Qt Version: 5.15.0 Frameworks Version: 5.71.0 Operating System: Linux 5.7.4-arch1-1 x86_64 Windowing system: X11 Distribution: "Arch Linux" -- Information about the crash: - What I was doing when the application crashed: * Creating WPA2-Enterprise wifi connection with EAP-TLS, after selected the CA certificate file. * Viewing information of such wifi connection (manually created by nmcli, since kcm page kept crashing after selected the CA certificate file). The certificate file is self-signed, using ECDSA signature with SHA-384, contains only public key. Exported from macOS 10.15 "Keychain Access" application. `openssl x509 -in *********RootCert.crt -inform DER -text -noout` got: Certificate: Data: Version: 3 (0x2) Serial Number: <hidden> Signature Algorithm: ecdsa-with-SHA384 Issuer: C = <hidden>, ST = <hidden>, L = <hidden>, O = <hidden>, OU = <hidden>, CN = <hidden> Validity Not Before: <hidden> GMT Not After : <hidden> GMT Subject: C = <hidden>, ST = <hidden>, L = <hidden>, O = <hidden>, OU = <hidden>, CN = <hidden> Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: <hidden> ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: <hidden> Signature Algorithm: ecdsa-with-SHA384 <hidden> QCA version is 2.3.0. The crash can be reproduced every time. -- Backtrace: Application: System Settings Module (kcmshell5), signal: Segmentation fault [KCrash Handler] #4 0x00007fd9d4c47631 in QCA::PKey::type() const (this=<optimized out>) at /usr/src/debug/qca-2.3.0/src/qca_publickey.cpp:626 #5 QCA::PKey::type() const (this=<optimized out>) at /usr/src/debug/qca-2.3.0/src/qca_publickey.cpp:622 #6 0x00007fd9d4c4767a in QCA::PKey::isRSA() const (this=<optimized out>) at /usr/src/debug/qca-2.3.0/src/qca_publickey.cpp:636 #7 0x00007fd9d5064e19 in Security8021x::isValid() const () at /usr/lib/libplasmanm_editor.so #8 0x00007fd9d5093333 in SettingWidget::slotWidgetChanged() () at /usr/lib/libplasmanm_editor.so #9 0x00007fd9dc9cb906 in () at /usr/lib/libQt5Core.so.5 #10 0x00007fd9d503b923 in PasswordField::textChanged(QString const&) () at /usr/lib/libplasmanm_editor.so #11 0x00007fd9dc9cb906 in () at /usr/lib/libQt5Core.so.5 #12 0x00007fd9dd5a8313 in QLineEdit::textChanged(QString const&) () at /usr/lib/libQt5Widgets.so.5 #13 0x00007fd9dc9cb940 in () at /usr/lib/libQt5Core.so.5 #14 0x00007fd9dd5af106 in QWidgetLineControl::textChanged(QString const&) () at /usr/lib/libQt5Widgets.so.5 #15 0x00007fd9dd5b269e in QWidgetLineControl::finishChange(int, bool, bool) () at /usr/lib/libQt5Widgets.so.5 #16 0x00007fd9dd5b291e in QWidgetLineControl::internalSetText(QString const&, int, bool) () at /usr/lib/libQt5Widgets.so.5 #17 0x00007fd9d5061212 in Security8021x::loadSecrets(QSharedPointer<NetworkManager::Setting> const&) () at /usr/lib/libplasmanm_editor.so #18 0x00007fd9d50748cb in WifiSecurity::loadSecrets(QSharedPointer<NetworkManager::Setting> const&) () at /usr/lib/libplasmanm_editor.so #19 0x00007fd9d509848a in ConnectionEditorBase::replyFinished(QDBusPendingCallWatcher*) () at /usr/lib/libplasmanm_editor.so #20 0x00007fd9dc9cb906 in () at /usr/lib/libQt5Core.so.5 #21 0x00007fd9dda9f8e0 in QDBusPendingCallWatcher::finished(QDBusPendingCallWatcher*) () at /usr/lib/libQt5DBus.so.5 #22 0x00007fd9dc9c10b2 in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5 #23 0x00007fd9dd464702 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5 #24 0x00007fd9dc99469a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5 #25 0x00007fd9dc997183 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/libQt5Core.so.5 #26 0x00007fd9dc9edbd4 in () at /usr/lib/libQt5Core.so.5 #27 0x00007fd9daa4643c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0 #28 0x00007fd9daa93fa9 in () at /usr/lib/libglib-2.0.so.0 #29 0x00007fd9daa45221 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0 #30 0x00007fd9dc9ed211 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5 #31 0x00007fd9dc99301c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5 #32 0x00007fd9dc99b4a4 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5 #33 0x000055ebdbcc81d4 in () #34 0x00007fd9dc365002 in __libc_start_main () at /usr/lib/libc.so.6 #35 0x000055ebdbcc8bce in _start () [Inferior 1 (process 27871) detached]
Created attachment 129576 [details] Stacktrace with plasma-nm recompiled with debug symbols
Can you install debug symbols for qt-qca2? Any chance this or similar certificate can be downloaded somewhere so I can try?
(In reply to Jan Grulich from comment #2) > Can you install debug symbols for qt-qca2? Any chance this or similar > certificate can be downloaded somewhere so I can try? Debug symbols for `qca` (arch linux package name) is actually installed by recompiled it from source, enable "debug" and disable "strip" in /etc/makepkg.conf ------------ After investigation, seems that the crash is actually caused by private key, not CA certificate file. Test code: ``` #include <QtCrypto> #include <QDebug> int main() { QCA::Initializer init; qDebug() << "isSupported(\"pkcs12\"):" << QCA::isSupported("pkcs12"); // got "true" QCA::ConvertResult convRes; QCA::KeyBundle keyBundle = QCA::KeyBundle::fromFile("/opt/****/cert.p12", "************", &convRes); qDebug() << "convRes:" << convRes; // got "0" const QCA::PrivateKey pkey = keyBundle.privateKey(); // QCA::PrivateKey::canDecrypt() calls QCA::PrivateKey::isRSA() // which calls QCA::PrivateKey::type() // which calls `static_cast<const PKeyContext *>(context())->key()->type()` const QCA::Provider::Context *context = pkey.context(); auto pkey_context = static_cast<const QCA::PKeyContext *>(context); const QCA::PKeyBase *pkey_base = pkey_context->key(); // got nullptr const QCA::PKey::Type pkey_type = pkey_base->type(); // segmentation fault qDebug() << "pkey_type:" << pkey_type; return 0; } ```
I'm not that much familiar with QCA2, can you maybe open a bug there to see if this is something expected and problem on our side or if it's a bug there?
(In reply to Jan Grulich from comment #4) > I'm not that much familiar with QCA2, can you maybe open a bug there to see > if this is something expected and problem on our side or if it's a bug there? I'm also not familiar with QCA2 (didn't know what's it before investigate into this issue). I may try my best to find the root cause.
Turns out that it may be QCA2's fault. Stacktrace: #0 opensslQCAPlugin::MyPKeyContext::pkeyToBase #1 opensslQCAPlugin::MyPKCS12Context::fromPKCS12 #2 QCA::get_pkcs12_der #3 QCA::KeyBundle::fromFile In opensslQCAPlugin::MyPKeyContext::pkeyToBase, the pkey_type it got was 408, which is EVP_PKEY_EC. pkeyToBase only supports EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_DH. For unknown types, it returns nullptr, and opensslQCAPlugin::MyPKCS12Context::fromPKCS12 doesn't check the return value. That nullptr is what we get from pkey_context->key(). Have no idea if it's intended or it's a bug. I may open another bug for QCA2 later.
QCA bug opened at https://bugs.kde.org/show_bug.cgi?id=423355.
Manually patched https://invent.kde.org/libraries/qca/-/merge_requests/30 to qca 2.3.0 and plasma-nm didn't crash any more, so mark this bug as RESOLVED FIXED as well.
Great. Thank you for your collaboration.