softhsm2 crashes in context of openssl 3 pkcs11 provider

[petrovr]

Command like this one

openssl pkeyutl -sign $provider -inkey "pkcs11:id=$key_id" -in $data -out $signature  -passin "pass:$userpin"

dumps core on exit.

Stack trace shows:

Core was generated by `.../bin/openssl pkeyutl -sign -inkey pkcs11:id=%0'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f549cdbd0ae in HandleManager::getSession(unsigned long) () from .../lib64/softhsm/libsofthsm2.so
(gdb) bt
#0  0x00007f549cdbd0ae in HandleManager::getSession(unsigned long) () from .../lib64/softhsm/libsofthsm2.so
#1  0x00007f549cd6b7cf in SoftHSM::C_CloseSession(unsigned long) () from .../lib64/softhsm/libsofthsm2.so
#2  0x00007f549cd51e44 in C_CloseSession () from .../lib64/softhsm/libsofthsm2.so
#3  0x00007f549d3ef442 in p11prov_CloseSession (ctx=0x33e17390, hSession=1) at .../pkcs11-provider-current/src/interface.gen.c:283
#4  0x00007f549d40515f in token_session_close (session=session@entry=0x33e42070) at .../pkcs11-provider-current/src/session.c:110
#5  0x00007f549d4052e0 in token_session_close (session=0x33e42070) at .../pkcs11-provider-current/src/session.c:358
#6  session_free (session=0x33e42070) at .../pkcs11-provider-current/src/session.c:382
#7  0x00007f549d405dbd in p11prov_session_pool_free (pool=0x33e41380) at .../pkcs11-provider-current/src/session.c:170
#8  0x00007f549d40bb04 in p11prov_free_slots (sctx=0x33e35d50) at .../pkcs11-provider-current/src/slot.c:354
#9  0x00007f549d402530 in p11prov_ctx_free (ctx=0x33e17390) at .../pkcs11-provider-current/src/provider.c:545
#10 0x00007f549d05d1b5 in ossl_provider_free (prov=0x33e15f70) at crypto/provider_core.c:720
#11 0x00007f549d183161 in OPENSSL_sk_pop_free (st=0x33df0af0, func=0x7f549d05d220 <provider_deactivate_free>) at crypto/stack/stack.c:439
#12 0x00007f549d05bc69 in sk_OSSL_PROVIDER_pop_free (freefunc=0x7f549d05d220 <provider_deactivate_free>, sk=<optimized out>) at crypto/provider_core.c:198
#13 ossl_provider_store_free (vstore=0x33df0a90) at crypto/provider_core.c:294
#14 0x00007f549d045e45 in context_deinit_objs (ctx=0x7f549d37e580 <default_context_int>) at crypto/context.c:271
#15 context_deinit (ctx=0x7f549d37e580 <default_context_int>) at crypto/context.c:355
#16 ossl_lib_ctx_default_deinit () at crypto/context.c:396
#17 0x00007f549d04a615 in OPENSSL_cleanup () at crypto/init.c:440
#18 0x00007f549ca5a1a6 in __run_exit_handlers () from /lib64/libc.so.6
#19 0x00007f549ca5a2ec in exit () from /lib64/libc.so.6
#20 0x000000000042c0dd in main (argc=<optimized out>, argv=<optimized out>) at apps/openssl.c:320

---

Question is how SoftHSMv2 manages "global" variables?

[petrovr]

On other side are PKIX-SSH X.509 tests pkcs11(1) and pkcs11_eng(2). No one of them crash. First one used softhsm2 module directly. Second one uses pkcs#11 engine with module.

Secure shell client in PKIX-SSH uses explicit shutdown of cryptographic library. As author I do not consider "at exist" as portable functionality.

Locks like issues related to destructors called "at exist".

---

Build is based on current branch with last commit: softhsm2-util: support import certificate.