EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#11 TElPkcs11CertStorage freeing problems (freezing app)

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#23330
Posted: 02/01/2013 06:34:29
by Jan Białokozowicz (Standard support level)
Joined: 08/20/2012
Posts: 8

Hello, i have two following problems (those can be connected).

I am trying to do something like this using (Delphi) TElPKCS11CertStorage.
1. Creating and opening storage
2. Doing some stuff.
3. Closing and freeing storage.

But..


if not Assigned(Storage) then
begin
Storage := TElPKCS11CertStorage.Create(Self);
try
Storage.DLLName := edDLL.Text;
Storage.Open;

//do some stuff..

finally
Storage.Close;
Storage.Free; // but after this Free, storage is not nil
end;
end;

As i understand i can use FreeAndNil and i will have nil.
But my concern is about that how is that possible that this object is not freed here ?


My second problem is following:

Sometimes after sigining multiple documents (xml) my application locks when freeing TElPKCS11CertStorage object.
Its kinda infinite freeze, requires killing process.

When i tried to debug this i found that it "waits" to infinite in

procedure TElPKCS11CertStorage.CloseAllSessions(SlotInfo : TElPKCS11SlotInfo);
var
i: integer;
SessionInfo: TElPKCS11SessionInfo;
begin
i := 0;
FSharedResource.WaitToWrite; //here

I found one way to reproduce this:
If you, by mistake try to sign document with CA certificate (not end-entity) (And both certificates are stored on smartcard) this will
block here.

But it's also sometimes happen with good certificate.
It's hard to reproduce, it's kinda occasional.
From our observations this happens mostly when smartcard reader is not active for long time.
And then when its used its signing documents correctly and then its freezes (Iam not sure if its in the same place CloseAllSessions,
cause i didn't debugged this, but symptoms are the same).

Am i something missing ? Do i need something do to fully free storage without freezing :-) ?
#23331
Posted: 02/01/2013 06:49:52
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Quote
As i understand i can use FreeAndNil and i will have nil.
But my concern is about that how is that possible that this object is not freed here ?

Free method doesn't assign nil to a variable. FreeAndNil calls Free and then assigns nil.

Quote
Sometimes after sigining multiple documents (xml) my application locks when freeing TElPKCS11CertStorage object.
Its kinda infinite freeze, requires killing process.

Could you post a sample project that we can use to reproduce the problem. You can post it via Helpdesk: https://www.eldos.com/helpdesk/index.php
#23332
Posted: 02/01/2013 06:58:01
by Eugene Mayevski (EldoS Corp.)

Quote
Jan Białokozowicz wrote:
I found one way to reproduce this: If you, by mistake try to sign document with CA certificate (not end-entity) (And both certificates are stored on smartcard) this will block here.


Does this happen all the time? I.e. probably shared resource is not freed on exception. We will investigate this. Some sample that illustrates the problem is very welcome.


Sincerely yours
Eugene Mayevski
#23333
Posted: 02/01/2013 07:02:48
by Eugene Mayevski (EldoS Corp.)

Also please check that you don't call Storage.Free followed by FreeAndNil(Storage). Such double-free operation will cause not only deadlock, but also memory corruption and other unpleasant effect.


Sincerely yours
Eugene Mayevski
#23334
Posted: 02/01/2013 07:57:49
by Jan Białokozowicz (Standard support level)
Joined: 08/20/2012
Posts: 8

Quote
Eugene Mayevski wrote:
Quote
Jan Białokozowicz wrote:
I found one way to reproduce this: If you, by mistake try to sign document with CA certificate (not end-entity) (And both certificates are stored on smartcard) this will block here.


Does this happen all the time? I.e. probably shared resource is not freed on exception. We will investigate this. Some sample that illustrates the problem is very welcome.


So this locking can be caused by exceptions ? Good to know, maybe i will find what causing the problem.

This is somekind of strange - because when i try to sign with CA certificate i should get error (and i get in small sample project) - error because i don't have private key of my CA.
#23335
Posted: 02/01/2013 08:24:59
by Eugene Mayevski (EldoS Corp.)

Quote
Jan Białokozowicz wrote:
So this locking can be caused by exceptions ?


It should not. We just need to understand (or try to guess) what's happening. So far the guesses are a double-free of the object and incorrect handling of the exception in our code that leads the object to be locked. If you provide a test code, we'll be able to give some more specific conclusion.

However, locking can happen only when you access the storage(s) from multiple threads. Is it so? If you make all calls from the same threads, what OS are you using?


Sincerely yours
Eugene Mayevski
#23337
Posted: 02/04/2013 01:23:14
by Jan Białokozowicz (Standard support level)
Joined: 08/20/2012
Posts: 8

I am using Windows 7, and i do all signing and token managment stuff in main gui thread.
#23338
Posted: 02/04/2013 01:31:14
by Eugene Mayevski (EldoS Corp.)

Thank you. This excludes my assumption regarding multithreading and locking - the only possible reason is double-free'ing the object. Please re-check your code to ensure that there's no double-free'ing and no memory corruption.


Sincerely yours
Eugene Mayevski
#23342
Posted: 02/04/2013 06:41:57
by Jan Białokozowicz (Standard support level)
Joined: 08/20/2012
Posts: 8

Quote
Eugene Mayevski wrote:
Thank you. This excludes my assumption regarding multithreading and locking - the only possible reason is double-free'ing the object. Please re-check your code to ensure that there's no double-free'ing and no memory corruption.


I was freeing and closing TElPKCS11SessionInfo objects before freeing storage objects. I had to:

1. Creating TElPKCS11CertStorage.

2. Open session #1 to find slot with certificates.
3. Save slot number for later use.
4. Close session #1 (and i was doing this with "Close" and "Free").

5. Opening session #2 on slot found before.
6. Loging to session.
7. All signing operations...
8. Close session #2 (and i was doing this with "Close" and "Free").

9. Freeing TElPKCS11CertStorage.

On last step there was a problem of working with bad pointers of session #1 and #2.
Session list had those bad values and tried to use them. And it caused to AV but somehow is was not shown.

I Changed it to use
TElPKCS11CertStorage.CloseSession() in step 4. and

not closing explictly in step 8. - but to allow TElPKCS11CertStorage.Free to do this job.

I don't know if that was cause of the freezing problem.

Greetings and thanks for help :).
#23343
Posted: 02/04/2013 06:56:21
by Eugene Mayevski (EldoS Corp.)

Hmm, what made you think that you need to free session objects? Sessions are managed by the storage, you should not create or destroy session objects.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2305 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!