Webengine or boplgin processes die repeatedly with unable to initialise encryption operation error

book

Article ID: 125279

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

After SDM startup:
a) it takes a long time for the boplgin program to initialize and then it crashes
b) or an attempt to login to SDM crashes the webengine

Below errors are seen in the SDM stdlogs when this happens:
01/10 04:12:49.25 SDMHost web:local 6800 ERROR encrypt.cpp 520 etpki_lib_init return -1 
01/10 04:12:49.26 SDMHost web:local 6800 ERROR encrypt.cpp 139 unable to initialise encryption operation 

01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 520 etpki_lib_init return -1 
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 139 unable to initialise encryption operation 

Cause

To be FIPS compliant, CAPKI5 has a restriction to load the library libcaopenssl_crypto.dll at a specific memory address.  This is restriction a from OpenSSL.

If a process (boplgin/webengine) obtains more than 250MB of heap memory before calling etpki_lib_init (a function in CAPKI5 that SDM needs to initialize CAPKI5), the call will fail and so the program crashes.

Environment

Release:
Component: USRD

Resolution

A solution for this is available as a testfix (defect DE44381/DE49723 for SDM 17.1 release). 

Raise a case with CA Support to obtain appropriate solution for the release/platform of SDM 17.1 that is in use.

Additional Information

NOTE:  Make sure CAPKI5 is installed properly first. If CAPKI5 is not installed properly then, the above solution will not make any difference. Here is an article on the same: https://comm.support.ca.com/kb/service-desk-configuration-fails-with-the-following-error-pdmsql-4468-error-encryptcpp-136-unable-to-initialise-encryption-operation/KB000041327