Package: libhsm-bin Version: 1.1.3-3 Severity: important
I had to recompile opendnssec with debugging symbols to get a backtrace but made no other changes from 1.1.3-3. This same error occurs in the official package. This system is set up to use the TPM chip as a HSM using opencryptoki 2.2.8 and 'ods-hsmutil test' completes successfully. However, when I try to use ods-hsmutil to list the keys in the HSM it segfaults (gdb backtrace follows.) I have not yet tried to use opendnssec to sign a zone as I was testing with ods-hsmutil during the initial configuration process. Backtrace: $ LD_PRELOAD=/lib/libpthread.so.0 gdb ods-hsmutil GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/ods-hsmutil...done. (gdb) run list Starting program: /usr/bin/ods-hsmutil list [Thread debugging using libthread_db enabled] Listing keys in all repositories. 1 key found. Repository ID Type ---------- -- ---- Program received signal SIGSEGV, Segmentation fault. 0x00000000004019bd in cmd_list (argc=0, argv=0x7fffffffeca8) at ../../../libhsm/src/hsmutil.c:114 114 snprintf(key_type, sizeof(key_type), (gdb) thread apply all bt full Thread 1 (Thread 0x7ffff7fee700 (LWP 25083)): #0 0x00000000004019bd in cmd_list (argc=0, argv=0x7fffffffeca8) at ../../../libhsm/src/hsmutil.c:114 key_info = 0x0 key = 0x0 key_type = "@\347`", '\000' <repeats 13 times>"\260, \353\377\377\377\177\000" i = 0 repository = 0x0 key_count = 1 keys = 0x604550 ctx = 0x0 key_info_format = 0x402b3f "%-20s %-32s %-10s\n" #1 0x000000000040223e in main (argc=0, argv=0x7fffffffeca8) at ../../../libhsm/src/hsmutil.c:405 result = 0 config = 0x0 ch = -1 Here's the output from 'ods-hsmutil test <repository>' for reference: $ ods-hsmutil test <repository> Testing repository: <repository> Generating 512-bit RSA key... OK Extracting key identifier... OK, b4d69efa6e655bc88a0897280e48b48a Signing (RSA/SHA1) with key... OK Signing (RSA/SHA256) with key... OK Deleting key... OK Generating 768-bit RSA key... Failed generate key pair: CKR_KEY_SIZE_RANGE Generating 1024-bit RSA key... OK Extracting key identifier... OK, 94efe89cad1d42e67921d1c3bc2269c4 Signing (RSA/SHA1) with key... OK Signing (RSA/SHA256) with key... OK Signing (RSA/SHA512) with key... OK Deleting key... OK Generating 1536-bit RSA key... Failed generate key pair: CKR_KEY_SIZE_RANGE Generating 2048-bit RSA key... OK Extracting key identifier... OK, 1b5551755fbec292100127ed4f156f50 Signing (RSA/SHA1) with key... OK Signing (RSA/SHA256) with key... OK Signing (RSA/SHA512) with key... OK Deleting key... OK Generating 4096-bit RSA key... Failed generate key pair: CKR_KEY_SIZE_RANGE Generating 1024 bytes of random data... OK Generating 32-bit random data... 1938355139 Generating 64-bit random data... 17955271592229176371 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages libhsm-bin depends on: ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libhsm0 1.1.3-3 library for interfacing PKCS#11 Ha ii libldns1 1.6.6-1 ldns library for DNS programming ii opendnssec-common 1.1.3-3 common configuration files for Ope libhsm-bin recommends no packages. libhsm-bin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
