Bug 1760751 - openssl fails with PKCS#11 URIs without module specification
Summary: openssl fails with PKCS#11 URIs without module specification
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl-pkcs11
Version: 30
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Anderson Sasaki
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1705505
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-11 09:03 UTC by Anderson Sasaki
Modified: 2019-10-26 17:25 UTC (History)
4 users (show)

Fixed In Version: openssl-pkcs11-0.4.10-3.fc30 openssl-pkcs11-0.4.10-3.fc29 openssl-pkcs11-0.4.10-3.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1705505
Environment:
Last Closed: 2019-10-19 17:41:38 UTC


Attachments (Terms of Use)

Description Anderson Sasaki 2019-10-11 09:03:08 UTC
Description of problem:
If we provide openssl PKCS#11 URI such as "pkcs11:type=private", it is not able use the referenced object.

Version-Release number of selected component (if applicable):
openssl-pkcs11-0.4.10-1.fc30.x86_64
softhsm-2.5.0-3.fc30.1.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. set up softhsm token with private key; echo "secret" >in.txt
2. openssl pkeyutl -engine pkcs11 -keyform engine -inkey 'pkcs11:token=softhsm;type=private?pin-value=123456' -encrypt -out output.bin -in in.txt
3. openssl pkeyutl -engine pkcs11 -keyform engine -inkey 'pkcs11:type=private?pin-value=123456' -encrypt -out output.bin -in in.txt

Actual results:
3: fails
engine "pkcs11" set.
Found uninitialized token
Unable to check if already logged in
Login failed
Login to token failed, returning NULL...
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
139878332770112:error:820780E1:PKCS#11 module:pkcs11_open_session:PKCS#11 token not recognized:p11_slot.c:161:
139878332770112:error:820780E1:PKCS#11 module:pkcs11_open_session:PKCS#11 token not recognized:p11_slot.c:161:
139878332770112:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:77:
unable to load Private Key
pkeyutl: Error initializing context
Segmentation fault (core dumped)

Expected results:
both 2. and 3. pass

Comment 1 Fedora Update System 2019-10-11 14:10:20 UTC
FEDORA-2019-8beaeedf08 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8beaeedf08

Comment 2 Fedora Update System 2019-10-11 14:11:02 UTC
FEDORA-2019-6b0df61357 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6b0df61357

Comment 3 Fedora Update System 2019-10-11 14:11:56 UTC
FEDORA-2019-747809e4c5 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-747809e4c5

Comment 4 Fedora Update System 2019-10-11 16:54:07 UTC
openssl-pkcs11-0.4.10-3.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-747809e4c5

Comment 5 Fedora Update System 2019-10-12 01:14:55 UTC
openssl-pkcs11-0.4.10-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6b0df61357

Comment 6 Fedora Update System 2019-10-12 02:02:40 UTC
openssl-pkcs11-0.4.10-3.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8beaeedf08

Comment 7 Fedora Update System 2019-10-19 17:41:38 UTC
openssl-pkcs11-0.4.10-3.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2019-10-19 17:45:07 UTC
openssl-pkcs11-0.4.10-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2019-10-26 17:25:08 UTC
openssl-pkcs11-0.4.10-3.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.