From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id UDnHNsCpPWSIZgAASxT56A (envelope-from ) for ; Mon, 17 Apr 2023 22:19:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id gLrFNsCpPWRbHwEAauVa8A (envelope-from ) for ; Mon, 17 Apr 2023 22:19:12 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 27F9B3FCA2 for ; Mon, 17 Apr 2023 22:19:12 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1poVJX-0004Sr-Gl; Mon, 17 Apr 2023 16:19:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1poVJW-0004SY-8U for guix-patches@gnu.org; Mon, 17 Apr 2023 16:19:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1poVJW-0007Tr-1L for guix-patches@gnu.org; Mon, 17 Apr 2023 16:19:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1poVJV-0001Ui-S0 for guix-patches@gnu.org; Mon, 17 Apr 2023 16:19:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#62913] [PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3. Resent-From: Timotej Lazar Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 17 Apr 2023 20:19:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 62913 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62913@debbugs.gnu.org Cc: Timotej Lazar X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16817627115691 (code B ref -1); Mon, 17 Apr 2023 20:19:01 +0000 Received: (at submit) by debbugs.gnu.org; 17 Apr 2023 20:18:31 +0000 Received: from localhost ([127.0.0.1]:57014 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1poVIz-0001Th-P9 for submit@debbugs.gnu.org; Mon, 17 Apr 2023 16:18:31 -0400 Received: from lists.gnu.org ([209.51.188.17]:41212) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1poVIw-0001TY-Ph for submit@debbugs.gnu.org; Mon, 17 Apr 2023 16:18:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1poVIw-0003yK-IR for guix-patches@gnu.org; Mon, 17 Apr 2023 16:18:26 -0400 Received: from araneo.si ([90.157.193.204]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1poVIs-0007KP-2f for guix-patches@gnu.org; Mon, 17 Apr 2023 16:18:26 -0400 Received: from araneo.si (localhost.lan [127.0.0.1]) by araneo.si (OpenSMTPD) with ESMTP id 19e74c7f for ; Mon, 17 Apr 2023 20:18:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=araneo.si; h=from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=20180623; bh=AI/VDTG2 FOG4hKGyMlbZDKo+EUk=; b=nZ8+QnwYmLisare8jMcgWT2rt0YazqVrHZpEveL2 aANgsgwYzQmkVEvF/kVIHwj7maqx1D69OgGkTrXslBTaaYZ8OuBrehaCktGTO+lu Leec0j3fFfCIuqjqKrWPyja88mBG1kzQ9pQQk6/Ag4Bo0QVDxe/O8l7ROtEdFMnY vR9gusXm2p7b7nLyqdvrUwCawwbS2nSqOQ78fUeaGNYpBTWSoLm2+XfIp5F0t2M4 Yc4f1WCq8epj29JHIvR+tPE7SGTevnIInTxyz4Q9xR963V+dMG1f7fKxgtfgXzqz vOihff5E5WrFz7El7UkXnGWIj5jPitpeFnAtIwn2g/lnFA== Received: by araneo.si (OpenSMTPD) with ESMTPSA id 91d13d4a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 17 Apr 2023 20:18:16 +0000 (UTC) From: Timotej Lazar Date: Mon, 17 Apr 2023 22:18:01 +0200 Message-Id: <20230417201800.24535-1-timotej.lazar@araneo.si> X-Mailer: git-send-email 2.39.2 In-Reply-To: <87edoi465g.fsf@araneo.si> References: <87edoi465g.fsf@araneo.si> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=90.157.193.204; envelope-from=timotej.lazar@araneo.si; helo=araneo.si X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1681762752; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=8guIFVOIbJ5Q8KYwP7cIBM0yHWnNSApx3U46d2WyK+s=; b=VGY6w66uTL89kZRtNya4OXbX7fgsj0AyiYpV+01p7ZO8ebe9izKFYEwXmXziRV4nrcA92S SnZuOkbmI8RjrvLBHL0x5EUsrM0K83UUPjdQO7PgE2udtFw6V0Y34oWQLmk3DtehUSGtnB XKQDYznN6kYt64mcUbnB3SZgNPOEuD19MamiHce1BVQ3dy1thuWGY9ZUkxw1qT7+Z4Aag0 2PpWtgIgPdMDTkWSXO/9FJUjZId9cPqVVQRL5eOSjqSoaoxwR+HM3T30A9JzZAp7cvQoEJ vn0Z3eSVjcfaVv/F7zdeww/RvATgwTq3MvOzj0zDkOS8fgkRrKJnxz8kwRgwFw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=araneo.si header.s=20180623 header.b=nZ8+QnwY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=araneo.si (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1681762752; a=rsa-sha256; cv=none; b=bZsR5zvNg+/+Qo6bVkYwsjuxF3lagp7dXJQcp9oqHS6p8Dkeceosgyl3/a22lN2JhUOCWI A2H1Q5Hce1ml8Ba6ek9J5QwPv+QFF9RJl3AdCQtdpGQVWyUx8lm2D4TtW11vTVbUrh3Q7n S1jdXfEn3jJjHuJN4A1lsp8wCB0VsokTk1j0R47eTpXNvNsT78vy8mAgH0rRgP+IOuzI8l wCOL1wkOTezQ23lpHvuzkUy2I5aYIHYtB43F+/loBel54ODpNXP/erF1QIoj3O3R++xs2N xexnWQeq/1xjYMUukkMk4Yfzo4Vqvlf2UWLDkedC0KQKbrLJ1GjZe6n6B+YBBg== Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=araneo.si header.s=20180623 header.b=nZ8+QnwY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=araneo.si (policy=none) X-Migadu-Spam-Score: -1.31 X-Spam-Score: -1.31 X-Migadu-Queue-Id: 27F9B3FCA2 X-Migadu-Scanner: scn1.migadu.com X-TUID: 16Bxv+ZC8M/y * gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from Debian. * gnu/packages/security-token.scm (softhsm): Use it. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + .../patches/softhsm-fix-openssl3-tests.patch | 1107 +++++++++++++++++ gnu/packages/security-token.scm | 4 +- 3 files changed, 1111 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch diff --git a/gnu/local.mk b/gnu/local.mk index 9372ff0119..48b371de55 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1885,6 +1885,7 @@ dist_patch_DATA = \ %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \ %D%/packages/patches/snappy-add-inline-for-GCC.patch \ %D%/packages/patches/source-highlight-gcc-compat.patch \ + %D%/packages/patches/softhsm-fix-openssl3-tests.patch \ %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \ %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \ diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch new file mode 100644 index 0000000000..f2d9ce3f5d --- /dev/null +++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch @@ -0,0 +1,1107 @@ +Copied from Debian: + +https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/ + +From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 20:03:25 +0300 +Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it + +OpenSSL 3.0 moves DES into a legacy provider which has to be loaded +explicitly. By default, it will not be loaded and DES methods in tests +will fail. Nest test blocks under successful initialization. + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- + 1 file changed, 182 insertions(+), 168 deletions(-) + +Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp +=================================================================== +--- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp ++++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp +@@ -259,54 +259,58 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; ++ ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + +- CPPUNIT_ASSERT(shsmPlainText == plainText); + #endif + + // Test 168-bit key +@@ -314,27 +318,28 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -534,54 +539,56 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -589,27 +596,28 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -809,54 +817,56 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -864,27 +874,28 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -1083,54 +1094,56 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -1138,27 +1151,28 @@ + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp +=================================================================== +--- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp ++++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp +@@ -78,7 +78,6 @@ + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + #ifndef WITH_FIPS + keySizes.push_back(1025); + #endif +@@ -93,30 +92,31 @@ + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 ++ if (rsa->generateKeyPair(&kp, &p)) { + +- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); +- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); ++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); ++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + +- CPPUNIT_ASSERT(pub->getBitLength() == *k); +- CPPUNIT_ASSERT(priv->getBitLength() == *k); +- CPPUNIT_ASSERT(pub->getE() == *e); +- CPPUNIT_ASSERT(priv->getE() == *e); ++ CPPUNIT_ASSERT(pub->getBitLength() == *k); ++ CPPUNIT_ASSERT(priv->getBitLength() == *k); ++ CPPUNIT_ASSERT(pub->getE() == *e); ++ CPPUNIT_ASSERT(priv->getE() == *e); + +- rsa->recycleKeyPair(kp); ++ rsa->recycleKeyPair(kp); ++ } + } + } + } + + void RSATests::testSerialisation() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -204,12 +204,12 @@ + + void RSATests::testPKCS8() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -253,7 +253,6 @@ + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +@@ -293,8 +292,10 @@ + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + // Generate some data to sign + ByteString dataToSign; +@@ -611,7 +612,6 @@ + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +@@ -629,8 +629,10 @@ + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + RNG* rng = CryptoFactory::i()->getRNG(); + +Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp +=================================================================== +--- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp ++++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp +@@ -642,11 +642,14 @@ + 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 + }; + CK_ULONG secLen = 0; ++ CK_BBOOL oldMechs = CK_FALSE; + + switch (mechType) + { + case CKM_DES_ECB_ENCRYPT_DATA: + case CKM_DES3_ECB_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_ECB_ENCRYPT_DATA: + param1.pData = &data[0]; + param1.ulLen = sizeof(data); +@@ -655,6 +658,7 @@ + break; + case CKM_DES_CBC_ENCRYPT_DATA: + case CKM_DES3_CBC_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; + memcpy(param2.iv, "12345678", 8); + param2.pData = &data[0]; + param2.length = sizeof(data); +@@ -679,10 +683,12 @@ + break; + case CKK_DES: + mechEncrypt.mechanism = CKM_DES_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_DES2: + case CKK_DES3: + mechEncrypt.mechanism = CKM_DES3_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_AES: + mechEncrypt.mechanism = CKM_AES_ECB; +@@ -719,7 +725,11 @@ + keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, + &hDerive) ); + } +- CPPUNIT_ASSERT(rv == CKR_OK); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } ++ CPPUNIT_ASSERT(rv==CKR_OK); + + // Check that KCV has been set + CK_ATTRIBUTE checkAttribs[] = { +@@ -740,6 +750,10 @@ + CK_ULONG ulRecoveredTextLen; + + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } + CPPUNIT_ASSERT(rv==CKR_OK); + + ulCipherTextLen = sizeof(cipherText); +Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp +=================================================================== +--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp ++++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp +@@ -2370,8 +2370,10 @@ + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ // If DES key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2381,9 +2383,12 @@ + rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); +- CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ // If DES2 key is not supported, skip it ++ if (rv == CKR_OK) { ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ } ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2394,8 +2399,10 @@ + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ // If DES3 key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + } +Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp +=================================================================== +--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp ++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp +@@ -195,6 +195,8 @@ + std::vector vEncryptedData; + std::vector vEncryptedDataParted; + PartSize partSize(blockSize, &vData); ++ CK_BBOOL oldMechs = CK_FALSE; ++ CK_RV rv = CKR_OK; + + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); + +@@ -233,6 +235,8 @@ + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC: + case CKM_DES3_CBC_PAD: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_CBC: + case CKM_AES_CBC_PAD: + pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); +@@ -246,12 +250,18 @@ + pMechanism->pParameter = &gcmParams; + pMechanism->ulParameterLen = sizeof(gcmParams); + break; ++ case CKM_DES_ECB: ++ case CKM_DES3_ECB: ++ oldMechs = CK_TRUE; ++ break; + default: + break; + } + + // Single-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) + { + CK_ULONG ulEncryptedDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); +@@ -267,40 +277,42 @@ + } + + // Multi-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); +- +- for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); +- } +- { +- CK_ULONG ulLastEncryptedPartLen; +- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); +- if ( isSizeOK ) { +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { ++ for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); +- } else { +- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); +- vEncryptedDataParted = vData; ++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); ++ } ++ { ++ CK_ULONG ulLastEncryptedPartLen; ++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); ++ if ( isSizeOK ) { ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ const size_t oldSize( vEncryptedDataParted.size() ); ++ CK_BYTE dummy; ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ } else { ++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); ++ vEncryptedDataParted = vData; ++ } + } + } + + // Single-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + CK_ULONG ulDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); + if ( isSizeOK ) { +@@ -315,8 +327,9 @@ + } + + // Multi-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + std::vector vDecryptedData; + CK_BYTE dummy; + for ( std::vector::iterator i(vEncryptedDataParted.begin()); i ;;; Copyright © 2022 Denis 'GNUtoo' Carikli ;;; Copyright © 2023 Jake Leporte +;;; Copyright © 2023 Timotej Lazar ;;; ;;; This file is part of GNU Guix. ;;; @@ -210,7 +211,8 @@ (define-public softhsm "softhsm-" version ".tar.gz")) (sha256 (base32 - "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931")))) + "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931")) + (patches (search-patches "softhsm-fix-openssl3-tests.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL -- 2.39.2