Description of problem: The pkcs#11 opensc plugin corrupts the memory of firefox; it is thus unusable. Version-Release number of selected component (if applicable): opensc-0.13.0-11.fc20.x86_64 firefox-28.0-3.fc20.x86_64 [I have the same problem with the 32 bit version of the packages, though] How reproducible: Try to authenticate using a smartcard; the browser prompts for the pin of the card and shows the relative certificate; however, after the data have been confirmed, the memory of the browser is corrupted and either a) there is a segmentation fault and firefox closes b) no SSL using site is accessible and the error security library: memory allocation failure is presented Steps to Reproduce: 1. try to authenticate using a smartcard (pkcs#11, via opensc) on some site Actual results: Firefox crashes Expected results: Authentication is successful and firefox does not crash. Additional info: The card reader I use is Bus 006 Device 004: ID 058f:9520 Alcor Micro Corp. EMV Certified Smart Card Reader The actual smartcard is the italian "Regione lombardia CNS" (which is supported by opensc as "Italian CNS/CNR"). I point out that this configuration used to work last time I checked (I reckon it was between 4 and 6 months ago).
The error messages presented by firefox (when it does not crash right away) upon attempting a secure connection are: a) An error occurred during a connection to serviziweb2.inps.it. Received incorrect handshakes hash values from peer. (Error code: ssl_error_bad_handshake_hash_value) b) An error occurred during a connection to serviziweb2.inps.it. security library: memory allocation failure. (Error code: sec_error_no_memory) Actually, I suppose that the first error is due to memory corruption rather than a wrong hash being sent from the peer.
I have also opened an issue on the OpenSC bug tracker: https://github.com/OpenSC/OpenSC/issues/232
I add some further detail; perhaps the problem is with firefox NSS interface rather than opensc. 1) running opensc with debug options does not show anything abnormal 2) I have the exact same problem with the aurora version of firefox 3) usign opensc with google-chrome (after I enabled it with the following modutil -dbdir sql:.pki/nssdb/ -add "OpenSC" -libfile /usr/lib64/pkcs11/opensc-pkcs11.so ) does not show any corruption.
Should that be reassigned to firefox then? Note that the authors of opensc have a mode called opensc-onepin that enables some hacks especially for firefox. I don't know whether that is relevant with your case though: https://bugzilla.redhat.com/show_bug.cgi?id=1077167#c3
I agree that the bug should be reassigned.
(actually I have filed in the above referenced bug report on their bugzilla)
Let's track this upstream.