-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
None
-
No
-
Low
-
1
-
rhel-sst-security-crypto
-
ssg_security
-
24
-
26
-
None
-
False
-
-
None
-
Crypto25Q1
-
None
-
None
-
-
All
-
None
What were you trying to do that didn't work?
When we are running pcks11-provider and FIPS mode is enabled, the provider is loaded by OpenSSL but none of the functions are FIPS compatible so none of them is called or used. Trying to load a pkcs11 URI makes OpenSSL fall back to the default provider and try to open it as a file. This fails and the "Failed to open OpenSSL store: error:8000000D:system library::Permission denied" error message is printed.
Upstream bugs: https://github.com/latchset/pkcs11-provider/issues/469 and https://github.com/latchset/pkcs11-provider/issues/164
What is the impact of this issue to you?
Moderate
Please provide the package NVR for which the bug is seen:
pkcs11-provider-0.5-7
How reproducible is this bug?:
Always
Expected results
The pcks11 keys (both RSA and ECDSA) should be able to be loaded by the pcks11-provider in FIPS mode.
Actual results
The pcks11 keys (both RSA and ECDSA) are not able to be loaded by the pcks11-provider in FIPS mode.