Skip to content

SoftHsm2 does not behave the same on ARM64 compared to X64 #803

New issue
New issue
Open
Open
SoftHsm2 does not behave the same on ARM64 compared to X64#803
@qathy

Description

@qathy
qathy
opened on Jul 28, 2025

Hello,

I'm currently facing a strange discrepancy when using https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/s/softhsm-2.6.1-5.el8.1.x86_64.rpm and https://dl.fedoraproject.org/pub/epel/8/Everything/aarch64/Packages/s/softhsm-2.6.1-5.el8.1.aarch64.rpm

More precisely, x86_64 version behave as expected regarding EC key generation and public key access whereas aarch64 version allow generation but not public key access:

pkcs11-tool --module /usr/lib64/libsofthsm2.so --token-label test1 --keypairgen --key-type EC:secp521r1 --usage-derive --label test-ec-521 --id 3333333333 --sensitive -l -p 22222222

Key pair generated:
Private Key Object; EC
  label:      test-ec-521
  ID:         3333333333
  Usage:      decrypt, sign, unwrap, derive
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC  EC_POINT 528 bits
  EC_POINT:   048185040074708900a00254ef87ddcc66597a60951357680a245622c8baf5788f45dbeb2e5769aea9e9fa8ada11019a6285adc4734769ff51388fc7c037c18e78873424a014007a43a5ad9232bae4dabf4bc21f4a3b96bce47066b49645ee3d40b3fc166aad5cf3420167bb04840c1781e32de85024f8c0cbae36a63934fd0c48721219dcce7ad4
  EC_PARAMS:  06052b81040023
  label:      test-ec-521
  ID:         3333333333
  Usage:      encrypt, verify, wrap, derive
  Access:     local

pkcs11-tool --module /usr/lib64/libsofthsm2.so --token-label test1 -y pubkey -r --label test-ec-521
error: cannot create EVP_PKEY
Aborting.

pkcs11-tool --module /usr/lib64/libsofthsm2.so --token-label test2 --keypairgen --key-type EC:secp384r1 --usage-derive --label test-ec-384 --id 4444444444 --sensitive -l -p 33333333

Key pair generated:
Private Key Object; EC
  label:      test-ec-384
  ID:         4444444444
  Usage:      decrypt, sign, unwrap, derive
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC  EC_POINT 384 bits
  EC_POINT:   046104d9f8bcd72bc9a344c41d092d967ea9d274903b2b587cba29665607b0d2820c849bf3f28755a2a2f0a904365751f7e74dfa738021ed14e688348ffb86b111cbc69a43649501e10449505153e2f47ba42d4ea4a105916674cfbdcec5cf45688061
  EC_PARAMS:  06052b81040022
  label:      test-ec-384
  ID:         4444444444
  Usage:      encrypt, verify, wrap, derive
  Access:     local

pkcs11-tool --module /usr/lib64/libsofthsm2.so --token-label test2 -y pubkey -r --label test-ec-384
error: cannot create EVP_PKEY
Aborting.

[edit] the above failed behavior is experienced on rocky9 for arm64, but on rocky8 for arm64, it behaves as expected: public EC keys are correctly obtained.

Is there any plan for a fix to allow proper behavior on rocky9 for arm64?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions