Ubuntu 17.10 - opencryptoki 3.7.0 segmentation fault on pkcsconf -t
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| | Ubuntu on IBM z Systems |
High
|
Dimitri John Ledkov | |||
| opencryptoki (Ubuntu) | Status tracked in Bionic | |||||
| | Artful |
Undecided
|
Unassigned | |||
| | Bionic |
Undecided
|
Skipper Bug Screeners | |||
Bug Description
Running Ubuntu 17.10 on a zVM s390x environment with opencryptoki 3.7 installed via apt, the command pkcsconf -t gives a segmentation fault.
We did some tests (all on a zVM):
1. On a debian testing installation: the opencryptoki 3.7.0+dfsg-4 package works as expected.
2. On a ubuntu 17.04 installation: the opencryptoki (3.6.2+dfsg-1 that is available on the repo) package works as expected.
3. On a ubuntu 17.10 installation: opencryptoki 3.7.0+dfsg-4 gives segmentation fault (pkcsconf -t)
4. On a ubuntu 17.10 installation: downloading building opencryptoki 3.7.0 from Github manually and installing it, works as expected.
5. On a ubuntu 17.10 installation: installing opencryptoki 3.7.0+dfsg-4 package from debian testing repository, work as expected.
It seems that opencryptoki 3.7.0+dfsg-4 package from Ubuntu was built differently compared to Debian. We believe that the build was done incorrectly and is causing the pkcsconf -t command to segfault.
Could you guys verify how the package is being built and compare it to debian's opencryptoki package?
Machine Type = zVM s390x
---Steps to Reproduce---
#apt-get install opencryptoki
#pkcsconf -t
Segmentation fault
---Patches Installed---
na
---uname output---
Linux 4.13.0-16-generic #19-Ubuntu SMP Wed Oct 11 18:33:05 UTC 2017 s390x s390x s390x GNU/Linux
---Debugger---
A debugger is not configured
Userspace tool common name: opencryptoki
Userspace rpm: opencryptoki_
The userspace tool has the following bit modes: 64-bit
Userspace tool obtained from project website: na
-Attach ltrace and strace of userspace application.
| tags: | added: architecture-s39064 bugnameltc-160151 severity-high targetmilestone-inin1710 |
| Changed in ubuntu: | |
| assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
| affects: | ubuntu → opencryptoki (Ubuntu) |
| Changed in ubuntu-z-systems: | |
| importance: | Undecided → High |
| assignee: | nobody → Dimitri John Ledkov (xnox) |
| Changed in opencryptoki (Ubuntu): | |
| status: | New → Confirmed |
| Changed in ubuntu-z-systems: | |
| status: | New → Confirmed |
| tags: | added: regression-release |
| tags: | added: artful |
| Frank Heimes (frank-heimes) wrote : | #4 |
Hi, yepp - in between I followed the steps of the crypto paper ...
| Frank Heimes (frank-heimes) wrote : | #5 |
after initial install and config of pkcs11:
$ sudo apt install opencryptoki libtspi1
$ sudo usermod -aG pkcs11 ubuntu
$ grep pkcs11 /etc/group
pkcs11:
$ sudo systemctl enable pkcsslotd.service
Synchronizing state of pkcsslotd.service with SysV service script with /lib/systemd/
Executing: /lib/systemd/
$ sudo systemctl start pkcsslotd.service
$ sudo pkcsconf
usage: pkcsconf [-itsmIupPh] [-c slotnumber -U userPIN -S SOPin -n newpin]
-i display PKCS11 info
-t display token info
-s display slot info
-m display mechanism list
-l display slot description
-I initialize token
-u initialize user PIN
-p set the user PIN
-P set the SO PIN
-h show this help
$ sudo pkcsconf -t
Segmentation fault
$ sudo pkcsconf -i
PKCS#11 Info
Version 2.20
Manufacturer: IBM
Flags: 0x0
Library Description: Meta PKCS11 LIBRARY
Library Version 3.7
Segmentation fault
$ sudo pkcsconf -s
Slot #1 Info
Description: Linux
Manufacturer: IBM
Flags: 0x1 (TOKEN_PRESENT)
Hardware Version: 0.0
Firmware Version: 0.0
Slot #2 Info
Description: Linux
Manufacturer: IBM
Flags: 0x1 (TOKEN_PRESENT)
Hardware Version: 0.0
Firmware Version: 0.0
Slot #3 Info
Description: Linux
Manufacturer: IBM
Flags: 0x1 (TOKEN_PRESENT)
Hardware Version: 0.0
Firmware Version: 0.0
Segmentation fault
| Frank Heimes (frank-heimes) wrote : | #6 |
16.04.3 and 17.04 are not affected
| Dimitri John Ledkov (xnox) wrote : | #7 |
18.04 has 3.8.1+dfsg-3 now, does that one work ok? And thus is this fix released in 18.04 bionic?
| Frank Heimes (frank-heimes) wrote : | #8 |
pkcsconf on bionic works - see attachment
so a no-change rebuild on artful should be fine
| Changed in opencryptoki (Ubuntu Bionic): | |
| status: | Confirmed → Fix Released |
| Changed in ubuntu-z-systems: | |
| status: | Confirmed → In Progress |
| Dimitri John Ledkov (xnox) wrote : | #9 |
Could you please if upgrading Artful to this PPA https:/
| Changed in opencryptoki (Ubuntu Artful): | |
| status: | New → In Progress |
| Frank Heimes (frank-heimes) wrote : | #10 |
unfortunately I still get the segfault with the package from the PPA
for details see attached file
| Frank Heimes (frank-heimes) wrote : | #11 |
| tags: | added: id-5a7c406f0e36154d1ca6f7e6 |
| Frank Heimes (frank-heimes) wrote : | #12 |
bisect required from 3.7.0 to 3.8.1 to identify when the fix got introduced.
| bugproxy (bugproxy) wrote : strace.txt | #13 |
Default Comment by Bridge
------- Comment From <email address hidden> 2017-10-20 09:58 EDT-------
Hello Frank,
you might want to run 'id' to see if your user is member of the pkcs11 group. Further ensure the pkcsslotd is started.
Thanks,
Christian