#52623: Fails to properly complete operation and disconnect on Sierra --------------------+-------------------------------- Reporter: uri@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Keywords: | Port: p11-kit --------------------+-------------------------------- The symptoms are described here: [https://github.com/OpenSC/libp11/issues/123] The following command hangs up when PKCS11_MODULE_PATH=/opt/local/lib/p11 -kit-proxy.dylib: {{{ $ openssl dgst -engine pkcs11 -keyform engine -sign "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out t256.dat.sig t256.dat engine "pkcs11" set. PKCS#11 token PIN: ^C [have to kill this hanging process] $ openssl dgst -engine pkcs11 -keyform engine -verify "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature t256.dat.sig t256.dat engine "pkcs11" set. Verified OK $ }}} The signature file t256.dat.sig is created, and can be verified (as shown above). But signing command does not exit, and has to be killed manually. If PKCS11_MODULE_PATH is set to, e.g., /Library/OpenSC/lib/opensc- pkcs11.dylib, it completes and exits correctly. Running with PKCS11_MODULE_PATH=/Library/OpenSC/lib/pkcs11-spy.dylib and PKCS11SPY=/opt/local/lib/p11-kit-proxy.dylib shows that everything seems to run fine, up until the very last step C_Finalize where it does not return: {{{ . . . . . 98: C_Sign 2016-10-15 22:20:29.843 [in] hSession = 0x11 [in] pData[ulDataLen] 00007f99c7703cd0 / 256 00000000 0B 10 33 11 4B 5D 72 30 6C A5 6C 94 4E B6 6C 4A ..3.K]r0l.l.N.lJ 00000010 B3 FE A4 47 6A B4 01 64 01 9F C5 B7 7A 8F 62 10 ...Gj..d....z.b. . . . . . 000000F0 CA 30 0A D2 70 CC 25 36 AB DE C9 B4 CF 35 46 BC .0..p.%6.....5F. [out] pSignature[*pulSignatureLen] 00007f99c8002400 / 256 00000000 6C D9 35 4C AC 1F 91 55 CB 89 5A FC 26 AB 83 0F l.5L...U..Z.&... 00000010 F6 21 37 74 FE 4E 72 55 B7 00 B0 BF D7 84 F3 81 .!7t.NrU........ . . . . . 000000F0 76 E0 1D AF CC EF 32 80 AD E0 5C 38 B2 3E 67 33 v.....2...\8.>g3 Returned: 0 CKR_OK 99: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x10 Returned: 0 CKR_OK 100: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x11 Returned: 0 CKR_OK 101: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x12 Returned: 0 CKR_OK 102: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x13 Returned: 0 CKR_OK 103: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x14 Returned: 0 CKR_OK 104: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x15 Returned: 0 CKR_OK 105: C_CloseAllSessions 2016-10-15 22:20:30.517 [in] slotID = 0x16 Returned: 0 CKR_OK 106: C_Finalize 2016-10-15 22:20:30.517 ^C $ }}} It appears to be seeing and trying to work with many more token slots than I seem to have/use. Here's what C_Finalize looks like if the above is invoked with PKCS11SPY=/Library/OpenSC/lib/opensc-pkcs11.dylib: {{{ . . . . . 87: C_Sign 2016-10-13 10:30:37.731 [in] hSession = 0x7fdbb3004e00 [in] pData[ulDataLen] 00007fdbb160be30 / 256 00000000 19 C7 12 37 09 18 52 8A 8B B1 53 ED B7 B3 7D A6 ...7..R...S...}. 00000010 AC 2D CA 07 AF 57 26 14 6F 1C 45 93 B5 76 6F 7C .-...W&.o.E..vo| . . . . . 000000F0 0B 4A 57 A9 32 86 BD 35 C9 76 EB C5 AD 81 80 BC .JW.2..5.v...... [out] pSignature[*pulSignatureLen] 00007fdbb2801000 / 256 00000000 74 08 82 C2 1A A6 46 ED BF 50 80 EB DB C9 49 8C t.....F..P....I. 00000010 53 42 3A 01 ED A1 E4 E3 8C 7A F4 E7 C2 4D 08 13 SB:......z...M.. . . . . . 000000F0 FF BD 28 CD E3 37 C8 8D 2C 78 FC C6 88 F3 71 9E ..(..7..,x....q. Returned: 0 CKR_OK 88: C_CloseAllSessions 2016-10-13 10:30:38.402 [in] slotID = 0x0 Returned: 224 CKR_TOKEN_NOT_PRESENT 89: C_CloseAllSessions 2016-10-13 10:30:38.403 [in] slotID = 0x4 Returned: 0 CKR_OK 90: C_Finalize 2016-10-13 10:30:38.403 Returned: 0 CKR_OK $ }}} If any logs would be of help, I'd be happy to provide. -- Ticket URL: <https://trac.macports.org/ticket/52623> MacPorts <https://www.macports.org/> Ports system for the Mac operating system