Public bug reported: Reproduction:
Try signing a file using sbsign where key is stored on a Yubikey, it will crash: ``` sbsign --engine pkcs11 --key 'pkcs11:manufacturer=piv_II;id=%02' --cert ./sb/db.crt --output ./sb/secboot-linux-latest.efi.signed ./sb/secboot-linux-latest.efi ``` gdb shows this backtrace: ``` Thread 1 "sbsign" received signal SIGSEGV, Segmentation fault. 0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so (gdb) bt #0 0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #1 0x00007ffff7faf962 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #2 0x00007ffff7fb5567 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #3 0x00007ffff7fb58b0 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #4 0x00007ffff7fb3731 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #5 0x00007ffff7fb37bb in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so #6 0x00007ffff7d1eed6 in RSA_sign (type=<optimised out>, m=m@entry=0x7fffffffdb80 "\224t&n\257>Y$\377...", m_len=m_len@entry=32, sigret=sigret@entry=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdb14, rsa=rsa@entry=0x5555555f4270) at ../crypto/rsa/rsa_sign.c:309 #7 0x00007ffff7d1d5a2 in pkey_rsa_sign (ctx=0x5555555eb5d0, sig=0x5555555f89a0 "\330\322\n", siglen=0x7fffffffdc30, tbs=0x7fffffffdb80 "\224t&n\257>Y$\377...", tbslen=32) at ../crypto/rsa/rsa_pmeth.c:180 #8 0x00007ffff7c06817 in EVP_DigestSignFinal (ctx=ctx@entry=0x5555555d8c50, sigret=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdc30) at ../crypto/evp/m_sigver.c:560 #9 0x00007ffff7cfdcbc in PKCS7_SIGNER_INFO_sign (si=si@entry=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:952 #10 0x00007ffff7cfdf9d in do_pkcs7_signed_attrib (mctx=<optimised out>, si=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:728 #11 PKCS7_dataFinal (p7=p7@entry=0x5555555f3520, bio=bio@entry=0x5555555a8640) at ../crypto/pkcs7/pk7_doit.c:850 #12 0x0000555555557c40 in IDC_set (image=<optimised out>, si=0x5555555a85f0, p7=0x5555555f3520) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/idc.c:216 #13 main (argc=<optimised out>, argv=<optimised out>) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/sbsign.c:274 (gdb) ``` It is likely that pkcs11.so is a "red herring" because I tried replacing the library with an older library from a docker image (`docker cp old_image /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so`) and it did NOT fix the issue. These are logs just before crash: ``` P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x4) P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x4) 0 P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x5) P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x5) 0 P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x6) P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x6) 0 P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x7) P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x7) 0 P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] ctx.c:1066:sc_release_context: called P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] reader-pcsc.c:978:pcsc_finish: called fish: Job 1, 'sbsign --engine pkcs11 --key 'p…' terminated by signal SIGSEGV (Address boundary error) ``` Logs were collected with `set -x OPENSC_DEBUG 9`, See more logs here: https://0bin.net/paste/4-TdVHy4#f8e68wCZrtty55tjhLKAFpA2YeSQ2jl9AopYJXf3J5- ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: sbsigntool 0.9.4-3.1ubuntu7 ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1 Uname: Linux 6.8.0-31-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.28.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Sat May 25 16:30:00 2024 InstallationDate: Installed on 2023-08-15 (284 days ago) InstallationMedia: Kubuntu 23.10 "Mantic Minotaur" - Daily amd64 (20230815) SourcePackage: sbsigntool UpgradeStatus: Upgraded to noble on 2024-05-24 (1 days ago) ** Affects: sbsigntool (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble ** Summary changed: - regression: sbsign crashes while signing unified EFI image + regression: sbsign crashes while signing an (EFI) image -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067163 Title: regression: sbsign crashes while signing an (EFI) image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/2067163/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs