Description of problem: I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro. Version-Release number of selected component: opensc-0.23.0-3.fc38 Additional info: reporter: libreport-2.17.9 type: CCpp reason: pkcs11-tool killed by SIGABRT journald_cursor: s=7e20d1102e0a4c84aee515be2aa44067;i=bda73;b=4c0e4e5a3abf4f59a1f38d6b4f496033;m=5517bee92;t=5fa6e37806baf;x=3d7ab7b083867fba executable: /usr/bin/pkcs11-tool cmdline: pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048 cgroup: 0::/user.slice/user-1000.slice/user/app.slice/vte-spawn-bd8e100e-7009-41db-89f7-fd2f522a6add.scope rootdir: / uid: 1000 kernel: 6.2.12-300.fc38.x86_64 package: opensc-0.23.0-3.fc38 runlevel: N 5 backtrace_rating: 4 crash_function: memcpy comment: I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro. Truncated backtrace: Thread no. 1 (12 frames) #7 memcpy at /usr/include/bits/string_fortified.h:29 #8 pgp_calculate_and_store_fingerprint at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:2704 #9 pgp_parse_and_set_pubkey_output at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:2930 #10 pgp_gen_key at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:3073 #11 pgp_card_ctl at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card-openpgp.c:3564 #12 sc_card_ctl at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/libopensc/card.c:1065 #13 openpgp_generate_key_rsa at ../pkcs15init/pkcs15-openpgp.c:250 #14 openpgp_generate_key at ../pkcs15init/pkcs15-openpgp.c:378 #15 sc_pkcs15init_generate_key at ../pkcs15init/pkcs15-lib.c:1611 #16 pkcs15_gen_keypair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/pkcs11/framework-pkcs15.c:3335 #17 C_GenerateKeyPair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/pkcs11/pkcs11-object.c:1180 #19 gen_keypair at /usr/src/debug/opensc-0.23.0-3.fc38.x86_64/src/tools/pkcs11-tool.c:3121
Created attachment 1960941 [details] File: proc_pid_status
Created attachment 1960942 [details] File: maps
Created attachment 1960943 [details] File: limits
I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro. reporter: libreport-2.17.9 type: CCpp reason: pkcs11-tool killed by SIGABRT journald_cursor: s=7e20d1102e0a4c84aee515be2aa44067;i=bda73;b=4c0e4e5a3abf4f59a1f38d6b4f496033;m=5517bee92;t=5fa6e37806baf;x=3d7ab7b083867fba executable: /usr/bin/pkcs11-tool cmdline: pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048 cgroup: 0::/user.slice/user-1000.slice/user/app.slice/vte-spawn-bd8e100e-7009-41db-89f7-fd2f522a6add.scope rootdir: / uid: 1000 kernel: 6.2.12-300.fc38.x86_64 package: opensc-0.23.0-3.fc38 runlevel: N 5 backtrace_rating: 4 crash_function: memcpy comment: I executed the command `pkcs11-tool -l --login-type so --so-pin 12345678 --keypairgen --key-type rsa:2048` to generate a new key on the smartcard. The connected smartcard was a Nitrokey Pro.
Thank you for the bug report and reproducer! If I see right, the same code is in the upstream OpenSC so it will likely be an issue in there too. Can you open a new issue in https://github.com/OpenSC/OpenSC/ I unfortunately do not have Nitrokey Pro to check what is going on there, but I assume some sanity check for the results of the conversion in ushort2bebytes() is needed.
This was reported upstream as https://github.com/OpenSC/OpenSC/issues/2775 and fixed with the following commit: https://github.com/OpenSC/OpenSC/commit/e8fba322a2f4d06ec5c74fe80f9e2b0e9fdefec6 Do you need a fix in some particular version of Fedora or is it ok to wait for the next upstream release (which should happen hopefully in autumn)?
The next upstream release is enough. Thank you!
FEDORA-2023-c7e4c9af51 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c7e4c9af51
FEDORA-2023-a854153d7a has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a854153d7a
FEDORA-2023-a854153d7a has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a854153d7a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a854153d7a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-c7e4c9af51 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c7e4c9af51` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c7e4c9af51 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-a854153d7a has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-c7e4c9af51 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.