Bug 1685434
| Summary: | p11tool is using a RO session when logging as SO | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | space88man <shihping.chan> | ||||
| Component: | gnutls | Assignee: | Anderson Sasaki <ansasaki> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 29 | CC: | ansasaki, crypto-team, nmavrogi, pemensik, tmraz | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | gnutls-3.6.7-1.fc30 gnutls-3.6.7-1.fc29 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-03-31 00:04:26 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 1540863 [details]
log of p11tool
Thank you for reporting this issue. I've opened an issue upstream to track it: https://gitlab.com/gnutls/gnutls/issues/721 Upstream fix: https://gitlab.com/gnutls/gnutls/merge_requests/953 gnutls-3.6.7-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8c1cf958f gnutls-3.6.7-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-971ded6f90 gnutls-3.6.7-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-971ded6f90 gnutls-3.6.7-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8c1cf958f gnutls-3.6.7-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. gnutls-3.6.7-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: p11tool is using a RO session when logging as SO and results in C_Login failure with SoftHSMv2 Version-Release number of selected component (if applicable): gnutls-utils-3.6.5-2.fc29.x86_64 softhsm-2.5.0-2.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Use softhsm to create a blank token 2. p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --list-all --so-login 'pkcs11:token=mytoken' 3. Actual results: Error in crt_list_import (1): PKCS #11 error in session Expected results: Token objects are listed Additional info: The C_OpenSession flags used is: 0x4 11: C_OpenSession 2019-03-05 15:47:34.434 [in] slotID = 0x236b8902 [in] flags = 0x4 pApplication=(nil) Notify=(nil) [out] *phSession = 0x2 Returned: 0 CKR_OK The error is 13: C_Login 2019-03-05 15:47:36.108 [in] hSession = 0x2 [in] userType = CKU_SO [in] pPin[ulPinLen] 000055729bfbd9a0 / 5 00000000 73 6F 70 69 6E sopin Returned: 183 CKR_SESSION_READ_ONLY_EXISTS SoftHSMv2 states that SO C_Login must always piggyback on RW session and that this is incorrect behaviour. See discussion here: https://github.com/opendnssec/SoftHSMv2/issues/451 pkcs11-tool uses flags = 0x6 and this works.