Cygwin/ssh with opensc-pkcs11.dll: Segmentation fault #607
Comments
|
@pieterverberne where did you get the binaries from? |
|
opensc-0.15.0-win64.msi from I also tried some nightly builds from When I run depends on opensc-pkcs11.dll (OpenSC 0.15.0 release) I get these results: I'm not sure what to do with this. |
|
Expand the depends window more, to show all the Warning: messages in bottom frame. |
|
I'm seeing the same behavior. I've tried x86 and x64 version of 0.14 and 0.15 OpenSC for OpenSSH, but get a segmentation fault. Firefox did although work for me, after I installed x86 version. What does work: OpenSSH wants x64 version and will fail with segmentation fault. My missing libraries are(I'm on win8.1): My openSSH version is 7.1p1 Maybe this is an openssh issue. Does anyone have this working with windows? |
|
@vletoux do you have any idea? |
|
there is a lot of trick leading to dependencies not found. This message on itself is not a problem but it has to be correlated to first level dependencies. The best would be to collect a crashdump and know on which module (dll) the crash occured. |
|
I played a bit with Visual Studio and I think I got want you want. Please mail me (pieterverberne at xs4all nl). I will send the dump by mail. (To prevent leaking possible semi interesting data, I will not post it here. I'm just not 100% sure :-) ) |
|
Definitely a ssh problem and not an OpenSC one: Exception Code: 0xC0000005 |
|
If pkcs#11 modules from other vendors are working fine, it still could be that OpenSC returns some function pointer or memory which are to thought to be valid by ssh but which are actually bogus. Am 15. Dezember 2015 09:35:56 MEZ, schrieb vletoux notifications@github.com:
Frank Morgner |
|
"Unhandled exception at 0x0000000100441DDE (ssh.exe) in ssh.dmp: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF." The best would be to have the pdb associated to ssh.exe (compile it with visual studio) and find where the error is triggered. |
|
I cannot do more with only a dump file. |
|
that's quite a lot already, thanks! |
|
As a small update: This behavior seams to have not changed with the newest OpenSSH_7.1p2. |
|
the best would be to collect the .pdb file of OpenSSH which can be used for crashdump debugging. |
|
So I've contacted the Cygwin team and this is their response:
I guess that sums up what the next step is. Anyone have experience compiling for Cygwin?
This installed opensc to /usr/bin/* and /usr/lib/ . Sadly when I run "ssh -I /usr/lib/opensc-pkcs11.dll host" I still get a access_violation. |
|
Microsoft interestingly decided to start their own openssh port on Github. This was already planned and anounced here. They seam to be making progress. I grabbed their current build and tried it with opensc. It's a bit buggy, but pkcs11 works with their powershell :) Cygwin/bash does not quite work yet, but that bug has also been reported with powershell, so I'm hopefull this will be resolved for both. Since I've compiled opensc for cygwin and used it with cygwin/openssh to no avail, my guess is that openssh attempts to load opensc in some way Windows doesn't like. It's just as likely that there are some compile flags for cygwin/opensc that I didn't apply. I'll give the cygwin team an update and see what their thoughts are. |
|
Any updates on this? Just had the same issue with the OpenSSH bundled with Git Bash. I'm ready to do some tests if anyone needs log files or crash dumps. |
|
Small update: Long term it would be great if Microsoft re-implements pkcs11 support in their win32 version of OpenSSH, alternatively there is a functioning cygwin opensc package published. |
|
One reason for the segment fault is that the opensc and ssh-agent utils were built with different struct packing alignments, which means when the ssh-agent requests the list of module function pointers, they get returned misaligned. One way to avoid this is to build opensc under cygwin as a Unix app rather than a win app. To do that uncomment the line in opensc's configure.ac, around line 107, that starts "CPPFLAGS... CRYPTO ... FORCE WIN". Run bootstrap and configure, make, make install, with no args, I.e. don't specify host as win or cygwin. If you are using readline, you'll need to specify --disable-strict with ./configure. Remember to first install pkg-config, openssl-devel, zlib, autoconf, automake, libtool, make, gcc-g++, gcc-core etc. That should also install the cygwin ssh utils, which you'll need to use for this to work. |
|
configure.ac line 107 in current master is not a comment. It is in a block that that lets you specify So is the fix already in place? If not what effect would your change have on other programs that also use opensc-pkcs11.dll? |
|
Or should the user be using the |
|
Digging into it, there are two aspects to consider / resolve:
So, to build OpenSC for a pure Cygwin environment, that uses Cygwin's ssh utils out of the box, OpenSC needs to be built according to the Unix flavour build steps. However, there are a couple of points in the current configure.ac build script and pkcs11.h header that complicate this: Attached are the instructions for the steps required to get OpenSC working under Cygwin. |
|
Ps: in the install instructions mentioned above, the steps for installing sshpass can be ignored if you don't use it. I have a bunch of scripts that do. |
|
