Cosign signs successfully on Windows but fails on Ubuntu 24 when using PKCS#11/HSM #4540
Description
Description
I encounter this error when trying to use Cosign to sign with the HSM. I’ve already checked the slot and objects with pkcs11-tool, and everything looks fine.
What’s strange is that with the same Cosign version (v3.0.2) I can sign successfully on Windows, but I get the error below when trying on Ubuntu (Ubuntu 24).
Could you please help me check this?
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x260f596] goroutine 1 [running]: github.com/sigstore/cosign/v3/pkg/cosign/pkcs11key.(*Key).PublicKey(0x12835b01d807aa98?, {0xc000002380?, 0x80deb1fe72be5d74?, 0xc19bf1749bdc06a7?}) /opt/cosign/cosign/pkg/cosign/pkcs11key/pkcs11key.go:199 +0x16 github.com/sigstore/cosign/v3/internal/key.(*SignerVerifierKeypair).GetPublicKeyPem(0x300000002?) /opt/cosign/cosign/internal/key/svkeypair.go:115 +0x22 github.com/sigstore/cosign/v3/pkg/cosign/bundle.SignData({0x49d3970, 0xc000413ce0}, {0x49a7678, 0xc000b3e000?}, {0x49e4780, 0xc000b9e580}, {0x0?, 0x0?}, 0xc000775290, {0x49dad80, ...}) /opt/cosign/cosign/pkg/cosign/bundle/sign.go:57 +0x476 github.com/sigstore/cosign/v3/cmd/cosign/cli/sign.SignBlobCmd(_, {0x0, {0x0, 0x0}, {0x7ffe1511735d, 0x45}, {0x4048341, 0x1b}, {0x404394e, 0x1a}, ...}, ...) /opt/cosign/cosign/cmd/cosign/cli/sign/sign_blob.go:98 +0x6cc github.com/sigstore/cosign/v3/cmd/cosign/cli.SignBlob.func2(0xc0008a8908?, {0xc000816ba0, 0x1, 0x3fff29a?}) /opt/cosign/cosign/cmd/cosign/cli/signblob.go:168 +0x7be github.com/spf13/cobra.(*Command).execute(0xc0008a8908, {0xc000816b40, 0x6, 0x6}) /root/go/pkg/mod/github.com/spf13/[email protected]/command.go:1015 +0xaaa github.com/spf13/cobra.(*Command).ExecuteC(0xc00084ec08) /root/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x46f github.com/spf13/cobra.(*Command).Execute(0x0?) /root/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071 +0x13 main.main() /opt/cosign/cosign/cmd/cosign/main.go:64 +0x44f