On 2022-05-21 00:10:47 +0200, Ondřej Surý wrote: > Hi, > > feel free to upload the NMU directly, I think I do have lowNMU threshold set > (somewhere)
Thanks, done! Cheers > > -- > Ondřej Surý <ond...@sury.org> (He/Him) > > > On 20. 5. 2022, at 23:27, Sebastian Ramacher <sramac...@debian.org> wrote: > > > > Control: tags 997511 + patch > > Control: tags 997511 + pending > > > > Dear maintainer, > > > > I've prepared an NMU for softhsm2 (versioned as 2.6.1-2.1) and > > uploaded it to DELAYED/2. Please feel free to tell me if I > > should delay it longer. > > > > Cheers > > -- > > Sebastian Ramacher > diff -Nru softhsm2-2.6.1/debian/changelog softhsm2-2.6.1/debian/changelog > --- softhsm2-2.6.1/debian/changelog 2020-05-15 11:41:43.000000000 +0200 > +++ softhsm2-2.6.1/debian/changelog 2022-05-20 23:23:22.000000000 +0200 > @@ -1,3 +1,10 @@ > +softhsm2 (2.6.1-2.1) unstable; urgency=medium > + > + [ William 'jawn-smith' Wilson ] > + * Disable some tests that are failing with openssl v3 (Closes: #997511) > + > + -- Sebastian Ramacher <sramac...@debian.org> Fri, 20 May 2022 23:23:22 > +0200 > + > softhsm2 (2.6.1-2) unstable; urgency=medium > > * Explicitly enable ECC and EDDSA curves (Closes: #942419) > diff -Nru softhsm2-2.6.1/debian/patches/0003-fix-ftbfs-with-opensslv3.patch > softhsm2-2.6.1/debian/patches/0003-fix-ftbfs-with-opensslv3.patch > --- softhsm2-2.6.1/debian/patches/0003-fix-ftbfs-with-opensslv3.patch > 1970-01-01 01:00:00.000000000 +0100 > +++ softhsm2-2.6.1/debian/patches/0003-fix-ftbfs-with-opensslv3.patch > 2022-05-20 23:14:03.000000000 +0200 > @@ -0,0 +1,1103 @@ > +From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 > +From: Alexander Bokovoy <aboko...@redhat.com> > +Date: Wed, 26 May 2021 20:03:25 +0300 > +Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it > + > +OpenSSL 3.0 moves DES into a legacy provider which has to be loaded > +explicitly. By default, it will not be loaded and DES methods in tests > +will fail. Nest test blocks under successful initialization. > + > +Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> > +--- > + src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- > + 1 file changed, 182 insertions(+), 168 deletions(-) > + > +Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp > ++++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp > +@@ -259,54 +259,58 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, > SymMode::CBC, IV)); > ++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::CBC, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::CBC, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ > ++ } > + > + // Test 112-bit key > + cipherText = ByteString(testResult[i][j][1]); > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, > SymMode::CBC, IV)); > ++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::CBC, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::CBC, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > ++ > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > + #endif > + > + // Test 168-bit key > +@@ -314,27 +318,28 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, > SymMode::CBC, IV)); > ++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::CBC, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::CBC, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + } > + } > + } > +@@ -534,54 +539,56 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, > SymMode::ECB, IV)); > ++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::ECB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::ECB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + > + // Test 112-bit key > + cipherText = ByteString(testResult[i][j][1]); > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, > SymMode::ECB, IV)); > ++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::ECB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::ECB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + #endif > + > + // Test 168-bit key > +@@ -589,27 +596,28 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, > SymMode::ECB, IV)); > ++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::ECB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::ECB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + } > + } > + } > +@@ -809,54 +817,56 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, > SymMode::OFB, IV)); > ++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::OFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::OFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + > + // Test 112-bit key > + cipherText = ByteString(testResult[i][j][1]); > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, > SymMode::OFB, IV)); > ++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::OFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::OFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + #endif > + > + // Test 168-bit key > +@@ -864,27 +874,28 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, > SymMode::OFB, IV)); > ++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::OFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::OFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + } > + } > + } > +@@ -1083,54 +1094,56 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, > SymMode::CFB, IV)); > ++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::CFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, > SymMode::CFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + > + // Test 112-bit key > + cipherText = ByteString(testResult[i][j][1]); > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, > SymMode::CFB, IV)); > ++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::CFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, > SymMode::CFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + #endif > + > + // Test 168-bit key > +@@ -1138,27 +1151,28 @@ > + > + // Now, do the same thing using our DES implementation > + shsmCipherText.wipe(); > +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, > SymMode::CFB, IV)); > ++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { > + > +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, > OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(des->encryptFinal(OB)); > +- shsmCipherText += OB; > ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); > ++ shsmCipherText += OB; > + > +- CPPUNIT_ASSERT(shsmCipherText == cipherText); > ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); > + > +- // Check that we can get the plain text > +- shsmPlainText.wipe(); > +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::CFB, IV)); > ++ // Check that we can get the plain text > ++ shsmPlainText.wipe(); > ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, > SymMode::CFB, IV)); > + > +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > +- shsmPlainText += OB; > ++ > CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(des->decryptFinal(OB)); > +- shsmPlainText += OB; > ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); > ++ shsmPlainText += OB; > + > +- CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ CPPUNIT_ASSERT(shsmPlainText == plainText); > ++ } > + } > + } > + } > +Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp > ++++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp > +@@ -78,7 +78,6 @@ > + > + // Key sizes to test > + std::vector<size_t> keySizes; > +- keySizes.push_back(1024); > + #ifndef WITH_FIPS > + keySizes.push_back(1025); > + #endif > +@@ -93,30 +92,31 @@ > + p.setE(*e); > + p.setBitLength(*k); > + > +- // Generate key-pair > +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); > ++ // Generate key-pair but skip test if key size is > unsupported in OpenSSL 3.0.0 > ++ if (rsa->generateKeyPair(&kp, &p)) { > + > +- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); > +- RSAPrivateKey* priv = (RSAPrivateKey*) > kp->getPrivateKey(); > ++ RSAPublicKey* pub = (RSAPublicKey*) > kp->getPublicKey(); > ++ RSAPrivateKey* priv = (RSAPrivateKey*) > kp->getPrivateKey(); > + > +- CPPUNIT_ASSERT(pub->getBitLength() == *k); > +- CPPUNIT_ASSERT(priv->getBitLength() == *k); > +- CPPUNIT_ASSERT(pub->getE() == *e); > +- CPPUNIT_ASSERT(priv->getE() == *e); > ++ CPPUNIT_ASSERT(pub->getBitLength() == *k); > ++ CPPUNIT_ASSERT(priv->getBitLength() == *k); > ++ CPPUNIT_ASSERT(pub->getE() == *e); > ++ CPPUNIT_ASSERT(priv->getE() == *e); > + > +- rsa->recycleKeyPair(kp); > ++ rsa->recycleKeyPair(kp); > ++ } > + } > + } > + } > + > + void RSATests::testSerialisation() > + { > +- // Generate a 1024-bit key-pair for testing > ++ // Generate a 2048-bit key-pair for testing > + AsymmetricKeyPair* kp; > + RSAParameters p; > + > + p.setE("010001"); > +- p.setBitLength(1024); > ++ p.setBitLength(2048); > + > + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); > + CPPUNIT_ASSERT(kp != NULL); > +@@ -204,12 +204,12 @@ > + > + void RSATests::testPKCS8() > + { > +- // Generate a 1024-bit key-pair for testing > ++ // Generate a 2048-bit key-pair for testing > + AsymmetricKeyPair* kp; > + RSAParameters p; > + > + p.setE("010001"); > +- p.setBitLength(1024); > ++ p.setBitLength(2048); > + > + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); > + CPPUNIT_ASSERT(kp != NULL); > +@@ -253,7 +253,6 @@ > + > + // Key sizes to test > + std::vector<size_t> keySizes; > +- keySizes.push_back(1024); > + keySizes.push_back(1280); > + keySizes.push_back(2048); > + //keySizes.push_back(4096); > +@@ -293,8 +292,10 @@ > + p.setE(*e); > + p.setBitLength(*k); > + > +- // Generate key-pair > +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); > ++ // Generate key-pair but skip those that unsupported in > OpenSSL 3.0.0 > ++ if (!rsa->generateKeyPair(&kp, &p)) { > ++ continue; > ++ } > + > + // Generate some data to sign > + ByteString dataToSign; > +@@ -611,7 +612,6 @@ > + > + // Key sizes to test > + std::vector<size_t> keySizes; > +- keySizes.push_back(1024); > + keySizes.push_back(1280); > + keySizes.push_back(2048); > + //keySizes.push_back(4096); > +@@ -629,8 +629,10 @@ > + p.setE(*e); > + p.setBitLength(*k); > + > +- // Generate key-pair > +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); > ++ // Generate key-pair but skip those that unsupported in > OpenSSL 3.0.0 > ++ if (!rsa->generateKeyPair(&kp, &p)) { > ++ continue; > ++ } > + > + RNG* rng = CryptoFactory::i()->getRNG(); > + > +Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp > ++++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp > +@@ -642,11 +642,14 @@ > + 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 > + }; > + CK_ULONG secLen = 0; > ++ CK_BBOOL oldMechs = CK_FALSE; > + > + switch (mechType) > + { > + case CKM_DES_ECB_ENCRYPT_DATA: > + case CKM_DES3_ECB_ENCRYPT_DATA: > ++ oldMechs = CK_TRUE; > ++ /* fall-through */ > + case CKM_AES_ECB_ENCRYPT_DATA: > + param1.pData = &data[0]; > + param1.ulLen = sizeof(data); > +@@ -655,6 +658,7 @@ > + break; > + case CKM_DES_CBC_ENCRYPT_DATA: > + case CKM_DES3_CBC_ENCRYPT_DATA: > ++ oldMechs = CK_TRUE; > + memcpy(param2.iv, "12345678", 8); > + param2.pData = &data[0]; > + param2.length = sizeof(data); > +@@ -679,10 +683,12 @@ > + break; > + case CKK_DES: > + mechEncrypt.mechanism = CKM_DES_ECB; > ++ oldMechs = CK_TRUE; > + break; > + case CKK_DES2: > + case CKK_DES3: > + mechEncrypt.mechanism = CKM_DES3_ECB; > ++ oldMechs = CK_TRUE; > + break; > + case CKK_AES: > + mechEncrypt.mechanism = CKM_AES_ECB; > +@@ -719,7 +725,11 @@ > + keyAttribs, > sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, > + &hDerive) ); > + } > +- CPPUNIT_ASSERT(rv == CKR_OK); > ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { > ++ // Skip old mechanisms, they don't work under this crypto > library > ++ return; > ++ } > ++ CPPUNIT_ASSERT(rv==CKR_OK); > + > + // Check that KCV has been set > + CK_ATTRIBUTE checkAttribs[] = { > +@@ -740,6 +750,10 @@ > + CK_ULONG ulRecoveredTextLen; > + > + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); > ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { > ++ // Skip old mechanisms, they don't work under this crypto > library > ++ return; > ++ } > + CPPUNIT_ASSERT(rv==CKR_OK); > + > + ulCipherTextLen = sizeof(cipherText); > +Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp > ++++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp > +@@ -2370,8 +2370,10 @@ > + CPPUNIT_ASSERT(rv == CKR_OK); > + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, > 1) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); > +- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); > ++ // If DES key is not supported, skip it > ++ if (attribKCV[0].ulValueLen == 3) { > ++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); > ++ } > + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > + > +@@ -2381,9 +2383,12 @@ > + rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, > sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, > 1) ); > +- CPPUNIT_ASSERT(rv == CKR_OK); > +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); > +- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); > ++ // If DES2 key is not supported, skip it > ++ if (rv == CKR_OK) { > ++ if (attribKCV[0].ulValueLen == 3) { > ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); > ++ } > ++ } > + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > + > +@@ -2394,8 +2399,10 @@ > + CPPUNIT_ASSERT(rv == CKR_OK); > + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, > 1) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); > +- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); > ++ // If DES3 key is not supported, skip it > ++ if (attribKCV[0].ulValueLen == 3) { > ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); > ++ } > + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); > + CPPUNIT_ASSERT(rv == CKR_OK); > + } > +Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp > ++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp > +@@ -195,6 +195,8 @@ > + std::vector<CK_BYTE> vEncryptedData; > + std::vector<CK_BYTE> vEncryptedDataParted; > + PartSize partSize(blockSize, &vData); > ++ CK_BBOOL oldMechs = CK_FALSE; > ++ CK_RV rv = CKR_OK; > + > + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); > + > +@@ -233,6 +235,8 @@ > + case CKM_DES_CBC_PAD: > + case CKM_DES3_CBC: > + case CKM_DES3_CBC_PAD: > ++ oldMechs = CK_TRUE; > ++ /* fall-through */ > + case CKM_AES_CBC: > + case CKM_AES_CBC_PAD: > + pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); > +@@ -246,12 +250,18 @@ > + pMechanism->pParameter = &gcmParams; > + pMechanism->ulParameterLen = sizeof(gcmParams); > + break; > ++ case CKM_DES_ECB: > ++ case CKM_DES3_ECB: > ++ oldMechs = CK_TRUE; > ++ break; > + default: > + break; > + } > + > + // Single-part encryption > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptInit(hSession,pMechanism,hKey) ) ); > ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) > && (oldMechs == CK_FALSE)) ); > ++ if (oldMechs == CK_FALSE) > + { > + CK_ULONG ulEncryptedDataLen; > + const CK_RV rv( CRYPTOKI_F_PTR( > C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) > ) ); > +@@ -267,40 +277,42 @@ > + } > + > + // Multi-part encryption > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptInit(hSession,pMechanism,hKey) ) ); > +- > +- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); > i<vData.end(); i+=partSize.getCurrent() ) { > +- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? > partSize.getCurrent() : vData.end()-i ); > +- CK_ULONG ulEncryptedPartLen; > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) > ) ); > +- const size_t oldSize( vEncryptedDataParted.size() ); > +- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); > +- CK_BYTE dummy; > +- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? > &vEncryptedDataParted.at(oldSize) : &dummy ); > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) > ) ); > +- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); > +- } > +- { > +- CK_ULONG ulLastEncryptedPartLen; > +- const CK_RV rv( CRYPTOKI_F_PTR( > C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); > +- if ( isSizeOK ) { > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); > ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) > && (oldMechs == CK_FALSE)) ); > ++ if (oldMechs == CK_FALSE) { > ++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); > i<vData.end(); i+=partSize.getCurrent() ) { > ++ const CK_ULONG lPartLen( > i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i ); > ++ CK_ULONG ulEncryptedPartLen; > ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) > ) ); > + const size_t oldSize( vEncryptedDataParted.size() ); > ++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); > + CK_BYTE dummy; > +- > vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); > +- const CK_BYTE_PTR pLastEncryptedPart( > ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); > +- > vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); > +- } else { > +- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should > fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); > +- vEncryptedDataParted = vData; > ++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 > ? &vEncryptedDataParted.at(oldSize) : &dummy ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) > ) ); > ++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); > ++ } > ++ { > ++ CK_ULONG ulLastEncryptedPartLen; > ++ const CK_RV rv( CRYPTOKI_F_PTR( > C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); > ++ if ( isSizeOK ) { > ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); > ++ const size_t oldSize( > vEncryptedDataParted.size() ); > ++ CK_BYTE dummy; > ++ > vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); > ++ const CK_BYTE_PTR pLastEncryptedPart( > ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, > CRYPTOKI_F_PTR( > C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); > ++ > vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); > ++ } else { > ++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal > should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); > ++ vEncryptedDataParted = vData; > ++ } > + } > + } > + > + // Single-part decryption > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_DecryptInit(hSession,pMechanism,hKey) ) ); > +- > +- { > ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) > && (oldMechs == CK_FALSE)) ); > ++ if (oldMechs == CK_FALSE) { > + CK_ULONG ulDataLen; > + const CK_RV rv( CRYPTOKI_F_PTR( > C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) > ) ); > + if ( isSizeOK ) { > +@@ -315,8 +327,9 @@ > + } > + > + // Multi-part decryption > +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( > C_DecryptInit(hSession,pMechanism,hKey) ) ); > +- { > ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); > ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) > && (oldMechs == CK_FALSE)) ); > ++ if (oldMechs == CK_FALSE) { > + std::vector<CK_BYTE> vDecryptedData; > + CK_BYTE dummy; > + for ( std::vector<CK_BYTE>::iterator > i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); > i+=partSize.getCurrent()) { > +@@ -836,44 +849,44 @@ > + > + // Generate all combinations of session/token keys. > + rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey); > +- CPPUNIT_ASSERT(rv == CKR_OK); > +- > +- > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); > +- > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); > +- > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > +- > encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ if (rv == CKR_OK) { > ++ > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); > ++ > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); > ++ > encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ > encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ } > + > + CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE; > + > + // Generate all combinations of session/token keys. > + rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2); > +- CPPUNIT_ASSERT(rv == CKR_OK); > +- > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > +- > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ if (rv == CKR_OK) { > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ } > + #endif > + > + CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE; > + > + // Generate all combinations of session/token keys. > + rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3); > +- CPPUNIT_ASSERT(rv == CKR_OK); > +- > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); > +- > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > +- > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > +- > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ if (rv == CKR_OK) { > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); > ++ > encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); > ++ > encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, > false); > ++ } > + } > + > + void SymmetricAlgorithmTests::testNullTemplate() > +Index: softhsm2-2.6.1/src/lib/test/InfoTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/InfoTests.h > ++++ softhsm2-2.6.1/src/lib/test/InfoTests.h > +@@ -42,13 +42,13 @@ > + CPPUNIT_TEST_SUITE(InfoTests); > + CPPUNIT_TEST(testGetInfo); > + CPPUNIT_TEST(testGetFunctionList); > +- CPPUNIT_TEST(testGetSlotList); > +- CPPUNIT_TEST(testGetSlotInfo); > +- CPPUNIT_TEST(testGetTokenInfo); > +- CPPUNIT_TEST(testGetMechanismList); > +- CPPUNIT_TEST(testGetMechanismInfo); > +- CPPUNIT_TEST(testGetSlotInfoAlt); > +- CPPUNIT_TEST(testGetMechanismListConfig); > ++ //CPPUNIT_TEST(testGetSlotList); > ++ //CPPUNIT_TEST(testGetSlotInfo); > ++ //CPPUNIT_TEST(testGetTokenInfo); > ++ //CPPUNIT_TEST(testGetMechanismList); > ++ //CPPUNIT_TEST(testGetMechanismInfo); > ++ //CPPUNIT_TEST(testGetSlotInfoAlt); > ++ //CPPUNIT_TEST(testGetMechanismListConfig); > + CPPUNIT_TEST(testWaitForSlotEvent); > + CPPUNIT_TEST_SUITE_END(); > + > +Index: softhsm2-2.6.1/src/lib/test/ObjectTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.h > ++++ softhsm2-2.6.1/src/lib/test/ObjectTests.h > +@@ -41,7 +41,7 @@ > + class ObjectTests : public TestsBase > + { > + CPPUNIT_TEST_SUITE(ObjectTests); > +- CPPUNIT_TEST(testCreateObject); > ++ /*CPPUNIT_TEST(testCreateObject); > + CPPUNIT_TEST(testCopyObject); > + CPPUNIT_TEST(testDestroyObject); > + CPPUNIT_TEST(testGetObjectSize); > +@@ -60,7 +60,7 @@ > + CPPUNIT_TEST(testAllowedMechanisms); > + CPPUNIT_TEST(testReAuthentication); > + CPPUNIT_TEST(testTemplateAttribute); > +- CPPUNIT_TEST(testCreateSecretKey); > ++ CPPUNIT_TEST(testCreateSecretKey);*/ > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/UserTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/UserTests.h > ++++ softhsm2-2.6.1/src/lib/test/UserTests.h > +@@ -39,10 +39,10 @@ > + class UserTests : public TestsNoPINInitBase > + { > + CPPUNIT_TEST_SUITE(UserTests); > +- CPPUNIT_TEST(testInitPIN); > ++ /*CPPUNIT_TEST(testInitPIN); > + CPPUNIT_TEST(testLogin); > + CPPUNIT_TEST(testLogout); > +- CPPUNIT_TEST(testSetPIN); > ++ CPPUNIT_TEST(testSetPIN);*/ > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/SignVerifyTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/SignVerifyTests.h > ++++ softhsm2-2.6.1/src/lib/test/SignVerifyTests.h > +@@ -41,14 +41,14 @@ > + class SignVerifyTests : public TestsBase > + { > + CPPUNIT_TEST_SUITE(SignVerifyTests); > +- CPPUNIT_TEST(testRsaSignVerify); > ++ /*CPPUNIT_TEST(testRsaSignVerify); > + #ifdef WITH_ECC > + CPPUNIT_TEST(testEcSignVerify); > + #endif > + #ifdef WITH_EDDSA > + CPPUNIT_TEST_PARAMETERIZED(testEdSignVerify, {"Ed25519", "Ed448"}); > + #endif > +- CPPUNIT_TEST(testMacSignVerify); > ++ CPPUNIT_TEST(testMacSignVerify);*/ > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.h > ++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h > +@@ -39,7 +39,7 @@ > + class SymmetricAlgorithmTests : public TestsBase > + { > + CPPUNIT_TEST_SUITE(SymmetricAlgorithmTests); > +- CPPUNIT_TEST(testAesEncryptDecrypt); > ++ /*CPPUNIT_TEST(testAesEncryptDecrypt); > + CPPUNIT_TEST(testDesEncryptDecrypt); > + #ifdef HAVE_AES_KEY_WRAP > + CPPUNIT_TEST(testAesWrapUnwrap); > +@@ -49,7 +49,7 @@ > + CPPUNIT_TEST(testCheckValue); > + CPPUNIT_TEST(testAesCtrOverflow); > + CPPUNIT_TEST(testGenericKey); > +- CPPUNIT_TEST(testEncDecFinalNULLValidation); > ++ CPPUNIT_TEST(testEncDecFinalNULLValidation);*/ > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/RandomTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/RandomTests.h > ++++ softhsm2-2.6.1/src/lib/test/RandomTests.h > +@@ -39,8 +39,8 @@ > + class RandomTests : public TestsNoPINInitBase > + { > + CPPUNIT_TEST_SUITE(RandomTests); > +- CPPUNIT_TEST(testSeedRandom); > +- CPPUNIT_TEST(testGenerateRandom); > ++ //CPPUNIT_TEST(testSeedRandom); > ++ //CPPUNIT_TEST(testGenerateRandom); > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/SessionTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/SessionTests.h > ++++ softhsm2-2.6.1/src/lib/test/SessionTests.h > +@@ -40,10 +40,10 @@ > + class SessionTests : public TestsNoPINInitBase > + { > + CPPUNIT_TEST_SUITE(SessionTests); > +- CPPUNIT_TEST(testOpenSession); > ++ /*CPPUNIT_TEST(testOpenSession); > + CPPUNIT_TEST(testCloseSession); > + CPPUNIT_TEST(testCloseAllSessions); > +- CPPUNIT_TEST(testGetSessionInfo); > ++ CPPUNIT_TEST(testGetSessionInfo);*/ > + CPPUNIT_TEST_SUITE_END(); > + > + public: > +Index: softhsm2-2.6.1/src/lib/test/TokenTests.h > +=================================================================== > +--- softhsm2-2.6.1.orig/src/lib/test/TokenTests.h > ++++ softhsm2-2.6.1/src/lib/test/TokenTests.h > +@@ -39,7 +39,7 @@ > + class TokenTests : public TestsNoPINInitBase > + { > + CPPUNIT_TEST_SUITE(TokenTests); > +- CPPUNIT_TEST(testInitToken); > ++ //CPPUNIT_TEST(testInitToken); > + CPPUNIT_TEST_SUITE_END(); > + > + public: > diff -Nru softhsm2-2.6.1/debian/patches/series > softhsm2-2.6.1/debian/patches/series > --- softhsm2-2.6.1/debian/patches/series 2020-05-15 11:41:43.000000000 > +0200 > +++ softhsm2-2.6.1/debian/patches/series 2022-05-20 23:14:03.000000000 > +0200 > @@ -1,2 +1,3 @@ > 0001-Issue-548-Don-t-clean-up-engines-after-OpenSSL-has-a.patch > 0002-Fix-OPENSSL_cleanup-detection-without-using-our-own-.patch > +0003-fix-ftbfs-with-opensslv3.patch -- Sebastian Ramacher
signature.asc
Description: PGP signature