Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-107058

Softhsm in CentOS 9 relies on RDRAND engine

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-9.8
    • CentOS Stream 9, rhel-9.7
    • softhsm
    • No
    • Important
    • 2
    • rhel-idm-ipa
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • IPA: RHELs for 10.2 and 9.8, 2025-IDM-IPA-S2
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      I'm backporting pkcs11-provider to RHEL9 and get a test failure (https://github.com/latchset/pkcs11-provider/issues/606
      Looks like the problem is caused by 

      A00BC0B6FFFF0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/engines-3/rdrand.so): /usr/lib64/engines-3/rdrand.so: cannot open shared object file: No such file or directory^M
A00BC0B6FFFF0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:147:^M
A00BC0B6FFFF0000:error:13000084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:438:^M
A00BC0B6FFFF0000:error:13000074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:475:id=rdrand^M

      Applying `softhsm-disable-usage-of-openssl-engines.patch` from c10s to c9s  and building softhsm with no-engine seems to resolve the issue.

      The problem doesn't occur on x86_64

        1. rdrand-softhsm.patch
          3 kB

              rjeffman@redhat.com Rafael Jeffman
              dbelyavs@redhat.com Dmitry Belyavskiy
              Alexander Bokovoy Alexander Bokovoy
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: