Generate a CSR against tpm private using pkcs11 segmentation fault.

[traxtopel]

Fedora 38
RPM : pkcs11-provider-0.2-2.fc38.x86_64

I am generating a CSR using the following code.

mkdir -p /etc/tpm2_pkcs11
[ -f /etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3 ] && rm -f /etc/tpm2_pkcs11/tpm2_pkcs11.sqlite3 ||:
export TSS2_LOG=fapi+NONE
export USERPIN=userpin
export SOPIN=sopin
export TPM2TOOLS_TCTI="device:/dev/tpmrm0"
export TPM2_PKCS11_TCTI="device:/dev/tpmrm0"

KEY_LABEL=KEY_LABEL
TOKEN_LABEL=LABEL
SUBJ="/C=US/ST=NY/L=Amsterdam/O=Acme/OU=ACME/OU=1234/CN=1234/emailAddress=bob@acme.com"
tpm2_clear
tpm2_ptool init
tpm2_ptool addtoken --pid=1 --sopin=${SOPIN} --userpin=${USERPIN} --label=${TOKEN_LABEL}
tpm2_ptool addkey --algorithm=rsa2048 --label=${TOKEN_LABEL} --key-label=${KEY_LABEL} --userpin=${USERPIN}
tpm2_ptool config --key tcti --value "device:/dev/tpmrm0" --label=${TOKEN_LABEL}
TOKEN=$(p11tool --list-token-urls 2> /dev/null | grep "token=${TOKEN_LABEL}")
p11tool --login --list-all "${TOKEN}" --set-pin="${USERPIN}" --outfile p11tool.out
[ -f p11tool.out ] && echo "created p11tool.out"
PRIVATE_KEY=$(cat p11tool.out | grep private | awk '{ print $2 }')
yaml_rsa0=$(tpm2_ptool export --label="${TOKEN_LABEL}" --key-label="${KEY_LABEL}" --userpin="${USERPIN}")
auth_rsa0=$(echo "${yaml_rsa0}" | grep "object-auth" | cut -d' ' -f2-)

• Using tpm2-openssl as the provider I can generate a csr. Using the following code.
  openssl req -new -provider tpm2 -propquery '?provider=tpm2' -key "${KEY_LABEL}.pem" -passin "pass:${auth_rsa0}" -subj "${SUBJ}" -out tpm2-openssl.csr

• Using pkcs11-provider it generates a csr file. However I am seeing a segmentation fault. Maybe my syntax is incorrect, any guidance would be appreciated.
  openssl req -new -provider pkcs11 -propquery '?provider=pkcs11' -key "pkcs11:token=${TOKEN_LABEL};object=${KEY_LABEL};type=private;pin-value=${USERPIN}" -subj "${SUBJ}" -out "pkcs11-provider.csr"
  Segmentation fault (core dumped)

[traxtopel]

Interesting if I add -batch the seg fault no longer occurs.

[beldmit]

Could you please provide a stack trace? On Fedora it can be done via coredumpctl utility

[simo5]

@traxtopel if you could do this and post the reults (sanitized as needed) we can do something otherwise we do not have enough data:

> gdb --args whichever_command_crashes and its arguments
> run
after crash
> bt

[traxtopel]

