TPM token fails to reinitialize properly on reload

Also attaching debdiff from fixed package.

Tracked upstream at http://sourceforge.net/tracker/?func=detail&atid=710344&aid=3073688&group_id=128009

How to reproduce, given a wpasupplicant configuration that uses PKCS#11 to use the TPM for private key:
  - Connect to the network once, ensure a normal connection is possible.
  - Kill the opencryptoki pkcsslotd process (send SIGKILL; it ignores SIGTERM while in use).
  - Start a new opencryptoki pkcsslotd process.
  - Attempt to reconnect to the same network.

Expected behavior:
  - wpasupplicant should unload the PKCS#11 openssl engine library and reload it for the reconnection attempt.
  - The connection should succeed.

Observed behavior:
  - wpasupplicant unloads the PKCS#11 openssl engine library and reloads it for the reconnection attempt.
  - Immediately after wpasupplicant loads the PKCS#11 openssl engine library, it fails to load the private key.

The failure to load the private key was debugged back to failure in the opencryptoki TPM library to load the private root key. The private key fails to load because the session object opencryptoki uses to load the key into the TPM is stale, left over from the first session.

I have updated the patch upstream and am waiting on review.

Bug also raised in Debian upstream, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603104. Will contact DD to merge updated patch there as well.

Updating patch to same version as sourceforge.

Subscribing ubuntu-sponsors, as there's a patch attached. Could this be considered for oneiric?

This bug was fixed in the package opencryptoki - 2.3.1+dfsg-1ubuntu1

---------------
opencryptoki (2.3.1+dfsg-1ubuntu1) oneiric; urgency=low

  * Fix LP: #645576 - TPM token fails to reinitialize properly on reload.
    Add patch to reset TPM datastructures on init, and not just logout
    - add debian/patches/08-reset-tpm-structures.patch
    - update debian/patches/series
 -- David Smith <email address hidden> Mon, 11 Jul 2011 18:11:12 +0100

Fixed in Debian too.

Thank you, David!

Pushed the cherry-picked fix from the Debian package to lucid, maverick and natty (as they all had the same version of opencryptoki). The Ubuntu SRU team will be in touch soon.

Hello David, or anyone else affected,

Accepted opencryptoki into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello David, or anyone else affected,

Accepted opencryptoki into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello David, or anyone else affected,

Accepted opencryptoki into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I've tested version 2.2.8+dfsg-4ubuntu0.10.04.1 on Lucid, and it fixes this problem for me.

This bug was fixed in the package opencryptoki - 2.2.8+dfsg-4ubuntu0.10.04.1

---------------
opencryptoki (2.2.8+dfsg-4ubuntu0.10.04.1) lucid-proposed; urgency=low

  * Cherry-pick patch from Deibna to reset TPM datastructures on init
    and not just logout, fixes TPM token reinitialization failure on reload.
    Thanks to David Smith for the patch (LP: #645576)
 -- Stephane Graber <email address hidden> Wed, 07 Dec 2011 11:25:22 -0500