#137 Error using two threads

open
5
2015-02-11
2010-07-14
No

Calling the following command (openssl dgst -sha -sign /var/lib/tpm/keys/identity.key -out /dev/null -keyform ENGINE -engine tpm sigdata
) from two threads parallel I get the following error (tpm engine:TPM_RSA_PRIV_ENC:request failed:e_tpm.c:1120:). Using three threads the error does not
occure. We are using openssl 0.9.8 trousers 0.3.1-7 and tpm-engine 0.4.1+2007

You can use the attached testscripts calling: ./runSequenceParallel.sh "openssl dgst -sha256 -sign /var/lib/tpm/identity.key -out signeddata -keyform ENGINE -engine tpm sigdata" 100 2

Discussion

  • Achim Kanert

    Achim Kanert - 2010-07-14

    Testskcripts

     
  • Achim Kanert

    Achim Kanert - 2010-07-14

    I also tested it with trousers 0.3.6. The error still occurs. I attached the debuglog from tcsd.

     
  • Achim Kanert

    Achim Kanert - 2010-07-14

    TCSD_Debuglog

     
  • Achim Kanert

    Achim Kanert - 2010-07-30

    I found out that there is a problem in the key management.
    When exactly two threads are running it can occur that thread 2 calls isKeyloaded which returns true, before thread 2 can inc. the ref. count of the key, thread 1 is scheduled and dec. the ref and the key is cleared. Afterwards thread 1 tries to use an unloaded key. When the thread count is higher than two it seems the always one thread uses the key so it is not cleared.
    Inserting a short usleep(10000) in the function key_mgr_ref_count() in tcs_key_mem_cache.c solved the problem. But I does not feel happy with this solution. Using two different keys also showed no problems in the unpatched version because the threads does not clear the key used by the second thread.

     
  • dtoubelis

    dtoubelis - 2015-02-11

    OpenSSL library is MT-safe only conditionally. You need to do these extra steps to make it work https://www.openssl.org/docs/crypto/threads.html. I think that this may be related to your problem.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks