[0.1.1] Seg fault in test suite

[remicollet]

Sefault during 3 tests
Encrypt/Decrypt using AES-GCM [tests/0141-sym-encrypt-aes-gcm.phpt]
Encrypt/Decrypt using AES-GCM with update [tests/0145-sym-encrypt-aes-gcm-update.phpt]
Wrapping/Unrapping using RSA OAEP [tests/0165-rsa-encrypt-oaep-wrap.phpt]

Example:

(gdb) bt
#0  0x00007ffff76909d5 in raise () from /lib64/libc.so.6
#1  0x00007ffff76798a4 in abort () from /lib64/libc.so.6
#2  0x00007ffff74a38a8 in std::__replacement_assert(char const*, int, char const*, char const*) () from /usr/lib64/pkcs11/libsofthsm2.so
#3  0x00007ffff74a24e3 in ByteString::operator[](unsigned long) () from /usr/lib64/pkcs11/libsofthsm2.so
#4  0x00007ffff74660e4 in SoftHSM::SymEncryptInit(unsigned long, _CK_MECHANISM*, unsigned long) () from /usr/lib64/pkcs11/libsofthsm2.so
#5  0x00007ffff743ab28 in C_EncryptInit () from /usr/lib64/pkcs11/libsofthsm2.so
#6  0x00007ffff75b6736 in zim_Key_encrypt (execute_data=0x7ffff72143a0, return_value=0x7ffff7214320) at /work/GIT/pecl-and-ext/pkcs11/pkcs11key.c:328
#7  0x00005555559ab408 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/Zend/zend_vm_execute.h:1730
#8  execute_ex (ex=0x2) at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/Zend/zend_vm_execute.h:53865
#9  0x00005555559acc7b in zend_execute (op_array=0x7ffff728a2a0, return_value=0x0) at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/Zend/zend_vm_execute.h:57957
#10 0x000055555592349c in zend_execute_scripts (type=type@entry=8, retval=0x7ffff729e7c0, retval@entry=0x0, file_count=-148815840, file_count@entry=3)
    at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/Zend/zend.c:1679
#11 0x00005555558c0730 in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/main/main.c:2621
#12 0x00005555559aed7a in do_cli (argc=68, argv=0x555555f75200) at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/sapi/cli/php_cli.c:964
#13 0x000055555579042e in main (argc=68, argv=0x555555f75200) at /usr/src/debug/php-7.4.14-1.fc33.remi.x86_64/sapi/cli/php_cli.c:1359

[vjardin]

Thanks @remicollet for the feedback.

Please, which Linux version are are you using ? I guess fc33, doesn't it ?

• which SoftHSM2 package ?

Can you run the same test using the upstream SoftHSM2 ?

thank you,

[gamringer]

I'll try to reproduce this this week

[remicollet]

Yes, Fedora 33

Using softhsm-2.6.1

See https://rpms.remirepo.net/rpmphp/zoom.php?rpm=softhsm

[gamringer]

I don't get the same result when testing myself on Fedora 33. I am getting a lot of skipped tests, but no error.

An interesting piece though is this:

# pkcs11-tool --module=/usr/lib64/softhsm/libsofthsm.so -I
error: PKCS11 function C_Initialize failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

It looks like the softhsm package itself is having trouble.

[gamringer]

It turns out that after restarting the VM, I'm able to reproduce the issue. I will investigate further.

[gamringer]

I managed to run all tests successfully by simply setting $aad to a non-empty string, and conversly, to reproduce the same issue in a sample using SoftHSM directly with an empty AAD. It seems like the issue is with SoftHSM itself when using empty AAD values. @remicollet, can you confirm ?

