Bug 1760751

Summary: openssl fails with PKCS#11 URIs without module specification
Product: [Fedora] Fedora Reporter: Anderson Sasaki <ansasaki>
Component: openssl-pkcs11Assignee: Anderson Sasaki <ansasaki>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 30CC: ansasaki, crypto-team, qe-baseos-security, szidek
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-pkcs11-0.4.10-3.fc30 openssl-pkcs11-0.4.10-3.fc29 openssl-pkcs11-0.4.10-3.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1705505 Environment:
Last Closed: 2019-10-19 17:41:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1705505    
Bug Blocks:    

Description Anderson Sasaki 2019-10-11 09:03:08 UTC 
Description of problem:
If we provide openssl PKCS#11 URI such as "pkcs11:type=private", it is not able use the referenced object.

Version-Release number of selected component (if applicable):
openssl-pkcs11-0.4.10-1.fc30.x86_64
softhsm-2.5.0-3.fc30.1.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. set up softhsm token with private key; echo "secret" >in.txt
2. openssl pkeyutl -engine pkcs11 -keyform engine -inkey 'pkcs11:token=softhsm;type=private?pin-value=123456' -encrypt -out output.bin -in in.txt
3. openssl pkeyutl -engine pkcs11 -keyform engine -inkey 'pkcs11:type=private?pin-value=123456' -encrypt -out output.bin -in in.txt

Actual results:
3: fails
engine "pkcs11" set.
Found uninitialized token
Unable to check if already logged in
Login failed
Login to token failed, returning NULL...
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
139878332770112:error:820780E1:PKCS#11 module:pkcs11_open_session:PKCS#11 token not recognized:p11_slot.c:161:
139878332770112:error:820780E1:PKCS#11 module:pkcs11_open_session:PKCS#11 token not recognized:p11_slot.c:161:
139878332770112:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:77:
unable to load Private Key
pkeyutl: Error initializing context
Segmentation fault (core dumped)

Expected results:
both 2. and 3. pass
Comment 1 Fedora Update System 2019-10-11 14:10:20 UTC 
FEDORA-2019-8beaeedf08 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8beaeedf08
Comment 2 Fedora Update System 2019-10-11 14:11:02 UTC 
FEDORA-2019-6b0df61357 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6b0df61357
Comment 3 Fedora Update System 2019-10-11 14:11:56 UTC 
FEDORA-2019-747809e4c5 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-747809e4c5
Comment 4 Fedora Update System 2019-10-11 16:54:07 UTC 
openssl-pkcs11-0.4.10-3.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-747809e4c5
Comment 5 Fedora Update System 2019-10-12 01:14:55 UTC 
openssl-pkcs11-0.4.10-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6b0df61357
Comment 6 Fedora Update System 2019-10-12 02:02:40 UTC 
openssl-pkcs11-0.4.10-3.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8beaeedf08
Comment 7 Fedora Update System 2019-10-19 17:41:38 UTC 
openssl-pkcs11-0.4.10-3.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-10-19 17:45:07 UTC 
openssl-pkcs11-0.4.10-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2019-10-26 17:25:08 UTC 
openssl-pkcs11-0.4.10-3.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.