Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68621

pcks11-provider doesn't work when FIPS mode is enabled

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.0
    • rhel-10.0.beta
    • pkcs11-provider
    • None
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 24
    • 26
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto25Q1
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      When we are running pcks11-provider and FIPS mode is enabled, the provider is loaded by OpenSSL but none of the functions are FIPS compatible so none of them is called or used. Trying to load a pkcs11 URI makes OpenSSL fall back to the default provider and try to open it as a file. This fails and the "Failed to open OpenSSL store: error:8000000D:system library::Permission denied" error message is printed.

      Upstream bugs: https://github.com/latchset/pkcs11-provider/issues/469 and https://github.com/latchset/pkcs11-provider/issues/164

      What is the impact of this issue to you?

      Moderate

      Please provide the package NVR for which the bug is seen:

      pkcs11-provider-0.5-7

      How reproducible is this bug?:

      Always

      Expected results

       The pcks11 keys (both RSA and ECDSA) should be able to be loaded by the pcks11-provider in FIPS mode.

      Actual results

       The pcks11 keys (both RSA and ECDSA) are not able to be loaded by the pcks11-provider in FIPS mode.

              rhn-engineering-ssorce Simo Sorce
              rh-ee-gpantela George Pantelakis
              Simo Sorce Simo Sorce
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: