_CheckObjectExists&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 16 Oct 2023 12:00:54 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1740421#M1388</guid>
      <dc:creator>szymon-kobylecki</dc:creator>
      <dc:date>2023-10-16T12:00:54Z</dc:date>
    </item>
    <item>
      <title>Re: smCom recv() sometimes fails with errno 4 and e4sss engine hangs</title>
      <link>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1740980#M1392</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/224405"&gt;@szymon-kobylecki&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;As far as I know, the openssl config file should be&amp;nbsp;openssl11_sss_se050.cnf when you are using openssl 1.1.1l, and the MW version is not the latest, please kindly refer to&amp;nbsp;&lt;A href="https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&amp;amp;appType=license" target="_blank" rel="noopener"&gt;https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&amp;amp;appType=license&lt;/A&gt;&amp;nbsp;for details.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Please also update the cmake option of&amp;nbsp; PTMW_Applet according to the following :&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kan_Li_0-1697524120668.png" style="width: 758px;"&gt;&lt;img src="https://community.nxp.com/t5/image/serverpage/image-id/245440i1D3BB6EEB96E833A/image-dimensions/758x237?v=v2" width="758" height="237" role="button" title="Kan_Li_0-1697524120668.png" alt="Kan_Li_0-1697524120668.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;Hope that helps,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Have a great day,&lt;BR /&gt;Kan&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;-------------------------------------------------------------------------------&lt;BR /&gt;Note:&lt;BR /&gt;- If this post answers your question, please click the "Mark Correct" button. Thank you!&lt;BR /&gt;- We are following threads for 7 weeks after the last post, later replies are ignored&lt;BR /&gt;Please open a new thread and refer to the closed one, if you have a related question at a later point in time.&lt;BR /&gt;-------------------------------------------------------------------------------&lt;/P&gt;</description>
      <pubDate>Tue, 17 Oct 2023 06:29:41 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1740980#M1392</guid>
      <dc:creator>Kan_Li</dc:creator>
      <dc:date>2023-10-17T06:29:41Z</dc:date>
    </item>
    <item>
      <title>Re: smCom recv() sometimes fails with errno 4 and e4sss engine hangs</title>
      <link>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1741062#M1394</link>
      <description>&lt;P&gt;Hi I've tried your suggestions, unfortunately the issue is still there. Is there anything I can do to debug this issue more easily?&lt;/P&gt;</description>
      <pubDate>Tue, 17 Oct 2023 07:37:17 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1741062#M1394</guid>
      <dc:creator>szymon-kobylecki</dc:creator>
      <dc:date>2023-10-17T07:37:17Z</dc:date>
    </item>
    <item>
      <title>Re: smCom recv() sometimes fails with errno 4 and e4sss engine hangs</title>
      <link>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1741342#M1396</link>
      <description>&lt;P&gt;I found the issue. HaProxy has a watchdog mechanism which emits a SIGALRM after some time and if that happens during a blocking read in the TPM engine, the syscall fails with EINTR and the engine closes the access manager fd, which causes all future IO ops to fail.&lt;/P&gt;&lt;P&gt;I've edited smComSocket_TransceiveRawFD&amp;nbsp;to retry on EINTR and that indeed solved the issue.&lt;/P&gt;&lt;P&gt;I think that should be fixed in the middleware? It shouldn't assume the program which links to the middleware doesn't use signals? Let me know if you plan an official patch for this.&lt;/P&gt;</description>
      <pubDate>Tue, 17 Oct 2023 13:23:09 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Secure-Authentication/smCom-recv-sometimes-fails-with-errno-4-and-e4sss-engine-hangs/m-p/1741342#M1396</guid>
      <dc:creator>szymon-kobylecki</dc:creator>
      <dc:date>2023-10-17T13:23:09Z</dc:date>
    </item>
  </channel>
</rss>

