pkcs11-tool is sending null sha-1 digest to Openssl on FIPS enabled ubuntu 24.04

Bug #2127205 reported by Heather Lemon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opensc (Ubuntu)
Status tracked in Resolute
Noble
New
Undecided
Unassigned
Plucky
New
Undecided
Unassigned
Questing
New
Undecided
Unassigned
Resolute
In Progress
Medium
Heather Lemon

Bug Description

release: ubuntu 24.04 noble
opensc package version: 0.25.0~rc1-1ubuntu0.1~esm1 510
0.25.0~rc1-1build2 both versions are affected.
openssl version: 3.0.13-0ubuntu3+Fips1

Sru backport from upstream issue:
https://github.com/OpenSC/OpenSC/issues/3495

On Ubuntu24.04 with FIPS enabled, openssl is segfaulting when using the pkcs11-tool -L command to list slots.

user1@ubuntu:~$ sudo pkcs11-tool -L
Segmentation fault

On Ubuntu vm (lxd or qemu) with fips enabled.
sudo pro attach <token uuid>
sudo pro enable fips-updates
sudo apt-get install opensc

Reboot vm
after logging in again, run the command
sudo pkcs11-tool -L

and we see the error Segmentation fault.

Expected Output
Available slots: /usr/bin/pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
Slot 0 (0x0): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface...
  token label : John Doe
  token manufacturer : Common Access Card
  token model : PKCS#15 emulated
  token flags : login required, PIN pad present, rng, token initialized, PIN initialized
  hardware version : 0.0
  firmware version : 0.0
  serial num : 000058bd002c19b5
  pin min/max : 4/8

Revision history for this message
Heather Lemon (hypothetical-lemon) wrote :
Changed in opensc (Ubuntu):
assignee: nobody → Heather Lemon (hypothetical-lemon)
status: New → In Progress
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.