Hide Forgot
Description of problem: # OPENSSL_CONF=openssl.cnf.sample.s390x openssl engine -c (dynamic) Dynamic engine loading support (ibmpkcs11) PKCS#11 hardware engine support [RSA, RAND, DES-ECB, DES-CBC, DES-EDE3, DES-EDE3-CBC, AES-128-ECB, AES-128-CBC, AES-192-ECB, AES-192-CBC, AES-256-ECB, AES-256-CBC, MD5, SHA1, RSA-SHA1, hmacWithSHA1, SHA256, SHA384, SHA512, SHA224] 4395914725152:error:26078067:engine routines:engine_list_add:conflicting engine id:crypto/engine/eng_list.c:65: 4395914725152:error:2606906E:engine routines:ENGINE_add:internal list error:crypto/engine/eng_list.c:225: 4395914725152:error:260B6067:engine routines:dynamic_load:conflicting engine id:crypto/engine/eng_dyn.c:502: 4395914725152:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=ibmpkcs11_section, name=dynamic_path, value=/usr/lib64/engines-1.1/ibmpkcs11.so 4395914725152:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:176:module=engines, value=engine_section, retcode=-1 /var/log/messages contains: Jul 19 10:15:09 ibm-z-143 pkcsconf[63118]: apiutil.c DL_Load: dlopen() failed for [libpkcs11_tpm.so]; dlerror = [libpkcs11_tpm.so: cannot open shared object file: No such file or directory] Jul 19 10:15:09 ibm-z-143 pkcsconf[63118]: apiutil.c DL_Load: dlopen() failed for [libpkcs11_ica.so]; dlerror = [libpkcs11_ica.so: cannot open shared object file: No such file or directory] Jul 19 10:15:09 ibm-z-143 pkcsconf[63118]: apiutil.c DL_Load: dlopen() failed for [libpkcs11_cca.so]; dlerror = [libpkcs11_cca.so: cannot open shared object file: No such file or directory] Jul 19 10:15:09 ibm-z-143 pkcsconf[63118]: apiutil.c DL_Load: dlopen() failed for [libpkcs11_ep11.so]; dlerror = [libpkcs11_ep11.so: cannot open shared object file: No such file or directory] I do not have other opencryptoki subpackages installed, only -libs and -swtok. However even if the other subpackages are installed and pkcsslotd restarted, the error remains. # rpm -q opencryptoki-swtok openssl openssl-ibmpkcs11 opencryptoki-swtok-3.10.0-3.el8.s390x openssl-1.1.1-8.el8.s390x openssl-ibmpkcs11-1.0.2-1.el8.s390x # pkcsconf -t -c 3 Token #3 Info: Label: ibmtest Manufacturer: IBM Corp. Model: IBM SoftTok Serial Number: 123 Flags: 0x44D (RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED) Sessions: 0/18446744073709551614 R/W Sessions: 18446744073709551615/18446744073709551614 PIN Length: 4-8 Public Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF Private Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF Hardware Version: 1.0 Firmware Version: 1.0 Time: 10:22:24 # pkcsconf -i PKCS#11 Info Version 2.20 Manufacturer: IBM Flags: 0x0 Library Description: Meta PKCS11 LIBRARY Library Version 3.10 [root@ibm-z-143 tmp.AixJk5lsp8]# pkcsconf -s 3 Slot #3 Info Description: Linux Manufacturer: IBM Flags: 0x1 (TOKEN_PRESENT) Hardware Version: 0.0 Firmware Version: 0.0 # cat openssl.cnf.sample.s390x # # OpenSSL example configuration file. This file will load the engine # for all operations that the engine implements for all apps that # have OpenSSL config support compiled into them. # # Adding OpenSSL config support is as simple as adding the following line to # the app: # # #define OPENSSL_LOAD_CONF 1 # openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] ibmpkcs11 = ibmpkcs11_section [ibmpkcs11_section] SLOT_ID=3 dynamic_path = /usr/lib64/engines-1.1/ibmpkcs11.so engine_id = ibmpkcs11 # # The following algorithms will be enabled by these parameters # to the default_algorithms line. Any combination of these is valid, # with "ALL" denoting the same as all of them in a comma separated # list. # # RSA # - RSA encrypt, decrypt, sign and verify, key lengths 512-4096 # # RAND # - Hardware random number generation # # CIPHERS # - DES-ECB, DES-CBC, DES-EDE3, DES-EDE3-CBC, AES-128-ECB, AES-128-CBC, # AES-192-ECB, AES-192-CBC, AES-256-ECB, AES-256-CBC symmetric crypto # # DIGESTS # - SHA1, SHA256 digests # default_algorithms = ALL #default_algorithms = RAND,RSA,CIPHERS,DIGESTS init = 1
reproduced on Fedora and reported upstream
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.