#0 0x00007ffff7626a30 in std::default_delete::operator()(OSSLCryptoFactory*) const
(__ptr=0x5555556b4220, this=) at /usr/include/c++/13/bits/unique_ptr.h:100
#1 std::__uniq_ptr_impl<OSSLCryptoFactory, std::default_delete >::reset(OSSLCryptoFactory*)
(__p=0x0, this=) at /usr/include/c++/13/bits/unique_ptr.h:212
#2 std::unique_ptr<OSSLCryptoFactory, std::default_delete >::reset(OSSLCryptoFactory*)
(__p=0x0, this=) at /usr/include/c++/13/bits/unique_ptr.h:510
#3 OSSLCryptoFactory::reset() () at OSSLCryptoFactory.cpp:293
#4 0x00007ffff761f339 in CryptoFactory::reset() () at CryptoFactory.cpp:51
#5 0x00007ffff75f1d57 in SoftHSM::C_Finalize(void*) (this=0x5555556b1a10, pReserved=pReserved@entry=0x0)
at SoftHSM.cpp:597
#6 0x00007ffff75d1a00 in C_Finalize(CK_VOID_PTR) (pReserved=0x0) at main.cpp:148
#7 0x00007ffff76c9334 in finalize_module_inlock_reentrant (mod=0x555555672550) at ../p11-kit/modules.c:917
#8 0x00007ffff76cf1d4 in managed_C_Finalize (self=0x55555569a400, reserved=)
at ../p11-kit/modules.c:1779
#9 0x00007ffff76d1482 in p11_kit_modules_finalize (modules=) at ../p11-kit/modules.c:2329
#10 p11_kit_modules_finalize (modules=) at ../p11-kit/modules.c:2319
#11 0x00007ffff76d15ac in proxy_free (finalize=1, py=0x55555569e110) at ../p11-kit/proxy.c:196
#12 proxy_C_Finalize (reserved=, self=0x55555569ccc0) at ../p11-kit/proxy.c:233
--Type for more, q to quit, c to continue without paging--c
#13 proxy_C_Finalize (self=0x55555569ccc0, reserved=) at ../p11-kit/proxy.c:205
#14 0x00007ffff7ecc19f in p11prov_Finalize.constprop.0.isra.0 (ctx=0x555555660250, pReserved=0x0)
at /usr/src/debug/pkcs11-provider-0.2-2.fc38.x86_64/src/interface.gen.c:33
#15 0x00007ffff7eb1b32 in p11prov_module_free (mctx=0x55555565faf0)
at /usr/src/debug/pkcs11-provider-0.2-2.fc38.x86_64/src/interface.c:357
#16 0x00007ffff7ebb9eb in p11prov_ctx_free (ctx=0x555555660250)
at /usr/src/debug/pkcs11-provider-0.2-2.fc38.x86_64/src/provider.c:548
#17 0x00007ffff7bc6cbb in ossl_provider_teardown (prov=0x555555660f50) at crypto/provider_core.c:1558
#18 ossl_provider_free (prov=0x555555660f50) at crypto/provider_core.c:696
#19 0x00007ffff7c05c89 in OPENSSL_sk_pop_free (func=, st=)
at crypto/stack/stack.c:426
#20 OPENSSL_sk_pop_free (st=0x55555565bd30, func=0x7ffff7bc6da0 <provider_deactivate_free>)
at crypto/stack/stack.c:418
#21 0x00007ffff7bc5570 in sk_OSSL_PROVIDER_pop_free
(freefunc=0x7ffff7bc6da0 <provider_deactivate_free>, sk=) at crypto/provider_core.c:199
#22 provider_store_free (vstore=0x55555565bcd0) at crypto/provider_core.c:295
#23 0x00007ffff7bb9f3b in CRYPTO_free_ex_data
(class_index=class_index@entry=16, obj=obj@entry=0x0, ad=ad@entry=0x7ffff7e23508 <default_context_int.lto_priv+8>) at crypto/ex_data.c:402
#24 0x00007ffff7bba0d6 in context_deinit (ctx=0x7ffff7e23500 <default_context_int.lto_priv>)
at crypto/context.c:169
#25 0x00007ffff7bbcc82 in context_deinit (ctx=) at crypto/context.c:157
#26 ossl_lib_ctx_default_deinit () at crypto/context.c:196
#27 OPENSSL_cleanup () at crypto/init.c:427
#28 OPENSSL_cleanup () at crypto/init.c:344
#29 0x00007ffff78621a6 in __run_exit_handlers
(status=status@entry=0, listp=, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:111
#30 0x00007ffff78622ee in __GI_exit (status=status@entry=0) at exit.c:141
#31 0x000055555559c5a6 in main (argc=, argv=) at apps/openssl.c:311

[simo5]

Ah yes this is softhsm looping back into pkcs11provider during finalization after it already freed some internal structures.
This is due to softhsm using the default openssl context instead of creating it own.

You can try to work around this issue by setting the no de-init quirk, see: https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md#pkcs11-module-quirks

There is nothing that can be done within pkcs11-provider, it is a softhsm issue.
p11tool could also somewhat work around it by preventing openssl from setting an atexit handler I guess...

[simo5]

Actually I wonder if I could figure out if openssl has already set an atexit() handler and optionally set one in pkcs11-provider to ensure it runs before the main library one ... this could be also raised as an openssl issue, perhaps they should free providers before they do any other deinitialization ... and that could "solve" deinitialization ordering problems.

[simo5]

I think this is a well known crash in SoftHSM already discussed in OpenSSL itself in a loong bug report (sorry I forgot the id). The solution will have to come from SoftHSM as it is a problem with atexit and C++ deconstructors, and not something we can deal with in pkcs11-provider except for settging the no-deinit quirk which already exists.