Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-109017

pkcsslotd service fails to start in FIPS [rhel-10.1]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-10.1
    • rhel-10.1
    • opencryptoki
    • None
    • opencryptoki-3.25.0-5.el10
    • No
    • Moderate
    • 1
    • rhel-base-utils-antfarm
    • 26
    • 0
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • BaseUtilsAF Sprint 00_CY25
    • Release Note Not Required
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      While running this test on testing farm on RHEL-9.7 with FIPS enabled I hit a failure pkcsslotd failed to start 

      Please provide the package NVR for which the bug is seen:

      opencryptoki-3.25.0-3.el9.x86_64

      How reproducible is this bug?:

      always

      set rhel-9.7 machine in FIPS mode

      Steps to reproduce

      1. cat /proc/sys/crypto/fips_enabled
        1
      2. systemctl status pkcsslotd
      3. systemctl start pkcsslotd

      Expected results

      service pkcsslotd starts successfully 

      Actual results

      × pkcsslotd.service - Daemon which manages cryptographic hardware tokens for the openCryptoki package
           Loaded: loaded (/usr/lib/systemd/system/pkcsslotd.service; enabled; preset: disabled)
           Active: failed (Result: exit-code) since Wed 2025-08-13 10:07:01 UTC; 1min 11s ago
          Process: 748 ExecStart=/usr/sbin/pkcsslotd (code=exited, status=13)
              CPU: 115ms

      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f systemd[1]: Starting Daemon which manages cryptographic hardware tokens for the openCryptoki package...
      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f pkcsslotd[748]: EVP_DigestInit() failed: rc = 0
      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f pkcsslotd[748]: Error calculating MD5 of token name!
      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f systemd[1]: pkcsslotd.service: Control process exited, code=exited, status=13/n/a
      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f systemd[1]: pkcsslotd.service: Failed with result 'exit-code'.
      Aug 13 10:07:01 dc6d59dc-ace7-4ff5-bc97-cb172186460f systemd[1]: Failed to start Daemon which manages cryptographic hardware tokens for the openCryptoki package.

       

      This happens also in RHEL-10.1 https://artifacts.osci.redhat.com/testing-farm/682cff90-d867-4f74-8184-a5fcb1c6104f/

      RHEL-9.7 test run: https://reportportal-rhel.apps.dno.ocp-hub.prod.psi.redhat.com/ui/#baseosqe/launches/all/23184/1835824/1835875/log?item0Params=page.page%3D1%26filter.cnt.name%3Dfips-enabled-buildroot-disabled%252Ftier2&item1Params=filter.eq.hasStats%3Dtrue%26filter.eq.hasChildren%3Dfalse%26filter.in.issueType%3Dti001 

              than@redhat.com Than Ngo
              rh-ee-mbezokon Miluse Bezo Konecna
              Than Ngo Than Ngo
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: