Ubuntu
pam-pkcs11 package

Segault while checking pkcs11 card signature

Bug #2004648 reported by Olivier Martin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam-pkcs11 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Here are some traces:

```
P:1449015; T:0x140679159284416 13:52:27.127 [opensc-pkcs11] sec.c:59:sc_compute_signature: called
P:1449015; T:0x140679159284416 13:52:27.127 [opensc-pkcs11] card-piv.c:2409:piv_compute_signature: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card-piv.c:2322:piv_validate_general_authentication: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card-piv.c:502:piv_general_io: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card.c:473:sc_lock: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] apdu.c:548:sc_transmit_apdu: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card.c:473:sc_lock: called
P:1449015; T:0x140679159284416 13:52:27.128 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:87, P1:11, P2:9A, data(38) 0x7ffcc4478280
P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] reader-pcsc.c:323:pcsc_transmit: reader 'MyReader 00 00'
P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit:
Outgoing APDU (44 bytes):
00 87 11 9A 26 7C 24 82 00 81 20 40 DD 29 19 4B ....&|$... @.).K
DE D5 92 6D ED 8B AC EA EC 76 79 7C 30 4F 74 2E ...m.....vy|0Ot.
AE 0A 95 38 D2 7F 90 95 77 1F BF 00 ...8....w...

P:1449015; T:0x140679159284416 13:52:27.129 [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called
P:1449015; T:0x140679159284416 13:52:27.220 [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit:
Incoming APDU (77 bytes):
7C 49 82 47 30 45 02 20 16 31 BE 5A B7 0C 50 4D |I.G0E. .1.Z..PM
96 FD 21 01 C2 13 6B B9 12 91 D3 9E EA 2D B9 4D ..!...k......-.M
63 2D 38 1E 7A 8D A9 60 02 21 00 F8 D2 7E BF 9D c-8.z..`.!...~..
9D B5 1A D6 46 3C 51 00 BF 12 C2 3E 0D C1 4E 54 ....F<Q....>..NT
63 AD 41 5D 06 95 02 F2 59 6E EB 90 00 c.A]....Yn...

P:1449015; T:0x140679159284416 13:52:27.221 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.221 [opensc-pkcs11] apdu.c:537:sc_transmit: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.221 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1449015; T:0x140679159284416 13:52:27.221 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1449015; T:0x140679159284416 13:52:27.221 [opensc-pkcs11] card-piv.c:544:piv_general_io: returning with: 75
P:1449015; T:0x140679159284416 13:52:27.222 [opensc-pkcs11] card-piv.c:2390:piv_validate_general_authentication: returning with: 71
P:1449015; T:0x140679159284416 13:52:27.222 [opensc-pkcs11] card-piv.c:2466:piv_compute_signature: returning with: 64
P:1449015; T:0x140679159284416 13:52:27.222 [opensc-pkcs11] sec.c:63:sc_compute_signature: returning with: 64
P:1449015; T:0x140679159284416 13:52:27.222 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1449015; T:0x140679159284416 13:52:27.222 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: 64
P:1449015; T:0x140679159284416 13:52:27.223 [opensc-pkcs11] pkcs15-sec.c:759:sc_pkcs15_compute_signature: returning with: 64
P:1449015; T:0x140679159284416 13:52:27.223 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1449015; T:0x140679159284416 13:52:27.223 [opensc-pkcs11] reader-pcsc.c:737:pcsc_unlock: called
P:1449015; T:0x140679159284416 13:52:27.224 [opensc-pkcs11] framework-pkcs15.c:4255:pkcs15_prkey_sign: Sign complete. Result 64.
P:1449015; T:0x140679159284416 13:52:27.224 [opensc-pkcs11] mechanism.c:478:sc_pkcs11_signature_final: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.224 [opensc-pkcs11] mechanism.c:336:sc_pkcs11_sign_final: returning with: 0 (Success)
P:1449015; T:0x140679159284416 13:52:27.224 [opensc-pkcs11] pkcs11-object.c:731:C_Sign: C_Sign() = CKR_OK
DEBUG:pkcs11_lib.c:1834: signature[64] = [16:31:be:...:eb]
DEBUG:pam_pkcs11.c:727: verifying signature...
DEBUG:cert_vfy.c:518: public key type: 0x00000198
DEBUG:cert_vfy.c:519: public key bits: 0x00000100
Segmentation fault (core dumped)
```

To duplicate this issue:

```
$ cat /etc/pam.d/pkcs11
auth sufficient pam_pkcs11.so
```

and I used `pamtester`: `OPENSC_DEBUG=9 pamtester pkcs11 olivier authenticate`

After investigated this issue into the code, I actually found the issue and have a fix for it: https://salsa.debian.org/debian/pam-pkcs11/-/merge_requests/3

My commit is sufficient to fix the issue.

Revision history for this message
Olivier Martin (olivier-martin) wrote :

I have just created a merge-request for Ubuntu package: https://code.launchpad.net/~olivier-martin/ubuntu/+source/pam-pkcs11/+git/pam-pkcs11/+merge/436857

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.