Thanks for the nice explanation. Note that pkcs11-v2.40/ pkcs11.h says: "The Cryptoki convention on packing is that structures should be 1-byte aligned." But then goes onto say: "In a UNIX environment, you're on your own for this. You might not need to do (or be able to do!) anything." And CK_VERSION is in: pkcs11-v2.40/pkcs11t.h Which as I understand your explanation, treat Cygwin as Unix and leave it up to the compiler? Since I don't use Cygwin, maybe some other developer who does will look at this. You are welcome to submit a PR. |
|
I've emailed the Cygwin team asking what they advise - I'll post an update here. Seems like the configure.ac should check whether it's using gcc or MingW, or similar. These aspects are beyond my knowledge :) |
|
Looking at the OpenSSH_7.1p2 as cited above, the pkcs11.h is based on an earlier OpenSC version and has the same So OpenSSH must not be using either _WIN32 or CRYPTOKI_FORCE_WIN32 but leaving packing and alignment up to the compiler. Are there any cygwin packages that use pkcs11 that do alignment differently? |
|
@alonbl can you shed some light on this issue. From an e-mail Re: [opensc-devel] PKCS#11 header license - replacement headers" 12/8/2006, Alon Bar-Lev to opensc-devel@lists.opensc-projects.org, Alon said: "2. Added CRYPTOKI_FORCE_WIN32, so that you can force the file OpenSSH picked up the opensc version of pkcs11.h in the OpenSSH commit d8f60022 on 2010-2-12. OpenSC configure.ac containing the |
|
I've just done a quick search of the openssh source that Cygwin uses, while it has the v1.3 pkcs11.h from 2013, with the _win32 and cryptoki_force_win32 packing conditionals, none of the configure files reference these variables. So it looks like the binaries that Cygwin ship are built without these options enabled - given they probably auto build. |
|
As far as I remember, at that time there was no stable cross compiler for windows on windows. the mingw project was on halt and the options were to build native windows binaries were the mingw or cygwin. This flag was added to build native windows binary on cygwin compiler which at that time was better maintained. Today we have the mingw-w32 project which is maintained and can be used for this purpose. I believe that the opensc maintainers decided to build windows binaries using microsoft compiler and not use cross compile and automation on linux. So the above is irrelevant anyway. Unless application is designed to load native PKCS#11 providers on cygwin, it is expected to build cygwin binaries and use the shared library as the PKCS#11 provider and not the windows native dll. Looking at the openssh code, it seems like it uses dlopen/dlsym to load the library so it must use the cygwin build of opensc. It could have checked for cygwin environment and perform LoadLibrary/GetProcAddress, but then it was limited for only native providers. It had been long time since I last checked the cygwin wrapping, especially the 64bit, maybe something has changed. |
|
Hi. Hans-Bernard from Cygwin has responded to the advice request in the cygwin at cygwin dot com mailing list - search on "advice cygwin opensc". There he recommends removing the native section entirely as it has not been applicable for a number of years. |
|
On Thu, Sep 6, 2018 at 8:53 AM Darren ***@***.***> wrote:
Hi. Hans-Bernard from Cygwin has responded to the advice request in the
cygwin at cygwin dot com mailing list - search on "advice cygwin opensc".
There he recommends removing the native section entirely as it has not been
applicable for a number of years.
Correct, as I wrote, the mingw-w64 project is providing a great service for
the last years.
|
|
@dwhobrey thanks for shining light into this issue. Feel free to add InstallingOpenScOnCygwin.txt to the OpenSC wiki and to make a pull request for the obsolete code in From a cygwin user's perspective it would be great to have a OpenSC package within standard package management. However, I'm not sure if it is really needed with Windows 10 integrating OpenSSH and some PKCS#11 variants of PuTTY available... |
|
Hi Frank, we have a bunch of bash scripts that we normally use on Linux platforms. Being able to run them "out of the box" on Windows via Cygwin, is very convenient. Using PuTTY-CAC for example, requires a very different approach. |
|
Updated Wiki with instructions - added page "Compiling on Cygwin". |
Dear all,
Is this a know issue?
$ ssh -I /cygdrive/c/Windows/System32/opensc-pkcs11.dll host.com
Segmentation fault (core dumped)
Also:
$ ssh -I /cygdrive/c/Program\ Files/OpenSC\ Project/PKCS11-Spy/pkcs11-spy.dll host.com
*************** OpenSC PKCS#11 spy *****************
Loaded: "C:\WINDOWS\system32\opensc-pkcs11.dll"
0: C_GetFunctionList
2015-11-13 11:00:22.413
Returned: 0 CKR_OK
Segmentation fault (core dumped)
I'm running Microsoft Windows 7 Professional 64bit, OpenSC 0.15.0 (0.14.0 has the same problem).
Also opensc-pkcs11.dll is not working with Mozilla Firefox. On Linux Debian it is working.
My debugging skills are limited, but I found this on a strace:
--- Process 6148, exception c0000005 at 0000000100441DDE
99 6183880 [main] ssh 6836 build_env: envp 0x180330518, envc 66
43 6183923 [main] ssh 6836 child_info::child_info: subproc_ready 0x240
3180 6183946 [main] ssh 6148 exception::handle: In cygwin_except_handler exception 0xC0000005 at 0x100441DDE sp 0x229F80
46 6183992 [main] ssh 6148 exception::handle: In cygwin_except_handler signal 11 at 0x100441DDE
46 6184038 [main] ssh 6148 _cygtls::inside_kernel: pc 0x100441DDE, h 0x100400000, inside_kernel 0
0xC0000005 is also know as STATUS_ACCESS_VIOLATION.
Gr,
Pieter Verberne
The text was updated successfully, but these errors were encountered: