Webengine or boplgin processes die repeatedly with unable to initialise encryption operation error

Article Id: 125279

Status: Published

Updated On: 18-12-2019 14:54

Products:

SUPPORT AUTOMATION- SERVER , CA Service Desk Manager - Unified Self Service , KNOWLEDGE TOOLS , CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager

Issue/Introduction:

After SDM startup:
a) it takes a long time for the boplgin program to initialize and then it crashes
b) or an attempt to login to SDM crashes the webengine

Below errors are seen in the SDM stdlogs when this happens:

01/10 04:12:49.25 SDMHost web:local 6800 ERROR encrypt.cpp 520 etpki_lib_init return -1
01/10 04:12:49.26 SDMHost web:local 6800 ERROR encrypt.cpp 139 unable to initialise encryption operation

01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 520 etpki_lib_init return -1
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 139 unable to initialise encryption operation

Cause:

To be FIPS compliant, CAPKI5 has a restriction to load the library libcaopenssl_crypto.dll at a specific memory address. This is restriction a from OpenSSL.

If a process (boplgin/webengine) obtains more than 250MB of heap memory before calling etpki_lib_init (a function in CAPKI5 that SDM needs to initialize CAPKI5), the call will fail and so the program crashes.

Environment:

Release:
Component: USRD

Resolution:

A solution for this is available as a testfix (defect DE44381/DE49723 for SDM 17.1 release).

Raise a case with CA Support to obtain appropriate solution for the release/platform of SDM 17.1 that is in use.

Additional Information:

NOTE: Make sure CAPKI5 is installed properly first. If CAPKI5 is not installed properly then, the above solution will not make any difference. Here is an article on the same: https://comm.support.ca.com/kb/service-desk-configuration-fails-with-the-following-error-pdmsql-4468-error-encryptcpp-136-unable-to-initialise-encryption-operation/KB000041327