* [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3.
@ 2023-04-16 8:45 Timotej Lazar
2023-04-17 9:18 ` Andreas Enge
0 siblings, 1 reply; 6+ messages in thread
From: Timotej Lazar @ 2023-04-16 8:45 UTC (permalink / raw)
To: 62878; +Cc: Timotej Lazar
* gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from
Debian.
* gnu/packages/security-token.scm (softhsm): Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 1 +
.../patches/softhsm-fix-openssl3-tests.patch | 1010 +++++++++++++++++
gnu/packages/security-token.scm | 3 +-
3 files changed, 1013 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 73756a8c49..c253b93b89 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1886,6 +1886,7 @@ dist_patch_DATA = \
%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
%D%/packages/patches/snappy-add-inline-for-GCC.patch \
%D%/packages/patches/source-highlight-gcc-compat.patch \
+ %D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
%D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
new file mode 100644
index 0000000000..1538aa2407
--- /dev/null
+++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
@@ -0,0 +1,1010 @@
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
+index bcb1c6b..aa68746 100644
+--- a/src/lib/crypto/test/DESTests.cpp
++++ b/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@ void DESTests::testCBC()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
++
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+
+ // Test 168-bit key
+@@ -314,27 +318,28 @@ void DESTests::testCBC()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -534,54 +539,56 @@ void DESTests::testECB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -589,27 +596,28 @@ void DESTests::testECB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -809,54 +817,56 @@ void DESTests::testOFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -864,27 +874,28 @@ void DESTests::testOFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+--
+2.31.1
+
+
+From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:09:31 +0300
+Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/RSATests.cpp | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
+index 6af1e19..e583b8b 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+ keySizes.push_back(1025);
+ #endif
+@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
+
+ void RSATests::testSerialisation()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
+
+ void RSATests::testPKCS8()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+--
+2.31.1
+
+
+From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 22:29:22 +0300
+Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
+
+OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
+CentOS 9 Stream) might block certain key sizes which causes the tests to
+fail. Skip these tests because we are not going to get the results
+anyway.
+
+There is no way with CPPUNIT to produce a warning only, so we have to
+skip the whole test result.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
+index e583b8b..3b397d2 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
++ if (rsa->generateKeyPair(&kp, &p)) {
+
+- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+
+- CPPUNIT_ASSERT(pub->getBitLength() == *k);
+- CPPUNIT_ASSERT(priv->getBitLength() == *k);
+- CPPUNIT_ASSERT(pub->getE() == *e);
+- CPPUNIT_ASSERT(priv->getE() == *e);
++ CPPUNIT_ASSERT(pub->getBitLength() == *k);
++ CPPUNIT_ASSERT(priv->getBitLength() == *k);
++ CPPUNIT_ASSERT(pub->getE() == *e);
++ CPPUNIT_ASSERT(priv->getE() == *e);
+
+- rsa->recycleKeyPair(kp);
++ rsa->recycleKeyPair(kp);
++ }
+ }
+ }
+ }
+@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ // Generate some data to sign
+ ByteString dataToSign;
+@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ RNG* rng = CryptoFactory::i()->getRNG();
+
+--
+2.31.1
+
+
+From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 27 May 2021 15:08:02 +0300
+Subject: [PATCH 4/4] openssl3: skip DES* tests
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/test/DeriveTests.cpp | 16 ++-
+ src/lib/test/ObjectTests.cpp | 21 ++--
+ src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
+ 3 files changed, 100 insertions(+), 66 deletions(-)
+
+diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
+index 9438ac2..275c399 100644
+--- a/src/lib/test/DeriveTests.cpp
++++ b/src/lib/test/DeriveTests.cpp
+@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ };
+ CK_ULONG secLen = 0;
++ CK_BBOOL oldMechs = CK_FALSE;
+
+ switch (mechType)
+ {
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES3_ECB_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ param1.pData = &data[0];
+ param1.ulLen = sizeof(data);
+@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ break;
+ case CKM_DES_CBC_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
+ memcpy(param2.iv, "12345678", 8);
+ param2.pData = &data[0];
+ param2.length = sizeof(data);
+@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ break;
+ case CKK_DES:
+ mechEncrypt.mechanism = CKM_DES_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_DES2:
+ case CKK_DES3:
+ mechEncrypt.mechanism = CKM_DES3_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_AES:
+ mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ &hDerive) );
+ }
+- CPPUNIT_ASSERT(rv == CKR_OK);
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
++ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ // Check that KCV has been set
+ CK_ATTRIBUTE checkAttribs[] = {
+@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ CK_ULONG ulRecoveredTextLen;
+
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
+ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ ulCipherTextLen = sizeof(cipherText);
+diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
+index 9491ce1..4ffc1c8 100644
+--- a/src/lib/test/ObjectTests.cpp
++++ b/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ // If DES key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
+ rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+- CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ // If DES2 key is not supported, skip it
++ if (rv == CKR_OK) {
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ }
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ // If DES3 key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
+index b24caaf..1994563 100644
+--- a/src/lib/test/SymmetricAlgorithmTests.cpp
++++ b/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ std::vector<CK_BYTE> vEncryptedData;
+ std::vector<CK_BYTE> vEncryptedDataParted;
+ PartSize partSize(blockSize, &vData);
++ CK_BBOOL oldMechs = CK_FALSE;
++ CK_RV rv = CKR_OK;
+
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+
+@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ case CKM_DES_CBC_PAD:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ pMechanism->pParameter = &gcmParams;
+ pMechanism->ulParameterLen = sizeof(gcmParams);
+ break;
++ case CKM_DES_ECB:
++ case CKM_DES3_ECB:
++ oldMechs = CK_TRUE;
++ break;
+ default:
+ break;
+ }
+
+ // Single-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE)
+ {
+ CK_ULONG ulEncryptedDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
+@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ }
+
+ // Multi-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+- CK_ULONG ulEncryptedPartLen;
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+- const size_t oldSize( vEncryptedDataParted.size() );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- CK_BYTE dummy;
+- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- }
+- {
+- CK_ULONG ulLastEncryptedPartLen;
+- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+- if ( isSizeOK ) {
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
++ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++ CK_ULONG ulEncryptedPartLen;
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+ const size_t oldSize( vEncryptedDataParted.size() );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ CK_BYTE dummy;
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- } else {
+- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+- vEncryptedDataParted = vData;
++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++ }
++ {
++ CK_ULONG ulLastEncryptedPartLen;
++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++ if ( isSizeOK ) {
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ const size_t oldSize( vEncryptedDataParted.size() );
++ CK_BYTE dummy;
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ } else {
++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++ vEncryptedDataParted = vData;
++ }
+ }
+ }
+
+ // Single-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ CK_ULONG ulDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
+ if ( isSizeOK ) {
+@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ }
+
+ // Multi-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ std::vector<CK_BYTE> vDecryptedData;
+ CK_BYTE dummy;
+ for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
+@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
+
+ // Generate all combinations of session/token keys.
+ rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+
+ CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ #endif
+
+ CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ }
+
+ void SymmetricAlgorithmTests::testNullTemplate()
+--
+2.31.1
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 0dad9ec42b..f1d83d49f6 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -210,7 +210,8 @@ (define-public softhsm
"softhsm-" version ".tar.gz"))
(sha256
(base32
- "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+ "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))
+ (patches (search-patches "softhsm-fix-openssl3-tests.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
base-commit: 60594711e944413ac0d18687cce6828707ca8ecf
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3.
2023-04-16 8:45 [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3 Timotej Lazar
@ 2023-04-17 9:18 ` Andreas Enge
2023-04-17 20:15 ` Timotej Lazar
0 siblings, 1 reply; 6+ messages in thread
From: Andreas Enge @ 2023-04-17 9:18 UTC (permalink / raw)
To: Timotej Lazar; +Cc: 62878
Hello Timotej,
Am Sun, Apr 16, 2023 at 10:45:57AM +0200 schrieb Timotej Lazar:
> * gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from
> Debian.
> * gnu/packages/security-token.scm (softhsm): Use it.
> * gnu/local.mk (dist_patch_DATA): Register it.
thanks for your patch! Since this is security related, I would like to dig
a bit deeper. That the package itself has a wrong homepage (maybe we could
switch to https://www.opendnssec.org/softhsm/ at the same occasion?) does
not help, nor that the software looks abandoned (last commit on
https://github.com/opendnssec/SoftHSMv2 about a year ago, last release
three years ago). But as I understand it, it is more of educational use
than to provide actual security?
Could you add a pointer to the source of the patch (at the top of the file,
for instance)? I did not find it in the Debian package. And maybe add a
copyright line for yourself.
Andreas
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3.
2023-04-17 9:18 ` Andreas Enge
@ 2023-04-17 20:15 ` Timotej Lazar
2023-04-17 20:18 ` [bug#62913] [PATCH core-updates v2] " Timotej Lazar
2023-04-18 20:05 ` [bug#62913] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3 Andreas Enge
0 siblings, 2 replies; 6+ messages in thread
From: Timotej Lazar @ 2023-04-17 20:15 UTC (permalink / raw)
To: Andreas Enge; +Cc: 62878
Hi, thanks for the fast review!
Andreas Enge <andreas@enge.fr> [2023-04-17 11:18:16+0200]:
> That the package itself has a wrong homepage (maybe we could
> switch to https://www.opendnssec.org/softhsm/ at the same occasion?)
Not exactly sure what you mean, the package already uses that URL for
the homepage. The www.softhsm.org domain is just a CNAME for
www.opendnssec.org.
> last commit on https://github.com/opendnssec/SoftHSMv2 about a year
> ago, last release three years ago
That is true, and apparently there are no immediate plans for a new
release¹. On the other hand, most major distros have it packaged, and
looking at the issues/PRs the project still appears somewhat active.
¹ https://github.com/opendnssec/SoftHSMv2/issues/575#issuecomment-1101183308
> But as I understand it, it is more of educational use than to provide
> actual security?
I think the only use of this package in Guix proper is allowing some
tests for sssd to run. I use sssd, but would be OK with dropping softhsm
and skipping some of those tests.
> Could you add a pointer to the source of the patch (at the top of the file,
> for instance)? I did not find it in the Debian package.
I took the patch off a mailing list. It turns out that the final version
used by the Debian package is slightly different. I updated my patch to
use that version and added a link to the source:
https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
> And maybe add a copyright line for yourself.
Done.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#62913] [PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3.
2023-04-17 20:15 ` Timotej Lazar
@ 2023-04-17 20:18 ` Timotej Lazar
[not found] ` <handler.62913.B.16817627115691.ack@debbugs.gnu.org>
2023-04-18 20:05 ` [bug#62913] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3 Andreas Enge
1 sibling, 1 reply; 6+ messages in thread
From: Timotej Lazar @ 2023-04-17 20:18 UTC (permalink / raw)
To: 62913; +Cc: Timotej Lazar
* gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from
Debian.
* gnu/packages/security-token.scm (softhsm): Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 1 +
.../patches/softhsm-fix-openssl3-tests.patch | 1107 +++++++++++++++++
gnu/packages/security-token.scm | 4 +-
3 files changed, 1111 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 9372ff0119..48b371de55 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1885,6 +1885,7 @@ dist_patch_DATA = \
%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
%D%/packages/patches/snappy-add-inline-for-GCC.patch \
%D%/packages/patches/source-highlight-gcc-compat.patch \
+ %D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
%D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
new file mode 100644
index 0000000000..f2d9ce3f5d
--- /dev/null
+++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
@@ -0,0 +1,1107 @@
+Copied from Debian:
+
+https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
+
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
++
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+
+ // Test 168-bit key
+@@ -314,27 +318,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -534,54 +539,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -589,27 +596,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -809,54 +817,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -864,27 +874,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -1083,54 +1094,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -1138,27 +1151,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+ keySizes.push_back(1025);
+ #endif
+@@ -93,30 +92,31 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
++ if (rsa->generateKeyPair(&kp, &p)) {
+
+- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+
+- CPPUNIT_ASSERT(pub->getBitLength() == *k);
+- CPPUNIT_ASSERT(priv->getBitLength() == *k);
+- CPPUNIT_ASSERT(pub->getE() == *e);
+- CPPUNIT_ASSERT(priv->getE() == *e);
++ CPPUNIT_ASSERT(pub->getBitLength() == *k);
++ CPPUNIT_ASSERT(priv->getBitLength() == *k);
++ CPPUNIT_ASSERT(pub->getE() == *e);
++ CPPUNIT_ASSERT(priv->getE() == *e);
+
+- rsa->recycleKeyPair(kp);
++ rsa->recycleKeyPair(kp);
++ }
+ }
+ }
+ }
+
+ void RSATests::testSerialisation()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +204,12 @@
+
+ void RSATests::testPKCS8()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +253,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -293,8 +292,10 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ // Generate some data to sign
+ ByteString dataToSign;
+@@ -611,7 +612,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -629,8 +629,10 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ RNG* rng = CryptoFactory::i()->getRNG();
+
+Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp
++++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+@@ -642,11 +642,14 @@
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ };
+ CK_ULONG secLen = 0;
++ CK_BBOOL oldMechs = CK_FALSE;
+
+ switch (mechType)
+ {
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES3_ECB_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ param1.pData = &data[0];
+ param1.ulLen = sizeof(data);
+@@ -655,6 +658,7 @@
+ break;
+ case CKM_DES_CBC_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
+ memcpy(param2.iv, "12345678", 8);
+ param2.pData = &data[0];
+ param2.length = sizeof(data);
+@@ -679,10 +683,12 @@
+ break;
+ case CKK_DES:
+ mechEncrypt.mechanism = CKM_DES_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_DES2:
+ case CKK_DES3:
+ mechEncrypt.mechanism = CKM_DES3_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_AES:
+ mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -719,7 +725,11 @@
+ keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ &hDerive) );
+ }
+- CPPUNIT_ASSERT(rv == CKR_OK);
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
++ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ // Check that KCV has been set
+ CK_ATTRIBUTE checkAttribs[] = {
+@@ -740,6 +750,10 @@
+ CK_ULONG ulRecoveredTextLen;
+
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
+ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ ulCipherTextLen = sizeof(cipherText);
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ // If DES key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2381,9 +2383,12 @@
+ rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+- CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ // If DES2 key is not supported, skip it
++ if (rv == CKR_OK) {
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ }
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2394,8 +2399,10 @@
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ // If DES3 key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@
+ std::vector<CK_BYTE> vEncryptedData;
+ std::vector<CK_BYTE> vEncryptedDataParted;
+ PartSize partSize(blockSize, &vData);
++ CK_BBOOL oldMechs = CK_FALSE;
++ CK_RV rv = CKR_OK;
+
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+
+@@ -233,6 +235,8 @@
+ case CKM_DES_CBC_PAD:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@
+ pMechanism->pParameter = &gcmParams;
+ pMechanism->ulParameterLen = sizeof(gcmParams);
+ break;
++ case CKM_DES_ECB:
++ case CKM_DES3_ECB:
++ oldMechs = CK_TRUE;
++ break;
+ default:
+ break;
+ }
+
+ // Single-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE)
+ {
+ CK_ULONG ulEncryptedDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
+@@ -267,40 +277,42 @@
+ }
+
+ // Multi-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+- CK_ULONG ulEncryptedPartLen;
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+- const size_t oldSize( vEncryptedDataParted.size() );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- CK_BYTE dummy;
+- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- }
+- {
+- CK_ULONG ulLastEncryptedPartLen;
+- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+- if ( isSizeOK ) {
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
++ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++ CK_ULONG ulEncryptedPartLen;
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+ const size_t oldSize( vEncryptedDataParted.size() );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ CK_BYTE dummy;
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- } else {
+- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+- vEncryptedDataParted = vData;
++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++ }
++ {
++ CK_ULONG ulLastEncryptedPartLen;
++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++ if ( isSizeOK ) {
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ const size_t oldSize( vEncryptedDataParted.size() );
++ CK_BYTE dummy;
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ } else {
++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++ vEncryptedDataParted = vData;
++ }
+ }
+ }
+
+ // Single-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ CK_ULONG ulDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
+ if ( isSizeOK ) {
+@@ -315,8 +327,9 @@
+ }
+
+ // Multi-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ std::vector<CK_BYTE> vDecryptedData;
+ CK_BYTE dummy;
+ for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
+@@ -836,44 +849,44 @@
+
+ // Generate all combinations of session/token keys.
+ rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+
+ CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ #endif
+
+ CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ }
+
+ void SymmetricAlgorithmTests::testNullTemplate()
+Index: softhsm2-2.6.1/src/lib/test/InfoTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/InfoTests.h
++++ softhsm2-2.6.1/src/lib/test/InfoTests.h
+@@ -42,13 +42,13 @@
+ CPPUNIT_TEST_SUITE(InfoTests);
+ CPPUNIT_TEST(testGetInfo);
+ CPPUNIT_TEST(testGetFunctionList);
+- CPPUNIT_TEST(testGetSlotList);
+- CPPUNIT_TEST(testGetSlotInfo);
+- CPPUNIT_TEST(testGetTokenInfo);
+- CPPUNIT_TEST(testGetMechanismList);
+- CPPUNIT_TEST(testGetMechanismInfo);
+- CPPUNIT_TEST(testGetSlotInfoAlt);
+- CPPUNIT_TEST(testGetMechanismListConfig);
++ //CPPUNIT_TEST(testGetSlotList);
++ //CPPUNIT_TEST(testGetSlotInfo);
++ //CPPUNIT_TEST(testGetTokenInfo);
++ //CPPUNIT_TEST(testGetMechanismList);
++ //CPPUNIT_TEST(testGetMechanismInfo);
++ //CPPUNIT_TEST(testGetSlotInfoAlt);
++ //CPPUNIT_TEST(testGetMechanismListConfig);
+ CPPUNIT_TEST(testWaitForSlotEvent);
+ CPPUNIT_TEST_SUITE_END();
+
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.h
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.h
+@@ -41,7 +41,7 @@
+ class ObjectTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(ObjectTests);
+- CPPUNIT_TEST(testCreateObject);
++ /*CPPUNIT_TEST(testCreateObject);
+ CPPUNIT_TEST(testCopyObject);
+ CPPUNIT_TEST(testDestroyObject);
+ CPPUNIT_TEST(testGetObjectSize);
+@@ -60,7 +60,7 @@
+ CPPUNIT_TEST(testAllowedMechanisms);
+ CPPUNIT_TEST(testReAuthentication);
+ CPPUNIT_TEST(testTemplateAttribute);
+- CPPUNIT_TEST(testCreateSecretKey);
++ CPPUNIT_TEST(testCreateSecretKey);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/UserTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/UserTests.h
++++ softhsm2-2.6.1/src/lib/test/UserTests.h
+@@ -39,10 +39,10 @@
+ class UserTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(UserTests);
+- CPPUNIT_TEST(testInitPIN);
++ /*CPPUNIT_TEST(testInitPIN);
+ CPPUNIT_TEST(testLogin);
+ CPPUNIT_TEST(testLogout);
+- CPPUNIT_TEST(testSetPIN);
++ CPPUNIT_TEST(testSetPIN);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SignVerifyTests.h
++++ softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+@@ -41,14 +41,14 @@
+ class SignVerifyTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(SignVerifyTests);
+- CPPUNIT_TEST(testRsaSignVerify);
++ /*CPPUNIT_TEST(testRsaSignVerify);
+ #ifdef WITH_ECC
+ CPPUNIT_TEST(testEcSignVerify);
+ #endif
+ #ifdef WITH_EDDSA
+ CPPUNIT_TEST_PARAMETERIZED(testEdSignVerify, {"Ed25519", "Ed448"});
+ #endif
+- CPPUNIT_TEST(testMacSignVerify);
++ CPPUNIT_TEST(testMacSignVerify);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.h
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+@@ -39,7 +39,7 @@
+ class SymmetricAlgorithmTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(SymmetricAlgorithmTests);
+- CPPUNIT_TEST(testAesEncryptDecrypt);
++ /*CPPUNIT_TEST(testAesEncryptDecrypt);
+ CPPUNIT_TEST(testDesEncryptDecrypt);
+ #ifdef HAVE_AES_KEY_WRAP
+ CPPUNIT_TEST(testAesWrapUnwrap);
+@@ -49,7 +49,7 @@
+ CPPUNIT_TEST(testCheckValue);
+ CPPUNIT_TEST(testAesCtrOverflow);
+ CPPUNIT_TEST(testGenericKey);
+- CPPUNIT_TEST(testEncDecFinalNULLValidation);
++ CPPUNIT_TEST(testEncDecFinalNULLValidation);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/RandomTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/RandomTests.h
++++ softhsm2-2.6.1/src/lib/test/RandomTests.h
+@@ -39,8 +39,8 @@
+ class RandomTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(RandomTests);
+- CPPUNIT_TEST(testSeedRandom);
+- CPPUNIT_TEST(testGenerateRandom);
++ //CPPUNIT_TEST(testSeedRandom);
++ //CPPUNIT_TEST(testGenerateRandom);
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SessionTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SessionTests.h
++++ softhsm2-2.6.1/src/lib/test/SessionTests.h
+@@ -40,10 +40,10 @@
+ class SessionTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(SessionTests);
+- CPPUNIT_TEST(testOpenSession);
++ /*CPPUNIT_TEST(testOpenSession);
+ CPPUNIT_TEST(testCloseSession);
+ CPPUNIT_TEST(testCloseAllSessions);
+- CPPUNIT_TEST(testGetSessionInfo);
++ CPPUNIT_TEST(testGetSessionInfo);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/TokenTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/TokenTests.h
++++ softhsm2-2.6.1/src/lib/test/TokenTests.h
+@@ -39,7 +39,7 @@
+ class TokenTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(TokenTests);
+- CPPUNIT_TEST(testInitToken);
++ //CPPUNIT_TEST(testInitToken);
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 0dad9ec42b..39f7fc3d01 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -18,6 +18,7 @@
;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com>
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
;;; Copyright © 2023 Jake Leporte <jakeleporte@outlook.com>
+;;; Copyright © 2023 Timotej Lazar <timotej.lazar@araneo.si>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -210,7 +211,8 @@ (define-public softhsm
"softhsm-" version ".tar.gz"))
(sha256
(base32
- "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+ "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))
+ (patches (search-patches "softhsm-fix-openssl3-tests.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#62913] Acknowledgement ([PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3.)
[not found] ` <handler.62913.B.16817627115691.ack@debbugs.gnu.org>
@ 2023-04-17 21:10 ` Timotej Lazar
0 siblings, 0 replies; 6+ messages in thread
From: Timotej Lazar @ 2023-04-17 21:10 UTC (permalink / raw)
To: 62913, control
merge 62878 62913
thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#62913] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3.
2023-04-17 20:15 ` Timotej Lazar
2023-04-17 20:18 ` [bug#62913] [PATCH core-updates v2] " Timotej Lazar
@ 2023-04-18 20:05 ` Andreas Enge
1 sibling, 0 replies; 6+ messages in thread
From: Andreas Enge @ 2023-04-18 20:05 UTC (permalink / raw)
To: Timotej Lazar; +Cc: 62878-done, 62913-done
Am Mon, Apr 17, 2023 at 10:15:23PM +0200 schrieb Timotej Lazar:
> Not exactly sure what you mean, the package already uses that URL for
> the homepage. The www.softhsm.org domain is just a CNAME for
> www.opendnssec.org.
Right, never mind!
> > Could you add a pointer to the source of the patch (at the top of the file,
> > for instance)? I did not find it in the Debian package.
> I took the patch off a mailing list. It turns out that the final version
> used by the Debian package is slightly different. I updated my patch to
> use that version and added a link to the source:
> https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
Great, thanks for the contribution!
I have just pushed the patch.
Andreas
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-04-18 20:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-16 8:45 [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3 Timotej Lazar
2023-04-17 9:18 ` Andreas Enge
2023-04-17 20:15 ` Timotej Lazar
2023-04-17 20:18 ` [bug#62913] [PATCH core-updates v2] " Timotej Lazar
[not found] ` <handler.62913.B.16817627115691.ack@debbugs.gnu.org>
2023-04-17 21:10 ` [bug#62913] Acknowledgement ([PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3.) Timotej Lazar
2023-04-18 20:05 ` [bug#62913] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3 Andreas Enge
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).