sbsign crashes in pkcs11.so while signing an (EFI) image

[DimanNe]

Try signing a file using sbsign where key is stored on a Yubikey, it will crash:

sbsign --engine pkcs11 --key 'pkcs11:manufacturer=piv_II;id=%02' --cert ./sb/db.crt --output ./sb/secboot-linux-latest.efi.signed ./sb/secboot-linux-latest.efi

gdb shows this backtrace:

Thread 1 "sbsign" received signal SIGSEGV, Segmentation fault.
0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
(gdb) bt
#0 0x00007ffff7faf1fe in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#1 0x00007ffff7faf962 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#2 0x00007ffff7fb5567 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#3 0x00007ffff7fb58b0 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#4 0x00007ffff7fb3731 in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#5 0x00007ffff7fb37bb in ?? () from /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
#6 0x00007ffff7d1eed6 in RSA_sign (type=<optimised out>, m=m@entry=0x7fffffffdb80 "\224t&n\257>Y$\377...", m_len=m_len@entry=32,
    sigret=sigret@entry=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdb14, rsa=rsa@entry=0x5555555f4270) at ../crypto/rsa/rsa_sign.c:309
#7 0x00007ffff7d1d5a2 in pkey_rsa_sign (ctx=0x5555555eb5d0, sig=0x5555555f89a0 "\330\322\n", siglen=0x7fffffffdc30,
    tbs=0x7fffffffdb80 "\224t&n\257>Y$\377...", tbslen=32) at ../crypto/rsa/rsa_pmeth.c:180
#8 0x00007ffff7c06817 in EVP_DigestSignFinal (ctx=ctx@entry=0x5555555d8c50, sigret=0x5555555f89a0 "\330\322\n", siglen=siglen@entry=0x7fffffffdc30) at ../crypto/evp/m_sigver.c:560
#9 0x00007ffff7cfdcbc in PKCS7_SIGNER_INFO_sign (si=si@entry=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:952
#10 0x00007ffff7cfdf9d in do_pkcs7_signed_attrib (mctx=<optimised out>, si=0x5555555a85f0) at ../crypto/pkcs7/pk7_doit.c:728
#11 PKCS7_dataFinal (p7=p7@entry=0x5555555f3520, bio=bio@entry=0x5555555a8640) at ../crypto/pkcs7/pk7_doit.c:850
#12 0x0000555555557c40 in IDC_set (image=<optimised out>, si=0x5555555a85f0, p7=0x5555555f3520) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/idc.c:216
#13 main (argc=<optimised out>, argv=<optimised out>) at /usr/src/sbsigntool-0.9.4-3.1ubuntu7/src/sbsign.c:274
(gdb)

These are logs just before crash:

P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x4)
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x4) 0
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x5)
P:169928; T:0x133947370026816 16:44:23.956 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x5) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x6)
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x6) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x7)
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x7) 0
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:169928; T:0x133947370026816 16:44:23.957 [opensc-pkcs11] reader-pcsc.c:978:pcsc_finish: called
fish: Job 1, 'sbsign --engine pkcs11 --key 'p…' terminated by signal SIGSEGV (Address boundary error)