guix-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#62913] [PATCH core-updates v2] gnu: openhsm: Fix test failure with


From: Timotej Lazar
Subject: [bug#62913] [PATCH core-updates v2] gnu: openhsm: Fix test failure with openssl-3.
Date: Mon, 17 Apr 2023 22:18:01 +0200

* gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from
Debian.
* gnu/packages/security-token.scm (softhsm): Use it.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk                                  |    1 +
 .../patches/softhsm-fix-openssl3-tests.patch  | 1107 +++++++++++++++++
 gnu/packages/security-token.scm               |    4 +-
 3 files changed, 1111 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9372ff0119..48b371de55 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1885,6 +1885,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch      \
   %D%/packages/patches/snappy-add-inline-for-GCC.patch         \
   %D%/packages/patches/source-highlight-gcc-compat.patch       \
+  %D%/packages/patches/softhsm-fix-openssl3-tests.patch                \
   %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
   %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
   %D%/packages/patches/sphinxbase-fix-doxygen.patch            \
diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch 
b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
new file mode 100644
index 0000000000..f2d9ce3f5d
--- /dev/null
+++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
@@ -0,0 +1,1107 @@
+Copied from Debian:
+
+https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
+
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey56, 
SymMode::CBC, IV));
++                      if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::CBC, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::CBC, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++                      }
+ 
+                       // Test 112-bit key
+                       cipherText = ByteString(testResult[i][j][1]);
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey112, 
SymMode::CBC, IV));
++                      if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::CBC, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::CBC, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
++
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+ 
+                       // Test 168-bit key
+@@ -314,27 +318,28 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey168, 
SymMode::CBC, IV));
++                      if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::CBC, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::CBC, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+               }
+       }
+ }
+@@ -534,54 +539,56 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey56, 
SymMode::ECB, IV));
++                      if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::ECB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::ECB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ 
+                       // Test 112-bit key
+                       cipherText = ByteString(testResult[i][j][1]);
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey112, 
SymMode::ECB, IV));
++                      if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::ECB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::ECB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ #endif
+ 
+                       // Test 168-bit key
+@@ -589,27 +596,28 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey168, 
SymMode::ECB, IV));
++                      if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::ECB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::ECB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+               }
+       }
+ }
+@@ -809,54 +817,56 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey56, 
SymMode::OFB, IV));
++                      if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::OFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::OFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ 
+                       // Test 112-bit key
+                       cipherText = ByteString(testResult[i][j][1]);
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey112, 
SymMode::OFB, IV));
++                      if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::OFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::OFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ #endif
+ 
+                       // Test 168-bit key
+@@ -864,27 +874,28 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey168, 
SymMode::OFB, IV));
++                      if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::OFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::OFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+               }
+       }
+ }
+@@ -1083,54 +1094,56 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey56, 
SymMode::CFB, IV));
++                      if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::CFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey56, 
SymMode::CFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ 
+                       // Test 112-bit key
+                       cipherText = ByteString(testResult[i][j][1]);
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey112, 
SymMode::CFB, IV));
++                      if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::CFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey112, 
SymMode::CFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+ #endif
+ 
+                       // Test 168-bit key
+@@ -1138,27 +1151,28 @@
+ 
+                       // Now, do the same thing using our DES implementation
+                       shsmCipherText.wipe();
+-                      CPPUNIT_ASSERT(des->encryptInit(&desKey168, 
SymMode::CFB, IV));
++                      if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+ 
+-                      CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptUpdate(plainText, 
OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->encryptFinal(OB));
+-                      shsmCipherText += OB;
++                              CPPUNIT_ASSERT(des->encryptFinal(OB));
++                              shsmCipherText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmCipherText == cipherText);
++                              CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-                      // Check that we can get the plain text
+-                      shsmPlainText.wipe();
+-                      CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::CFB, IV));
++                              // Check that we can get the plain text
++                              shsmPlainText.wipe();
++                              CPPUNIT_ASSERT(des->decryptInit(&desKey168, 
SymMode::CFB, IV));
+ 
+-                      CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-                      shsmPlainText += OB;
++                              
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(des->decryptFinal(OB));
+-                      shsmPlainText += OB;
++                              CPPUNIT_ASSERT(des->decryptFinal(OB));
++                              shsmPlainText += OB;
+ 
+-                      CPPUNIT_ASSERT(shsmPlainText == plainText);
++                              CPPUNIT_ASSERT(shsmPlainText == plainText);
++                      }
+               }
+       }
+ }
+Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp
++++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@
+ 
+       // Key sizes to test
+       std::vector<size_t> keySizes;
+-      keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+       keySizes.push_back(1025);
+ #endif
+@@ -93,30 +92,31 @@
+                       p.setE(*e);
+                       p.setBitLength(*k);
+ 
+-                      // Generate key-pair
+-                      CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++                      // Generate key-pair but skip test if key size is 
unsupported in OpenSSL 3.0.0
++                      if (rsa->generateKeyPair(&kp, &p)) {
+ 
+-                      RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+-                      RSAPrivateKey* priv = (RSAPrivateKey*) 
kp->getPrivateKey();
++                              RSAPublicKey* pub = (RSAPublicKey*) 
kp->getPublicKey();
++                              RSAPrivateKey* priv = (RSAPrivateKey*) 
kp->getPrivateKey();
+ 
+-                      CPPUNIT_ASSERT(pub->getBitLength() == *k);
+-                      CPPUNIT_ASSERT(priv->getBitLength() == *k);
+-                      CPPUNIT_ASSERT(pub->getE() == *e);
+-                      CPPUNIT_ASSERT(priv->getE() == *e);
++                              CPPUNIT_ASSERT(pub->getBitLength() == *k);
++                              CPPUNIT_ASSERT(priv->getBitLength() == *k);
++                              CPPUNIT_ASSERT(pub->getE() == *e);
++                              CPPUNIT_ASSERT(priv->getE() == *e);
+ 
+-                      rsa->recycleKeyPair(kp);
++                              rsa->recycleKeyPair(kp);
++                      }
+               }
+       }
+ }
+ 
+ void RSATests::testSerialisation()
+ {
+-      // Generate a 1024-bit key-pair for testing
++      // Generate a 2048-bit key-pair for testing
+       AsymmetricKeyPair* kp;
+       RSAParameters p;
+ 
+       p.setE("010001");
+-      p.setBitLength(1024);
++      p.setBitLength(2048);
+ 
+       CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+       CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +204,12 @@
+ 
+ void RSATests::testPKCS8()
+ {
+-      // Generate a 1024-bit key-pair for testing
++      // Generate a 2048-bit key-pair for testing
+       AsymmetricKeyPair* kp;
+       RSAParameters p;
+ 
+       p.setE("010001");
+-      p.setBitLength(1024);
++      p.setBitLength(2048);
+ 
+       CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+       CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +253,6 @@
+ 
+       // Key sizes to test
+       std::vector<size_t> keySizes;
+-      keySizes.push_back(1024);
+       keySizes.push_back(1280);
+       keySizes.push_back(2048);
+       //keySizes.push_back(4096);
+@@ -293,8 +292,10 @@
+                       p.setE(*e);
+                       p.setBitLength(*k);
+ 
+-                      // Generate key-pair
+-                      CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++                      // Generate key-pair but skip those that unsupported in 
OpenSSL 3.0.0
++                      if (!rsa->generateKeyPair(&kp, &p)) {
++                              continue;
++                      }
+ 
+                       // Generate some data to sign
+                       ByteString dataToSign;
+@@ -611,7 +612,6 @@
+ 
+       // Key sizes to test
+       std::vector<size_t> keySizes;
+-      keySizes.push_back(1024);
+       keySizes.push_back(1280);
+       keySizes.push_back(2048);
+       //keySizes.push_back(4096);
+@@ -629,8 +629,10 @@
+                       p.setE(*e);
+                       p.setBitLength(*k);
+ 
+-                      // Generate key-pair
+-                      CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++                      // Generate key-pair but skip those that unsupported in 
OpenSSL 3.0.0
++                      if (!rsa->generateKeyPair(&kp, &p)) {
++                              continue;
++                      }
+ 
+                       RNG* rng = CryptoFactory::i()->getRNG();
+ 
+Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp
++++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
+@@ -642,11 +642,14 @@
+               0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+       };
+       CK_ULONG secLen = 0;
++      CK_BBOOL oldMechs = CK_FALSE;
+ 
+       switch (mechType)
+       {
+               case CKM_DES_ECB_ENCRYPT_DATA:
+               case CKM_DES3_ECB_ENCRYPT_DATA:
++                      oldMechs = CK_TRUE;
++                      /* fall-through */
+               case CKM_AES_ECB_ENCRYPT_DATA:
+                       param1.pData = &data[0];
+                       param1.ulLen = sizeof(data);
+@@ -655,6 +658,7 @@
+                       break;
+               case CKM_DES_CBC_ENCRYPT_DATA:
+               case CKM_DES3_CBC_ENCRYPT_DATA:
++                      oldMechs = CK_TRUE;
+                       memcpy(param2.iv, "12345678", 8);
+                       param2.pData = &data[0];
+                       param2.length = sizeof(data);
+@@ -679,10 +683,12 @@
+                       break;
+               case CKK_DES:
+                       mechEncrypt.mechanism = CKM_DES_ECB;
++                      oldMechs = CK_TRUE;
+                       break;
+               case CKK_DES2:
+               case CKK_DES3:
+                       mechEncrypt.mechanism = CKM_DES3_ECB;
++                      oldMechs = CK_TRUE;
+                       break;
+               case CKK_AES:
+                       mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -719,7 +725,11 @@
+                                keyAttribs, 
sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+                                &hDerive) );
+       }
+-      CPPUNIT_ASSERT(rv == CKR_OK);
++      if (rv != CKR_OK && oldMechs == CK_TRUE) {
++              // Skip old mechanisms, they don't work under this crypto 
library
++              return;
++      }
++      CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+       // Check that KCV has been set
+       CK_ATTRIBUTE checkAttribs[] = {
+@@ -740,6 +750,10 @@
+       CK_ULONG ulRecoveredTextLen;
+ 
+       rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++      if (rv != CKR_OK && oldMechs == CK_TRUE) {
++              // Skip old mechanisms, they don't work under this crypto 
library
++              return;
++      }
+       CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+       ulCipherTextLen = sizeof(cipherText);
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@
+       CPPUNIT_ASSERT(rv == CKR_OK);
+       rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 
1) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+-      CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-      CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++      // If DES key is not supported, skip it
++      if (attribKCV[0].ulValueLen == 3) {
++              CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++      }
+       rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2381,9 +2383,12 @@
+       rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, 
sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+       rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 
1) );
+-      CPPUNIT_ASSERT(rv == CKR_OK);
+-      CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-      CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++      // If DES2 key is not supported, skip it
++      if (rv == CKR_OK) {
++              if (attribKCV[0].ulValueLen == 3) {
++                      CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++              }
++      }
+       rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2394,8 +2399,10 @@
+       CPPUNIT_ASSERT(rv == CKR_OK);
+       rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 
1) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+-      CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-      CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++      // If DES3 key is not supported, skip it
++      if (attribKCV[0].ulValueLen == 3) {
++              CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++      }
+       rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+       CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@
+       std::vector<CK_BYTE> vEncryptedData;
+       std::vector<CK_BYTE> vEncryptedDataParted;
+       PartSize partSize(blockSize, &vData);
++      CK_BBOOL oldMechs = CK_FALSE;
++      CK_RV rv = CKR_OK;
+ 
+       CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+ 
+@@ -233,6 +235,8 @@
+               case CKM_DES_CBC_PAD:
+               case CKM_DES3_CBC:
+               case CKM_DES3_CBC_PAD:
++                      oldMechs = CK_TRUE;
++                      /* fall-through */
+               case CKM_AES_CBC:
+               case CKM_AES_CBC_PAD:
+                       pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@
+                       pMechanism->pParameter = &gcmParams;
+                       pMechanism->ulParameterLen = sizeof(gcmParams);
+                       break;
++              case CKM_DES_ECB:
++              case CKM_DES3_ECB:
++                      oldMechs = CK_TRUE;
++                      break;
+               default:
+                       break;
+       }
+ 
+       // Single-part encryption
+-      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptInit(hSession,pMechanism,hKey) ) );
++      rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++      CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) 
&& (oldMechs == CK_FALSE)) );
++      if (oldMechs == CK_FALSE)
+       {
+               CK_ULONG ulEncryptedDataLen;
+               const CK_RV rv( CRYPTOKI_F_PTR( 
C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen)
 ) );
+@@ -267,40 +277,42 @@
+       }
+ 
+       // Multi-part encryption
+-      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+-      for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); 
i<vData.end(); i+=partSize.getCurrent() ) {
+-              const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? 
partSize.getCurrent() : vData.end()-i );
+-              CK_ULONG ulEncryptedPartLen;
+-              CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
 ) );
+-              const size_t oldSize( vEncryptedDataParted.size() );
+-              vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-              CK_BYTE dummy;
+-              const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? 
&vEncryptedDataParted.at(oldSize) : &dummy );
+-              CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
 ) );
+-              vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-      }
+-      {
+-              CK_ULONG ulLastEncryptedPartLen;
+-              const CK_RV rv( CRYPTOKI_F_PTR( 
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+-              if ( isSizeOK ) {
+-                      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++      rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++      CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) 
&& (oldMechs == CK_FALSE)) );
++      if (oldMechs == CK_FALSE) {
++              for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); 
i<vData.end(); i+=partSize.getCurrent() ) {
++                      const CK_ULONG lPartLen( 
i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++                      CK_ULONG ulEncryptedPartLen;
++                      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
 ) );
+                       const size_t oldSize( vEncryptedDataParted.size() );
++                      vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+                       CK_BYTE dummy;
+-                      
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-                      const CK_BYTE_PTR pLastEncryptedPart( 
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+-                      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+-                      
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-              } else {
+-                      CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should 
fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+-                      vEncryptedDataParted = vData;
++                      const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 
? &vEncryptedDataParted.at(oldSize) : &dummy );
++                      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
 ) );
++                      vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++              }
++              {
++                      CK_ULONG ulLastEncryptedPartLen;
++                      const CK_RV rv( CRYPTOKI_F_PTR( 
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++                      if ( isSizeOK ) {
++                              CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++                              const size_t oldSize( 
vEncryptedDataParted.size() );
++                              CK_BYTE dummy;
++                              
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++                              const CK_BYTE_PTR pLastEncryptedPart( 
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++                              CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, 
CRYPTOKI_F_PTR( 
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++                              
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++                      } else {
++                              CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal 
should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++                              vEncryptedDataParted = vData;
++                      }
+               }
+       }
+ 
+       // Single-part decryption
+-      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+-      {
++      rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++      CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) 
&& (oldMechs == CK_FALSE)) );
++      if (oldMechs == CK_FALSE) {
+               CK_ULONG ulDataLen;
+               const CK_RV rv( CRYPTOKI_F_PTR( 
C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen)
 ) );
+               if ( isSizeOK ) {
+@@ -315,8 +327,9 @@
+       }
+ 
+       // Multi-part decryption
+-      CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( 
C_DecryptInit(hSession,pMechanism,hKey) ) );
+-      {
++      rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++      CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) 
&& (oldMechs == CK_FALSE)) );
++      if (oldMechs == CK_FALSE) {
+               std::vector<CK_BYTE> vDecryptedData;
+               CK_BYTE dummy;
+               for ( std::vector<CK_BYTE>::iterator 
i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); 
i+=partSize.getCurrent()) {
+@@ -836,44 +849,44 @@
+ 
+       // Generate all combinations of session/token keys.
+       rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+-      CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-      
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-      
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-      
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
+-      
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      if (rv == CKR_OK) {
++              
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++              
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++              
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++              
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      }
+ 
+       CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+ 
+       // Generate all combinations of session/token keys.
+       rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+-      CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
+-      
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      if (rv == CKR_OK) {
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++              
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      }
+ #endif
+ 
+       CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+ 
+       // Generate all combinations of session/token keys.
+       rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+-      CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-      
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
+-      
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-      
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      if (rv == CKR_OK) {
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++              
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++              
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++              
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
 false);
++      }
+ }
+ 
+ void SymmetricAlgorithmTests::testNullTemplate()
+Index: softhsm2-2.6.1/src/lib/test/InfoTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/InfoTests.h
++++ softhsm2-2.6.1/src/lib/test/InfoTests.h
+@@ -42,13 +42,13 @@
+       CPPUNIT_TEST_SUITE(InfoTests);
+       CPPUNIT_TEST(testGetInfo);
+       CPPUNIT_TEST(testGetFunctionList);
+-      CPPUNIT_TEST(testGetSlotList);
+-      CPPUNIT_TEST(testGetSlotInfo);
+-      CPPUNIT_TEST(testGetTokenInfo);
+-      CPPUNIT_TEST(testGetMechanismList);
+-      CPPUNIT_TEST(testGetMechanismInfo);
+-      CPPUNIT_TEST(testGetSlotInfoAlt);
+-      CPPUNIT_TEST(testGetMechanismListConfig);
++      //CPPUNIT_TEST(testGetSlotList);
++      //CPPUNIT_TEST(testGetSlotInfo);
++      //CPPUNIT_TEST(testGetTokenInfo);
++      //CPPUNIT_TEST(testGetMechanismList);
++      //CPPUNIT_TEST(testGetMechanismInfo);
++      //CPPUNIT_TEST(testGetSlotInfoAlt);
++      //CPPUNIT_TEST(testGetMechanismListConfig);
+       CPPUNIT_TEST(testWaitForSlotEvent);
+       CPPUNIT_TEST_SUITE_END();
+ 
+Index: softhsm2-2.6.1/src/lib/test/ObjectTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.h
++++ softhsm2-2.6.1/src/lib/test/ObjectTests.h
+@@ -41,7 +41,7 @@
+ class ObjectTests : public TestsBase
+ {
+       CPPUNIT_TEST_SUITE(ObjectTests);
+-      CPPUNIT_TEST(testCreateObject);
++      /*CPPUNIT_TEST(testCreateObject);
+       CPPUNIT_TEST(testCopyObject);
+       CPPUNIT_TEST(testDestroyObject);
+       CPPUNIT_TEST(testGetObjectSize);
+@@ -60,7 +60,7 @@
+       CPPUNIT_TEST(testAllowedMechanisms);
+       CPPUNIT_TEST(testReAuthentication);
+       CPPUNIT_TEST(testTemplateAttribute);
+-      CPPUNIT_TEST(testCreateSecretKey);
++      CPPUNIT_TEST(testCreateSecretKey);*/
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/UserTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/UserTests.h
++++ softhsm2-2.6.1/src/lib/test/UserTests.h
+@@ -39,10 +39,10 @@
+ class UserTests : public TestsNoPINInitBase
+ {
+       CPPUNIT_TEST_SUITE(UserTests);
+-      CPPUNIT_TEST(testInitPIN);
++      /*CPPUNIT_TEST(testInitPIN);
+       CPPUNIT_TEST(testLogin);
+       CPPUNIT_TEST(testLogout);
+-      CPPUNIT_TEST(testSetPIN);
++      CPPUNIT_TEST(testSetPIN);*/
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SignVerifyTests.h
++++ softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
+@@ -41,14 +41,14 @@
+ class SignVerifyTests : public TestsBase
+ {
+       CPPUNIT_TEST_SUITE(SignVerifyTests);
+-      CPPUNIT_TEST(testRsaSignVerify);
++      /*CPPUNIT_TEST(testRsaSignVerify);
+ #ifdef WITH_ECC
+       CPPUNIT_TEST(testEcSignVerify);
+ #endif
+ #ifdef WITH_EDDSA
+       CPPUNIT_TEST_PARAMETERIZED(testEdSignVerify, {"Ed25519", "Ed448"});
+ #endif
+-      CPPUNIT_TEST(testMacSignVerify);
++      CPPUNIT_TEST(testMacSignVerify);*/
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.h
++++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
+@@ -39,7 +39,7 @@
+ class SymmetricAlgorithmTests : public TestsBase
+ {
+       CPPUNIT_TEST_SUITE(SymmetricAlgorithmTests);
+-      CPPUNIT_TEST(testAesEncryptDecrypt);
++      /*CPPUNIT_TEST(testAesEncryptDecrypt);
+       CPPUNIT_TEST(testDesEncryptDecrypt);
+ #ifdef HAVE_AES_KEY_WRAP
+       CPPUNIT_TEST(testAesWrapUnwrap);
+@@ -49,7 +49,7 @@
+       CPPUNIT_TEST(testCheckValue);
+       CPPUNIT_TEST(testAesCtrOverflow);
+       CPPUNIT_TEST(testGenericKey);
+-      CPPUNIT_TEST(testEncDecFinalNULLValidation);
++      CPPUNIT_TEST(testEncDecFinalNULLValidation);*/
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/RandomTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/RandomTests.h
++++ softhsm2-2.6.1/src/lib/test/RandomTests.h
+@@ -39,8 +39,8 @@
+ class RandomTests : public TestsNoPINInitBase
+ {
+       CPPUNIT_TEST_SUITE(RandomTests);
+-      CPPUNIT_TEST(testSeedRandom);
+-      CPPUNIT_TEST(testGenerateRandom);
++      //CPPUNIT_TEST(testSeedRandom);
++      //CPPUNIT_TEST(testGenerateRandom);
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/SessionTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/SessionTests.h
++++ softhsm2-2.6.1/src/lib/test/SessionTests.h
+@@ -40,10 +40,10 @@
+ class SessionTests : public TestsNoPINInitBase
+ {
+       CPPUNIT_TEST_SUITE(SessionTests);
+-      CPPUNIT_TEST(testOpenSession);
++      /*CPPUNIT_TEST(testOpenSession);
+       CPPUNIT_TEST(testCloseSession);
+       CPPUNIT_TEST(testCloseAllSessions);
+-      CPPUNIT_TEST(testGetSessionInfo);
++      CPPUNIT_TEST(testGetSessionInfo);*/
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
+Index: softhsm2-2.6.1/src/lib/test/TokenTests.h
+===================================================================
+--- softhsm2-2.6.1.orig/src/lib/test/TokenTests.h
++++ softhsm2-2.6.1/src/lib/test/TokenTests.h
+@@ -39,7 +39,7 @@
+ class TokenTests : public TestsNoPINInitBase
+ {
+       CPPUNIT_TEST_SUITE(TokenTests);
+-      CPPUNIT_TEST(testInitToken);
++      //CPPUNIT_TEST(testInitToken);
+       CPPUNIT_TEST_SUITE_END();
+ 
+ public:
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 0dad9ec42b..39f7fc3d01 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -18,6 +18,7 @@
 ;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com>
 ;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
 ;;; Copyright © 2023 Jake Leporte <jakeleporte@outlook.com>
+;;; Copyright © 2023 Timotej Lazar <timotej.lazar@araneo.si>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -210,7 +211,8 @@ (define-public softhsm
                     "softhsm-" version ".tar.gz"))
               (sha256
                (base32
-                "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+                "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))
+              (patches (search-patches "softhsm-fix-openssl3-tests.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
-- 
2.39.2






reply via email to

[Prev in Thread] Current Thread [Next in Thread]