    CK_MECHANISM mech;
    CK_GCM_PARAMS params;

    CK_BYTE_PTR iv = malloc(12);
    if (NULL == iv) {
        printf("Failed to allocate IV memory\n");
        return;
    }
    memset(iv, 0, 12);

    CK_BYTE_PTR aad = "";
    CK_ULONG aad_length = strlen(aad);

    params.pIv = iv;
    params.ulIvLen = 12;
    params.ulIvBits = 0;
    params.pAAD = aad;
    params.ulAADLen = aad_length;
    params.ulTagBits = 16 * 8;

    mech.mechanism = CKM_AES_GCM;
    mech.ulParameterLen = sizeof(params);
    mech.pParameter = &params;

    rv = C_EncryptInit(session, &mech, key);

[gamringer]

@remicollet I get no error with compiling SoftHSM 2.6.1 from source rather than using the one provided by the fedora package. There seems to be a problem in the fedora provided package, not in this extension.

If we can find indications to the contrary, I'll reopen, but in the meantime, I'm closing this.

[remicollet]

There seems to be a problem in the fedora provided package, not in this extension.

That's probably mean that this is related to security enhancement build options used by default for RPM build

[vjardin]

@remicollet Please, can you provide some inside about some specific security build options that are used ? Should we apply the same to the build of php-pkcs11 extension ?

[remicollet]

@remicollet Please, can you provide some inside about some specific security build options that are used ?

At least --O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection

Also lto (only in recent version), I need to check if this can be related (so run a build without this option)

Should we apply the same to the build of php-pkcs11 extension ?

Some may make sense.
In all case, these options will be used in RPM build of the extension

[remicollet]

P.S. due to some familly event I have very minimal activity, at least for next week.

[gamringer]

@remicollet, in the issue on SoftHSM, they suggested a fix, which I wasn't able to test properly, since compiling it vanilla worked just fine, so there was no effective difference. Are you able to build it with those options you mentioned and confirm whether they trigger the issue, and then try their fix ?

[Magentron]

Moved to issue #51.

Not sure if this is relevant, but when doing something like this (pseudo code):

    // function loadModule($path): Module
    return new Module($path);
    
    // function openSession($path, $slot, $pin): Session
    $module = loadModule($path)
    $session = $module->openSession($slot, Pkcs11\CKF_RW_SESSION);
    $session->login(Pkcs11\CKU_USER, $pin);
    $session->getInfo(); // debug
    return $session;
            
    // function getObjects(Session $session)
    return $session->findObjects([
        Pkcs11\CKA_LABEL => 'My name',
    ]);

Before the findObjects() call, the C function pkcs11_shutdown() is called for the module and upon entering findObjects() the session functionList is NULL.
Will investigate further today, and hopefully create a PR as well.

Update:
If I put the calls sequentially without functions it does work, so it seems that upon leaving openSession() somehow the PKCS11 shutdown function is called for the module because it going out of scope. This probably should not happen since the session is still open.

[remicollet]

Was able to find time to run some tests

• version 0.1.1 segfault with 2.6.1 + patch proposed by upstream
• git master works, test suite passes without any segfault.

So, looks like some recent changes in master fix this issue.

[vjardin]

Thanks Rémi for the follow up.

[remicollet]

:)

@vjardin simply "Remi", without accent ;)

[gamringer]

Sorry for the late reply, but thanks Remi for taking the time on this.

[remicollet]

@gamringer is a new release plan soon ?

[gamringer]

Yes. I want to figure out #53 before make another release, but it will be the last item.

[remicollet]

I confirm version 1.0 is OK, build and test suite passes on Fedora 32 to 34, RHEL 7 and 8

[vjardin]

thanks @remicollet for the feedbacks.

[gamringer]

Awesome, thanks

…

On Wed., Mar. 24, 2021, 02:15 Remi Collet, ***@***.***> wrote: I confirm version 1.0 is OK, build and test suite passes on Fedora 32 to 34, RHEL 7 and 8 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#37 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA64NL5CGFQB2Z7M3WPEBZ3TFF7PNANCNFSM4V4GSDEQ> .