Bug#1076601: libsofthsm2: Crashes when called by OpenSSL 3.0.13

Fri, 19 Jul 2024 05:51:14 -0700 

Package: libsofthsm2
Version: 2.6.1-2.1
Severity: important
X-Debbugs-Cc: ulrich.teich...@kumkeo.de, henry.b...@kumkeo.de, 
ulrich.teich...@kumkeo.de

When using OpenSSL 3.0.13 (installed by the latest security update for OpenSSL),
signing with pkcs11 fails with a segmentation fault. This is not the case with
openSSL OpenSSL 3.0.11. Maybe the library just needs a rebuild against the
newer openSSL library? Traceback with gdb:

(gdb) run cms -sign -engine pkcs11 -keyform engine -in sw-description.in -out 
sw-description.sig -signer example.crt -inkey 
"pkcs11:token=example;object=update" -outform DER -nosmimecap -binary
Starting program: /usr/bin/openssl cms -sign -engine pkcs11 -keyform engine -in 
sw-description.in -out sw-description.sig -signer example.crt -inkey 
"pkcs11:token=example;object=update" -outform DER -nosmimecap -binary
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Engine "pkcs11" set.
[New Thread 0x7ffff6b736c0 (LWP 26872)]
[Detaching after fork from child process 26873]
[New Thread 0x7ffff63726c0 (LWP 26874)]
Enter PKCS#11 token PIN for prodhsm:

Thread 1 "openssl" received signal SIGSEGV, Segmentation fault.
0x00007ffff769cd4e in ?? () from 
/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
(gdb) bt
#0  0x00007ffff769cd4e in  () at 
/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
#1  0x00007ffff7650f69 in  () at 
/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
#2  0x00007ffff76313f4 in C_CloseSession ()
    at /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
#3  0x00007ffff773189b in  () at /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so
#4  0x00007ffff77174a0 in  () at /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so
#5  0x00007ffff7717618 in  () at /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so
#6  0x00007ffff7fb99aa in  () at /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#7  0x00007ffff7fb9a40 in  () at /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#8  0x00007ffff7fb2f5e in  () at /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#9  0x00007ffff7fb0e38 in  () at /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#10 0x00007ffff7be352f in  () at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#11 0x00007ffff7be5a52 in  () at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#12 0x00007ffff7c2c6f4 in OPENSSL_LH_doall ()
    at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#13 0x00007ffff7be5e31 in  () at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#14 0x00007ffff7be37a6 in  () at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#15 0x00007ffff7cadd20 in OPENSSL_sk_pop_free ()
    at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#16 0x00007ffff7be3b89 in  () at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#17 0x00007ffff7c30e2e in OPENSSL_cleanup ()
    at /usr/lib/x86_64-linux-gnu/libcrypto.so.3
#18 0x00007ffff785d55d in __run_exit_handlers
    (status=0, listp=0x7ffff79f1820 <__exit_funcs>, 
run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at 
./stdlib/exit.c:116
#19 0x00007ffff785d69a in __GI_exit (status=<optimized out>) at 
./stdlib/exit.c:146
#20 0x00005555555962f1 in  ()
#21 0x00007ffff784624a in __libc_start_call_main
    (main=main@entry=0x5555555961c0, argc=argc@entry=19, 
argv=argv@entry=0x7fffffffe808) at ../sysdeps/nptl/libc_start_call_main.h:58
#22 0x00007ffff7846305 in __libc_start_main_impl
    (main=0x5555555961c0, argc=19, argv=0x7fffffffe808, init=<optimized out>, 
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe7f8)
    at ../csu/libc-start.c:360
#23 0x00005555555964b1 in  ()

-- System Information:
Debian Release: 12.0
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-23-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages libsofthsm2 depends on:
ii  libc6            2.36-9+deb12u7
ii  libgcc-s1        12.2.0-14
ii  libssl3          3.0.13-1~deb12u1
ii  libstdc++6       12.2.0-14
ii  softhsm2-common  2.6.1-2.1

Versions of packages libsofthsm2 recommends:
ii  softhsm2  2.6.1-2.1

libsofthsm2 suggests no packages.

-- no debconf information

Reply via email to