pkcs11-tool is sending null sha-1 digest to Openssl on FIPS enabled ubuntu 24.04
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
opensc (Ubuntu) | Status tracked in Resolute | |||||
Noble |
New
|
Undecided
|
Unassigned | |||
Plucky |
New
|
Undecided
|
Unassigned | |||
Questing |
New
|
Undecided
|
Unassigned | |||
Resolute |
In Progress
|
Medium
|
Heather Lemon |
Bug Description
release: ubuntu 24.04 noble
opensc package version: 0.25.0~
0.25.0~rc1-1build2 both versions are affected.
openssl version: 3.0.13-
Sru backport from upstream issue:
https:/
On Ubuntu24.04 with FIPS enabled, openssl is segfaulting when using the pkcs11-tool -L command to list slots.
user1@ubuntu:~$ sudo pkcs11-tool -L
Segmentation fault
On Ubuntu vm (lxd or qemu) with fips enabled.
sudo pro attach <token uuid>
sudo pro enable fips-updates
sudo apt-get install opensc
Reboot vm
after logging in again, run the command
sudo pkcs11-tool -L
and we see the error Segmentation fault.
Expected Output
Available slots: /usr/bin/
Slot 0 (0x0): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface...
token label : John Doe
token manufacturer : Common Access Card
token model : PKCS#15 emulated
token flags : login required, PIN pad present, rng, token initialized, PIN initialized
hardware version : 0.0
firmware version : 0.0
serial num : 000058bd002c19b5
pin min/max : 4/8