With crypto hardware acceleration enabled on s390x servers zypper commands fail

This document (7023194) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15 (on s390x)

Situation

Using zypper commands fail with "Illegal instruction (core dumped)" or "Segmentation fault (core dumped)".

Resolution

This is fixed with the following package version available as a maintenance update:

libcurl4-7.60.0-3.3.1.s390x.rpm

Cause

The problem occurs when crypto hardware acceleration via the ibmca engine is activated in openssl.cnf, in which case commands interacting with zypper repositories will fail, e.g. "zypper update", "zypper refresh", "zypper install" etc.

Enabling the ibmca engine should therefore only be done after updating to the latest maintenance level, and when upgrading from an earlier release to SLES 15, it should be disabled before the upgrade and re-enabled after the update to the latest maintenance packages.

Additional Information

openssl offers the possibility to add crypto hardware acceleration into the openssl.cnf configuration file, to provide for faster execution of cryptographic operations. The acceleration is enabled by the ibmca engine, provided by installing the openssl-ibmca package. Detailed instructions on how to set up openssl use of the ibmca engine are described in the README file of the package. In addition a configuration sample is delivered (refer to the "/usr/share/doc/packages/openssl-ibmca/" directory for the README and configuration sample files).

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.