Ubuntu
sbsigntool package

regression: sbsign crashes while signing an (EFI) image

Bug #2067163 reported by dimanne
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sbsigntool (Ubuntu)
New
Undecided
Unassigned

Bug Description

Reproduction:

Try signing a file using sbsign where key is stored on a Yubikey, it will crash:

```
sbsign --engine pkcs11 --key 'pkcs11:manufacturer=piv_II;id=%02' --cert ./sb/db.crt --output ./sb/secboot-linux-latest.efi.signed ./sb/secboot-linux-latest.efi
```

gdb shows this backtrace:

```
Thread 1 "sbsign" received signal SIGSEGV, Segmentation fault.
0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
(gdb) bt
#0 0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#1 0x00007ffff7faf962 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#2 0x00007ffff7fb5567 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#3 0x00007ffff7fb58b0 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#4 0x00007ffff7fb3731 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#5 0x00007ffff7fb37bb in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#6 0x00007ffff7d1eed6 in RSA_sign (type=<optimised out>, m=m@entry=0x7fffffffdb80 "\224t&n\257>Y$\377...", m_len=m_len@entry=32,
    sigret=sigret@entry=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdb14, rsa=rsa@entry=0x5555555f4270) at ../crypto/rsa/rsa_sign.c:309
#7 0x00007ffff7d1d5a2 in pkey_rsa_sign (ctx=0x5555555eb5d0, sig=0x5555555f89a0 "\330\322\n", siglen=0x7fffffffdc30,
    tbs=0x7fffffffdb80 "\224t&n\257>Y$\377...", tbslen=32) at ../crypto/rsa/rsa_pmeth.c:180
#8 0x00007ffff7c06817 in EVP_DigestSignFinal (ctx=ctx@entry=0x5555555d8c50, sigret=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdc30) at ../crypto/evp/m_sigver.c:560
#9 0x00007ffff7cfdcbc in PKCS7_SIGNER_INFO_sign (si=si@entry=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:952
#10 0x00007ffff7cfdf9d in do_pkcs7_signed_attrib (mctx=<optimised out>, si=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:728
#11 PKCS7_dataFinal (p7=p7@entry=0x5555555f3520, bio=bio@entry=0x5555555a8640) at ../crypto/pkcs7/pk7_doit.c:850
#12 0x0000555555557c40 in IDC_set (image=<optimised out>, si=0x5555555a85f0, p7=0x5555555f3520) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/idc.c:216
#13 main (argc=<optimised out>, argv=<optimised out>) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/sbsign.c:274
(gdb)
```

It is likely that pkcs11.so is a "red herring" because I tried replacing the library with an older library from a docker image (`docker cp old_image /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so`) and it did NOT fix the issue.

These are logs just before crash:

```
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x4)
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x4) 0
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x5)
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x5) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x6)
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x6) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x7)
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x7) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] reader-pcsc.c:978:pcsc_finish: called
fish: Job 1, 'sbsign --engine pkcs11 --key 'p…' terminated by signal SIGSEGV (Address boundary error)
```

Logs were collected with `set -x OPENSC_DEBUG 9`, See more logs here: https://0bin.net/paste/4-TdVHy4#f8e68wCZrtty55tjhLKAFpA2YeSQ2jl9AopYJXf3J5-

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: sbsigntool 0.9.4-3.1ubuntu7
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Sat May 25 16:30:00 2024
InstallationDate: Installed on 2023-08-15 (284 days ago)
InstallationMedia: Kubuntu 23.10 "Mantic Minotaur" - Daily amd64 (20230815)
SourcePackage: sbsigntool
UpgradeStatus: Upgraded to noble on 2024-05-24 (1 days ago)

Revision history for this message
dimanne (dimanne2) wrote :
summary: - regression: sbsign crashes while signing unified EFI image
+ regression: sbsign crashes while signing an (EFI) image
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.