Public bug reported: This bug was encountered in Ubuntu 24.04. It worked problem free in earlier versions of Ubuntu.
cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=24.04 DISTRIB_CODENAME=noble DISTRIB_DESCRIPTION="Ubuntu 24.04 LTS" The packaged version of libengine-pkcs11-openssl is: apt list -a libengine-pkcs11-openssl Listing... Done libengine-pkcs11-openssl/noble,now 0.4.12-1.1build2 amd64 [installed] This version has an incompatibility with the osslsigncode version available apt list -a osslsigncode Listing... Done osslsigncode/noble,now 2.8-2 amd64 [installed] The problem that was encountered when a signature was attempted is below: osslsigncode sign -pkcs11engine /home/siddharth/ws/osslsigncode-test/libp11-0.4.13/src/.libs/pkcs11.so -pkcs11module /home/siddharth/smtools-linux-x64/smpkcs11.so -certs rsa-3072-with-chain.pem -key 'pkcs11:object=rsa-3072;type=private' -in test.exe -out test-signed.exe -h sha256 -t http://timestamp.digicert.com Failed to set 'dynamic' engine Failed to read key or certificates 40B954C4887F0000:error:1300006D:engine routines:dynamic_load:init failed:../crypto/engine/eng_dyn.c:514: Failed The fix for this was to download the latest version of libp11 from https://github.com/OpenSC/libp11/releases. The version that we used was libp11-0.4.13. After this was built and installed, which replaced the libraries installed by the package manager, signatures and verifications went through fine: osslsigncode sign -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so -pkcs11module /home/siddharth/smtools-linux-x64/smpkcs11.so -certs rsa-3072-with-chain.pem -key 'pkcs11:object=rsa-3072;type=private' -in test.exe -out test-signed.exe -h sha256 -t http:// timestamp.digicert.com Engine "pkcs11" set. Workaround for OpenSSL 3.0.13 30 Jan 2024 enabled Connecting to http://timestamp.digicert.com Succeeded osslsigncode verify -in test-signed.exe PE checksum : 008F3AF0 Signature Index: 0 (Primary Signature) Message digest algorithm : SHA256 Current message digest : 61B6CF285EC8436D715F89CF444A7E6954F84BA80ED94889FF32271D543D9012 Calculated message digest : 61B6CF285EC8436D715F89CF444A7E6954F84BA80ED94889FF32271D543D9012 . . . . Signature verification: ok Number of verified signatures: 1 Succeeded It would help end users if the dependent libengine-pkcs11-openssl package was compiled and built with the latest version and that was packaged instead. ** Affects: osslsigncode (Ubuntu) Importance: Undecided Status: New ** Tags: openssl-pkcs11 osslsigncode pkcs11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097330 Title: Packaged version of libengine-pkcs11-openssl is not compatible To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/osslsigncode/+bug/2097330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
