[Bug 2059340] Re: crash in libsofthsm2 on armhf after time_t transition

[Stefan Berger]

I have encountered a similar problem when running test case of ima-evm-
utils with softhsm used as engine on Ubuntu 24.04 (Noble). In this case
I am also crashing in pkcs11_slot_unref when this line here is called:

CRYPTOKI_call(slot->ctx, C_CloseAllSessions(slot->id));

https://github.com/OpenSC/libp11/blob/libp11-0.4.12/src/p11_slot.c#L433

ima-evm-utils: https://github.com/mimizohar/ima-evm-utils-test/

The evmctl utility has left main() when the crash occurs. So this function is 
called via some OpenSSL destructor code path. When OPENSSL_cleanup() is called 
before main() exits then this crash does NOT occur. 
When single stepping through the crash then it seems that C_CloseAllSessions() 
does not get called anymore but the crash occurs when it seems like it was 
trying to call this function.

   0x77fb3530 <+96>:call   0x77fae110 
   0x77fb3535 <+101>:   mov0x98(%rbx),%rdi
   0x77fb353c <+108>:   mov$0x1af,%edx
   0x77fb3541 <+113>:   mov%r13,%rsi
   0x77fb3544 <+116>:   call   0x77fadea0 
=> 0x77fb3549 <+121>:   mov0x8(%rbx),%rax
   0x77fb354d <+125>:   mov0x70(%rbx),%rdi
   0x77fb3551 <+129>:   mov(%rax),%rax
   0x77fb3554 <+132>:   call   *0x78(%rax) <- crash 
occurs here
   0x77fb3557 <+135>:   mov0x78(%rbx),%rdi

Notes:
- When SoftHSM is used in a test case via an OpenSSL provider, this same crash 
does NOT occur.
- The same test passes on Fedora (latest) when using SoftHSM either via engine 
or provider interfaces.
- Another problem is that I cannot use OPENSSL_cleanup before main() exit since 
tests on AltLinux and Debian end up failing then for some unknown reason.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059340

Title:
  crash in libsofthsm2 on armhf after time_t transition

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/softhsm2/+bug/2059340/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802133] [NEW] Do not start tcsd when a TPM 2.0 is on the system

[Stefan Berger]

Public bug reported:

When a TPM 2.0 is on the system, do not try to start tcsd and have it
report failures due to it talking to a TPM 2.0 rather than a TPM 1.2.
The following bash script lets one detect a TPM 1.2 on the system:

function is_tpm12()
{
exec 100<>/dev/tpm0
/usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100
res=$(od -t x1 -An <&100)
exec 100>&-
[ "${res:0:6}" == " 00 c4" ] && return 0
return 1
}

if ! is_tpm12; then
echo "Not a TPM 1.2"
fi


Please incorporate the above script into the post installation script of 
trousers.

The reported failures may otherwise look as follows:

invoke-rc.d: initscript trousers, action "start" failed.
? trousers.service - LSB: starts tcsd
   Loaded: loaded (/etc/init.d/trousers; generated)
   Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago
 Docs: man:systemd-sysv-generator(8)
  Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137)

Starting LSB: starts tcsd...
* Starting Trusted Computing daemon tcsd
/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
  ...fail!
trousers.service: Control process exited, code=exited status=137
trousers.service: Failed with result 'exit-code'.
Failed to start LSB: starts tcsd.
dpkg: error processing package trousers (--configure):
 installed trousers package post-installation script subprocess returned error 
exit status 1
dpkg: dependency problems prevent configuration of tpm-tools:
 tpm-tools depends on trousers; however:
  Package trousers is not configured yet.

dpkg: error processing package tpm-tools (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup 
error from a previous failure.

  Errors were encountered while processing:
 trousers
 tpm-tools


This patch will also help users of the 'swtpm' project to use a virtual TPM on 
the system where tcsd is needed if a TPM 1.2 is to be virtualized.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: trousers 0.3.13-4
ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83
Uname: Linux 4.4.0-96-generic x86_64
NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain 
falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Wed Nov  7 11:04:44 2018
InstallationDate: Installed on 2016-10-11 (756 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: trousers
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: 
'/etc/tcsd.conf']

** Affects: trousers (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802133

Title:
  Do not start tcsd when a TPM 2.0 is on the system

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/trousers/+bug/1802133/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1582852] Re: IMA crashes while verifying signatures

[Stefan Berger]

Hi Joseph,

 thanks for building the kernel. We discovered the problem as part of
testing IMA. We built the kernel with these 2 patches applied and one
other patch applied for which now a bug has also been filed:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195

The issue is, I cannot test the code path without that other patch
applied because that one provides the facilities for injecting a key
into the kernel image, which is a prerequisite for using IMA with the
.ima keyring, which in turn allows us to exercise the fixed code path.

Thanks,
  Stefan

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1582852

Title:
  IMA crashes while verifying signatures

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582852/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1582852] [NEW] IMA crashes while verifying signatures

[Stefan Berger]

Public bug reported:

The application of a kernel patch to fix Bug 1569924 causes crashes when
IMA is verifying signatures:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1569924

The following fix was applied:

commit e6b195bb9adbf92b62f466b02fb8ae9b4294ad5e
Author: Tadeusz Struk 
Date:   Tue Feb 2 10:08:53 2016 -0800

crypto: KEYS: convert public key and digsig asym to the akcipher api


This patch was taken from here:

https://github.com/torvalds/linux/commit/db6c43bd2132dc2dd63d73a6d1ed601cffd0ae06.patch

The series was posted here (not sure whether this is the latest version)

https://lkml.org/lkml/2016/2/2/575

The following two patches should be applied as well. They stem from that
same series of patches as the one that is already applied.

https://github.com/torvalds/linux/commit/eb5798f2e28f3b43091cecc71c84c3f6fb35c7de.patch
https://github.com/torvalds/linux/commit/d846e78e491ff4dd0747026c02414844d504fcb6.patch

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1582852

Title:
  IMA crashes while verifying signatures

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582852/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs