Package: guix-patches;
Reported by: Timotej Lazar <timotej.lazar <at> araneo.si>
Date: Mon, 17 Apr 2023 20:19:01 UTC
Severity: normal
Tags: patch
Merged with 62878
Done: Andreas Enge <andreas <at> enge.fr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 62913 in the body.
You can then email your comments to 62913 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#62913; Package guix-patches.
(Mon, 17 Apr 2023 20:19:01 GMT) Full text and rfc822 format available.Timotej Lazar <timotej.lazar <at> araneo.si>:guix-patches <at> gnu.org.
(Mon, 17 Apr 2023 20:19:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Timotej Lazar <timotej.lazar <at> araneo.si> To: guix-patches <at> gnu.org Cc: Timotej Lazar <timotej.lazar <at> araneo.si> Subject: [PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3. Date: Mon, 17 Apr 2023 22:18:01 +0200
* gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from
Debian.
* gnu/packages/security-token.scm (softhsm): Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 1 +
.../patches/softhsm-fix-openssl3-tests.patch | 1107 +++++++++++++++++
gnu/packages/security-token.scm | 4 +-
3 files changed, 1111 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 9372ff0119..48b371de55 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1885,6 +1885,7 @@ dist_patch_DATA = \
%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
%D%/packages/patches/snappy-add-inline-for-GCC.patch \
%D%/packages/patches/source-highlight-gcc-compat.patch \
+ %D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
%D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
new file mode 100644
index 0000000000..f2d9ce3f5d
--- /dev/null
+++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
@@ -0,0 +1,1107 @@
+Copied from Debian:
+
+https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
+
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy <at> redhat.com>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <abokovoy <at> redhat.com>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
++
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+
+ // Test 168-bit key
+@@ -314,27 +318,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -534,54 +539,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -589,27 +596,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -809,54 +817,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -864,27 +874,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -1083,54 +1094,56 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -1138,27 +1151,28 @@
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+ keySizes.push_back(1025);
+ #endif
+@@ -93,30 +92,31 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
++ if (rsa->generateKeyPair(&kp, &p)) {
+
+- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+
+- CPPUNIT_ASSERT(pub->getBitLength() == *k);
+- CPPUNIT_ASSERT(priv->getBitLength() == *k);
+- CPPUNIT_ASSERT(pub->getE() == *e);
+- CPPUNIT_ASSERT(priv->getE() == *e);
++ CPPUNIT_ASSERT(pub->getBitLength() == *k);
++ CPPUNIT_ASSERT(priv->getBitLength() == *k);
++ CPPUNIT_ASSERT(pub->getE() == *e);
++ CPPUNIT_ASSERT(priv->getE() == *e);
+
+- rsa->recycleKeyPair(kp);
++ rsa->recycleKeyPair(kp);
++ }
+ }
+ }
+ }
+
+ void RSATests::testSerialisation()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +204,12 @@
+
+ void RSATests::testPKCS8()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +253,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -293,8 +292,10 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ // Generate some data to sign
+ ByteString dataToSign;
+@@ -611,7 +612,6 @@
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -629,8 +629,10 @@
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ RNG* rng = CryptoFactory::i()->getRNG();
+
+Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp
++++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+@@ -642,11 +642,14 @@
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ };
+ CK_ULONG secLen = 0;
++ CK_BBOOL oldMechs = CK_FALSE;
+
+ switch (mechType)
+ {
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES3_ECB_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ param1.pData = &data[0];
+ param1.ulLen = sizeof(data);
+@@ -655,6 +658,7 @@
+ break;
+ case CKM_DES_CBC_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
+ memcpy(param2.iv, "12345678", 8);
+ param2.pData = &data[0];
+ param2.length = sizeof(data);
+@@ -679,10 +683,12 @@
+ break;
+ case CKK_DES:
+ mechEncrypt.mechanism = CKM_DES_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_DES2:
+ case CKK_DES3:
+ mechEncrypt.mechanism = CKM_DES3_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_AES:
+ mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -719,7 +725,11 @@
+ keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ &hDerive) );
+ }
+- CPPUNIT_ASSERT(rv == CKR_OK);
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
++ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ // Check that KCV has been set
+ CK_ATTRIBUTE checkAttribs[] = {
+@@ -740,6 +750,10 @@
+ CK_ULONG ulRecoveredTextLen;
+
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto library
++ return;
++ }
+ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ ulCipherTextLen = sizeof(cipherText);
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ // If DES key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2381,9 +2383,12 @@
+ rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+- CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ // If DES2 key is not supported, skip it
++ if (rv == CKR_OK) {
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ }
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2394,8 +2399,10 @@
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ // If DES3 key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@
+ std::vector<CK_BYTE> vEncryptedData;
+ std::vector<CK_BYTE> vEncryptedDataParted;
+ PartSize partSize(blockSize, &vData);
++ CK_BBOOL oldMechs = CK_FALSE;
++ CK_RV rv = CKR_OK;
+
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+
+@@ -233,6 +235,8 @@
+ case CKM_DES_CBC_PAD:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@
+ pMechanism->pParameter = &gcmParams;
+ pMechanism->ulParameterLen = sizeof(gcmParams);
+ break;
++ case CKM_DES_ECB:
++ case CKM_DES3_ECB:
++ oldMechs = CK_TRUE;
++ break;
+ default:
+ break;
+ }
+
+ // Single-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE)
+ {
+ CK_ULONG ulEncryptedDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
+@@ -267,40 +277,42 @@
+ }
+
+ // Multi-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+- CK_ULONG ulEncryptedPartLen;
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+- const size_t oldSize( vEncryptedDataParted.size() );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- CK_BYTE dummy;
+- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- }
+- {
+- CK_ULONG ulLastEncryptedPartLen;
+- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+- if ( isSizeOK ) {
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
++ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++ CK_ULONG ulEncryptedPartLen;
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+ const size_t oldSize( vEncryptedDataParted.size() );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ CK_BYTE dummy;
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- } else {
+- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+- vEncryptedDataParted = vData;
++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++ }
++ {
++ CK_ULONG ulLastEncryptedPartLen;
++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++ if ( isSizeOK ) {
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ const size_t oldSize( vEncryptedDataParted.size() );
++ CK_BYTE dummy;
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ } else {
++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++ vEncryptedDataParted = vData;
++ }
+ }
+ }
+
+ // Single-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ CK_ULONG ulDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
+ if ( isSizeOK ) {
+@@ -315,8 +327,9 @@
+ }
+
+ // Multi-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ std::vector<CK_BYTE> vDecryptedData;
+ CK_BYTE dummy;
+ for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
+@@ -836,44 +849,44 @@
+
+ // Generate all combinations of session/token keys.
+ rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+
+ CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ #endif
+
+ CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ if (rv == CKR_OK) {
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++ }
+ }
+
+ void SymmetricAlgorithmTests::testNullTemplate()
+Index: softhsm2-2.6.1/src/lib/test/InfoTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/InfoTests.h
++++ softhsm2-2.6.1/src/lib/test/InfoTests.h
+@@ -42,13 +42,13 @@
+ CPPUNIT_TEST_SUITE(InfoTests);
+ CPPUNIT_TEST(testGetInfo);
+ CPPUNIT_TEST(testGetFunctionList);
+- CPPUNIT_TEST(testGetSlotList);
+- CPPUNIT_TEST(testGetSlotInfo);
+- CPPUNIT_TEST(testGetTokenInfo);
+- CPPUNIT_TEST(testGetMechanismList);
+- CPPUNIT_TEST(testGetMechanismInfo);
+- CPPUNIT_TEST(testGetSlotInfoAlt);
+- CPPUNIT_TEST(testGetMechanismListConfig);
++ //CPPUNIT_TEST(testGetSlotList);
++ //CPPUNIT_TEST(testGetSlotInfo);
++ //CPPUNIT_TEST(testGetTokenInfo);
++ //CPPUNIT_TEST(testGetMechanismList);
++ //CPPUNIT_TEST(testGetMechanismInfo);
++ //CPPUNIT_TEST(testGetSlotInfoAlt);
++ //CPPUNIT_TEST(testGetMechanismListConfig);
+ CPPUNIT_TEST(testWaitForSlotEvent);
+ CPPUNIT_TEST_SUITE_END();
+
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.h
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.h
+@@ -41,7 +41,7 @@
+ class ObjectTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(ObjectTests);
+- CPPUNIT_TEST(testCreateObject);
++ /*CPPUNIT_TEST(testCreateObject);
+ CPPUNIT_TEST(testCopyObject);
+ CPPUNIT_TEST(testDestroyObject);
+ CPPUNIT_TEST(testGetObjectSize);
+@@ -60,7 +60,7 @@
+ CPPUNIT_TEST(testAllowedMechanisms);
+ CPPUNIT_TEST(testReAuthentication);
+ CPPUNIT_TEST(testTemplateAttribute);
+- CPPUNIT_TEST(testCreateSecretKey);
++ CPPUNIT_TEST(testCreateSecretKey);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/UserTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/UserTests.h
++++ softhsm2-2.6.1/src/lib/test/UserTests.h
+@@ -39,10 +39,10 @@
+ class UserTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(UserTests);
+- CPPUNIT_TEST(testInitPIN);
++ /*CPPUNIT_TEST(testInitPIN);
+ CPPUNIT_TEST(testLogin);
+ CPPUNIT_TEST(testLogout);
+- CPPUNIT_TEST(testSetPIN);
++ CPPUNIT_TEST(testSetPIN);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SignVerifyTests.h
++++ softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+@@ -41,14 +41,14 @@
+ class SignVerifyTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(SignVerifyTests);
+- CPPUNIT_TEST(testRsaSignVerify);
++ /*CPPUNIT_TEST(testRsaSignVerify);
+ #ifdef WITH_ECC
+ CPPUNIT_TEST(testEcSignVerify);
+ #endif
+ #ifdef WITH_EDDSA
+ CPPUNIT_TEST_PARAMETERIZED(testEdSignVerify, {"Ed25519", "Ed448"});
+ #endif
+- CPPUNIT_TEST(testMacSignVerify);
++ CPPUNIT_TEST(testMacSignVerify);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.h
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+@@ -39,7 +39,7 @@
+ class SymmetricAlgorithmTests : public TestsBase
+ {
+ CPPUNIT_TEST_SUITE(SymmetricAlgorithmTests);
+- CPPUNIT_TEST(testAesEncryptDecrypt);
++ /*CPPUNIT_TEST(testAesEncryptDecrypt);
+ CPPUNIT_TEST(testDesEncryptDecrypt);
+ #ifdef HAVE_AES_KEY_WRAP
+ CPPUNIT_TEST(testAesWrapUnwrap);
+@@ -49,7 +49,7 @@
+ CPPUNIT_TEST(testCheckValue);
+ CPPUNIT_TEST(testAesCtrOverflow);
+ CPPUNIT_TEST(testGenericKey);
+- CPPUNIT_TEST(testEncDecFinalNULLValidation);
++ CPPUNIT_TEST(testEncDecFinalNULLValidation);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/RandomTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/RandomTests.h
++++ softhsm2-2.6.1/src/lib/test/RandomTests.h
+@@ -39,8 +39,8 @@
+ class RandomTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(RandomTests);
+- CPPUNIT_TEST(testSeedRandom);
+- CPPUNIT_TEST(testGenerateRandom);
++ //CPPUNIT_TEST(testSeedRandom);
++ //CPPUNIT_TEST(testGenerateRandom);
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SessionTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SessionTests.h
++++ softhsm2-2.6.1/src/lib/test/SessionTests.h
+@@ -40,10 +40,10 @@
+ class SessionTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(SessionTests);
+- CPPUNIT_TEST(testOpenSession);
++ /*CPPUNIT_TEST(testOpenSession);
+ CPPUNIT_TEST(testCloseSession);
+ CPPUNIT_TEST(testCloseAllSessions);
+- CPPUNIT_TEST(testGetSessionInfo);
++ CPPUNIT_TEST(testGetSessionInfo);*/
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+Index: softhsm2-2.6.1/src/lib/test/TokenTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/TokenTests.h
++++ softhsm2-2.6.1/src/lib/test/TokenTests.h
+@@ -39,7 +39,7 @@
+ class TokenTests : public TestsNoPINInitBase
+ {
+ CPPUNIT_TEST_SUITE(TokenTests);
+- CPPUNIT_TEST(testInitToken);
++ //CPPUNIT_TEST(testInitToken);
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 0dad9ec42b..39f7fc3d01 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -18,6 +18,7 @@
;;; Copyright © 2022 Petr Hodina <phodina <at> protonmail.com>
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
;;; Copyright © 2023 Jake Leporte <jakeleporte <at> outlook.com>
+;;; Copyright © 2023 Timotej Lazar <timotej.lazar <at> araneo.si>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -210,7 +211,8 @@ (define-public softhsm
"softhsm-" version ".tar.gz"))
(sha256
(base32
- "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+ "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))
+ (patches (search-patches "softhsm-fix-openssl3-tests.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
--
2.39.2
Timotej Lazar <timotej.lazar <at> araneo.si>
to control <at> debbugs.gnu.org.
(Mon, 17 Apr 2023 21:11:02 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#62913; Package guix-patches.
(Mon, 17 Apr 2023 21:12:02 GMT) Full text and rfc822 format available.Message #10 received at 62913 <at> debbugs.gnu.org (full text, mbox):
From: Timotej Lazar <timotej.lazar <at> araneo.si> To: 62913 <at> debbugs.gnu.org, control <at> debbugs.gnu.org Subject: Re: bug#62913: Acknowledgement ([PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3.) Date: Mon, 17 Apr 2023 23:10:50 +0200
merge 62878 62913 thanks
guix-patches <at> gnu.org:bug#62913; Package guix-patches.
(Tue, 18 Apr 2023 20:06:03 GMT) Full text and rfc822 format available.Message #13 received at 62913-done <at> debbugs.gnu.org (full text, mbox):
From: Andreas Enge <andreas <at> enge.fr> To: Timotej Lazar <timotej.lazar <at> araneo.si> Cc: 62878-done <at> debbugs.gnu.org, 62913-done <at> debbugs.gnu.org Subject: Re: [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3. Date: Tue, 18 Apr 2023 22:05:20 +0200
Am Mon, Apr 17, 2023 at 10:15:23PM +0200 schrieb Timotej Lazar: > Not exactly sure what you mean, the package already uses that URL for > the homepage. The www.softhsm.org domain is just a CNAME for > www.opendnssec.org. Right, never mind! > > Could you add a pointer to the source of the patch (at the top of the file, > > for instance)? I did not find it in the Debian package. > I took the patch off a mailing list. It turns out that the final version > used by the Debian package is slightly different. I updated my patch to > use that version and added a link to the source: > https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/ Great, thanks for the contribution! I have just pushed the patch. Andreas
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 17 May 2023 11:24:05 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.