Bug 1570306

Summary: softhsm crashes applications using p11-kit-proxy
Product: [Fedora] Fedora Reporter: Francisco de la Peña <fran>
Component: softhsmAssignee: Paul Wouters <pwouters>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dueno, nmavrogi, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-25 08:05:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Francisco de la Peña 2018-04-21 20:08:58 UTC
Description of problem:

Several applications using p11-kit-proxy module crash when softhsm is installed. Firefox always crashes on quit and opensc-tools may reproduce a similar crash while listing details from that module.


Version-Release number of selected component (if applicable):

2.3.0-2.fc27, 2.3.0-3.fc28.1


How reproducible:

Always.


Steps to Reproduce:

opensc tools way:

1. Install softhsm and opensc
2. Run: $ pkcs11-tool -L --module /usr/lib64/p11-kit-proxy.so

Firefox way:

1. Install softhsm and firefox
2. Configure NSS to use p11-kit-proxy:
   # alternatives --install /usr/lib64/libnssckbi.so \
     libnssckbi.so.x86_64 /usr/lib64/p11-kit-proxy.so 50
3. Run Firefox (quit Firefox if already opened first) and quit Firefox. 


Actual results:

pkcs11-tool crashes with the command above.
firefox crashes on quit (no abrt but breakpad crash report window instead).

Removing softhsm works around this issue and p11-kit-proxy works without crashes.


Expected results:

It shouldn't crash.

Comment 1 Daiki Ueno 2018-04-23 13:00:44 UTC
I tried to reproduce it, but couldn't.  Could you provide more information about your configuration:
- NSS and p11-kit package versions
- How softhsm is configured (do you have a token initialized and any certificates/keys in it?)

(In reply to Francisco de la Peña from comment #0)

> 2. Configure NSS to use p11-kit-proxy:
>    # alternatives --install /usr/lib64/libnssckbi.so \
>      libnssckbi.so.x86_64 /usr/lib64/p11-kit-proxy.so 50

This is to explicitly override the default installation, that registers p11-kit-trust.so with priority 30, right?

Comment 2 Nikos Mavrogiannopoulos 2018-07-25 08:05:00 UTC
Closing as duplicate as it is seen to be related.

*** This bug has been marked as a duplicate of bug 1607635 ***

Comment 3 Francisco de la Peña 2018-07-26 18:38:12 UTC
> This is to explicitly override the default installation, that registers
> p11-kit-trust.so with priority 30, right?

Yes, it is. Also happens here with the upcoming F29 crypto policies approach.
I didn't configure softhsm, so it should use defaults here.
Tested with latest F28 downstream packages, still reproduceable here.

> Closing as duplicate as it is seen to be related.

Indeed, I can confirm the backtrace is the same there as in bug 1607635, +1.