Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Opened: Oct 18, 2017 Severity: 4-Minor
The "fipskey" utility generates erroneous dlopen errors in /var/log/daemon.log when trying to open pkcs11_nethsm.so
Erroneous error messages.
Randomly reproduced by running "fipskey export 1 /var/tmp/otters" (even on a VE). Regardless of the error on the command-line, it will log the above in /var/log/daemon.log. It may occur due to FIPS appliance (built-in FIPS card), and various system utilities (e.g. mcpd) invoke "fipskey" directly. (MCPD invokes fipskey to re-generate DNSSEC-related FIPS keys.) Those operations succeed, but leave erroneous error messages in the log file while the FIPS library is starting up, and looking for a viable/functional FIPS shared library. (It keeps looking for a viable library even after logging a dlopen() error return value).
N/A
None