This is specific to interface between PKCS#11 provider and SoftHSM module.
Impacted - PKIX-SSH regression test "pkcs11_prov" when PKCS#11 provider and SoftHSM module are build from current (March 2026) code. Crash with OpenSSL either 3.5* or 3.6* releases (it seem to me is OpenSSL is not related).
Test pass with about one year old provider and module releases .
Also test pkcs11 (direct) and pkcs11_eng(engine) pass.
backtrace (dunno why softhsm is not dereferenced):
#0 0x00007f464e746be0 in ?? () from ..../libsofthsm2.so
#1 0x00007f464ee969de in p11prov_SessionCancel (ctx=0x608f0b0, hSession=hSession@entry=12, flags=2048) at src/interface.gen.c:1407
#2 0x00007f464eeb676f in p11prov_sig_freectx (ctx=0x61b2ef0) at src/sig/signature.c:224
#3 0x00007f464ea43fd5 in evp_pkey_ctx_free_old_ops (ctx=0x61865e0) at crypto/evp/pmeth_lib.c:362
#4 0x00007f464ea44109 in EVP_PKEY_CTX_free (ctx=0x61865e0) at crypto/evp/pmeth_lib.c:397
#5 0x00007f464ea0fe99 in evp_md_ctx_reset_ex (keep_fetched=0, ctx=ctx@entry=0x61b4ab0) at crypto/evp/digest.c:86
#6 EVP_MD_CTX_reset (ctx=ctx@entry=0x61b4ab0) at crypto/evp/digest.c:100
#7 0x00007f464ea0febe in EVP_MD_CTX_free (ctx=0x61b4ab0) at crypto/evp/digest.c:139
#8 0x000000000043d21a in ssh_pkey_sign (dgst=dgst@entry=0x7ffd4f01dd00, privkey=, sig=sig@entry=0x0, siglen=siglen@entry=0x7ffd4f01dcf8, data=data@entry=0x61af830 "", datalen=datalen@entry=6196)
src/interface.gen.c:1407
ret = intf->SessionCancel(hSession, flags);
PKCS#11 provider section from OpenSSL configuration:
module = ..../pkcs11.so
pkcs11-module-path = ..../libsofthsm2.so
# NOTE: Do not cache session, otherwise "digest sign update" will fail!
pkcs11-module-cache-sessions = 0
activate = 1
Remark: not tested yet if issue with cached session is resolved
This is specific to interface between PKCS#11 provider and SoftHSM module.
Impacted - PKIX-SSH regression test "pkcs11_prov" when PKCS#11 provider and SoftHSM module are build from current (March 2026) code. Crash with OpenSSL either 3.5* or 3.6* releases (it seem to me is OpenSSL is not related).
Test pass with about one year old provider and module releases .
Also test pkcs11 (direct) and pkcs11_eng(engine) pass.
backtrace (dunno why softhsm is not dereferenced):
#0 0x00007f464e746be0 in ?? () from ..../libsofthsm2.so
#1 0x00007f464ee969de in p11prov_SessionCancel (ctx=0x608f0b0, hSession=hSession@entry=12, flags=2048) at src/interface.gen.c:1407
#2 0x00007f464eeb676f in p11prov_sig_freectx (ctx=0x61b2ef0) at src/sig/signature.c:224
#3 0x00007f464ea43fd5 in evp_pkey_ctx_free_old_ops (ctx=0x61865e0) at crypto/evp/pmeth_lib.c:362
#4 0x00007f464ea44109 in EVP_PKEY_CTX_free (ctx=0x61865e0) at crypto/evp/pmeth_lib.c:397
#5 0x00007f464ea0fe99 in evp_md_ctx_reset_ex (keep_fetched=0, ctx=ctx@entry=0x61b4ab0) at crypto/evp/digest.c:86
#6 EVP_MD_CTX_reset (ctx=ctx@entry=0x61b4ab0) at crypto/evp/digest.c:100
#7 0x00007f464ea0febe in EVP_MD_CTX_free (ctx=0x61b4ab0) at crypto/evp/digest.c:139
#8 0x000000000043d21a in ssh_pkey_sign (dgst=dgst@entry=0x7ffd4f01dd00, privkey=, sig=sig@entry=0x0, siglen=siglen@entry=0x7ffd4f01dcf8, data=data@entry=0x61af830 "", datalen=datalen@entry=6196)
src/interface.gen.c:1407
ret = intf->SessionCancel(hSession, flags);
PKCS#11 provider section from OpenSSL configuration:
Remark: not tested yet if issue with cached session is resolved