- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Re: CST HSM - Segmentation fault (core dumped)
CST HSM - Segmentation fault (core dumped)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have implemented solution to sign the u-boot and zImage with CST tool. Now I would like to implement CST tool to work with HSM module. I already have PKI tree generated on the HSM. I created the CST tool with back_end-hsm, create hsm.cfg file with path to the certificate and run CST tool. After a moment I get error Segmentation fault (core dumped). With cst tool located in /linux64/bin/cst there is no problem to sign the image, but with back_end-hsm I get segmentation fault. (CST 3.1.0 and also with CST 3.2.0)
EDIT:
I am using module libsc-hsm-pkcs11.so, error is on the line 589 (ENGINE_ctrl_cmd_string (eng, "MODULE_PATH", hsm_conf.module_path, 0);)
Thank you for any idea.
Best regards
Tomas Klein
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solve the problem by moving the Engine constructor (ENGINE *engine_hsm (void); - e_hsm.c, line: 124), from C file to to e_hsm.h (files path: cst-3.1.0/release/code/back_end-hsm/src)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The solution is correct by there are some details missing. The function that is referenced in the newly created header file "engine_hsm" is referenced in backend.c. Since backend.c does not see the definition, it assumes that it is a function that returns an int. So it truncates 32 bits off of the pointer and assigns it to the return of engine_hsm. When it passes that value to the next libcrypto call, it will fail since the pointer has been corrupted.
If you put a reference to the newly created header file in backend.c so that it sees a proper prototype, it will no longer truncate the pointer and when it is passed to the next libcrypto function, it will succed.
The original developer of backend-hsm must have test this with a 32bit compiler.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solve the problem by moving the Engine constructor (ENGINE *engine_hsm (void); - e_hsm.c, line: 124), from C file to to e_hsm.h (files path: cst-3.1.0/release/code/back_end-hsm/src)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did the same. But this doesn't work.
Does it have anything to do with version of openssl ? I am using the openssl 1.1.1 with Ubuntu18.04
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In our case, we also using openssl version 1.1.1, cst 3.1.0 and library to comunicate with HSM (GitHub - CardContact/sc-hsm-embedded: PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and S... )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do u have any steps u had already followed. ?
This is the error i got after using cst-hsm compilation
cst[20371]: segfault at ffffffff8cdac980 ip 00007fa5b8c56fbc sp 00007ffc19f0f320 error 5 in libcrypto.so.1.1[7fa5b8b04000+29b000]
this is the configuration I am using. Even i tried static compilation of those.
ldd /usr/bin/openssl
linux-vdso.so.1 (0x00007ffe39bd5000)
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fdeefe05000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fdeef93a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fdeef71b000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdeef32a000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdeef126000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdef0345000)
I solve the problem by moving the Engine constructor (ENGINE *engine_hsm (void); - e_hsm.c, line: 124), from C file to to e_hsm.h (files path: cst-3.1.0/release/code/back_end-hsm/src)
Where exactly you moved the line ?
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Would You please provide more details how Your CST has been build;
what toolchain and OS were used?
Regards,
Yuri.
