Date: Tuesday, November 1, 2022 @ 18:56:22
Author: foutrelis
Revision: 1340231
archrelease: copy trunk to community-staging-x86_64
Added:
softhsm/repos/community-staging-x86_64/PKGBUILD
(from rev 1340230, softhsm/trunk/PKGBUILD)
softhsm/repos/community-staging-x86_64/keys/
softhsm/repos/community-staging-x86_64/softhsm-2.6.1-rh1831086-exit.patch
(from rev 1340230, softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch)
softhsm/repos/community-staging-x86_64/softhsm-openssl3-tests.patch
(from rev 1340230, softhsm/trunk/softhsm-openssl3-tests.patch)
Deleted:
softhsm/repos/community-staging-x86_64/PKGBUILD
softhsm/repos/community-staging-x86_64/keys/
softhsm/repos/community-staging-x86_64/softhsm-2.6.1-rh1831086-exit.patch
softhsm/repos/community-staging-x86_64/softhsm-openssl3-tests.patch
------------------------------------+
PKGBUILD | 130 +-
softhsm-2.6.1-rh1831086-exit.patch | 144 +-
softhsm-openssl3-tests.patch | 2022 +++++++++++++++++------------------
3 files changed, 1148 insertions(+), 1148 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-11-01 18:56:16 UTC (rev 1340230)
+++ PKGBUILD 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -1,65 +0,0 @@
-# Maintainer: Massimiliano Torromeo <[email protected]>
-# Contributor: Javier Torres <javitonino [at] gmail [dot] com>
-
-pkgname=softhsm
-pkgver=2.6.1
-pkgrel=3
-pkgdesc="Software PKCS#11 store"
-arch=('x86_64')
-url="https://www.opendnssec.org/softhsm/";
-license=('BSD')
-depends=('botan' 'sqlite3' 'openssl' 'p11-kit')
-checkdepends=('cppunit')
-backup=("etc/softhsm2.conf")
-options=(!libtool !lto debug)
-source=("https://dist.opendnssec.org/source/$pkgname-$pkgver.tar.gz"{,.sig}
- "softhsm-openssl3-tests.patch"
- "softhsm-2.6.1-rh1831086-exit.patch")
-sha256sums=('61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2'
- 'SKIP'
- 'd97f51e8d41e8bf0ef2ee3959be746d0349e8e1c0130ddaf3d905c23f8e43230'
- '163338a73ab1bcc475e07b96f054d3c8f67ac9d2637b8f74ddaa97aa6b4171e1')
-validpgpkeys=('4D0388CE86BB398B387B663041F623BE4FCB0B94')
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver"
- patch -p1 -i "$srcdir/softhsm-openssl3-tests.patch"
- patch -p1 -i "$srcdir/softhsm-2.6.1-rh1831086-exit.patch"
- sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
- sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
- autoreconf -vfi
-}
-
-build() {
- cd "$srcdir/$pkgname-$pkgver"
- ./configure \
- --prefix=/usr \
- --libdir=/usr/lib/pkcs11 \
- --datarootdir=/usr/share \
- --localstatedir=/var \
- --sysconfdir=/etc \
- --with-p11-kit=/usr/share/p11-kit/modules/ \
- --with-migrate \
- --enable-visibility \
- --enable-ecc \
- --enable-eddsa \
- --disable-gost
- make
-}
-
-check() {
- cd "$srcdir/$pkgname-$pkgver"
- make check
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir/" install
- install -Dm0644 "LICENSE" "$pkgdir/usr/share/licenses/softhsm/LICENSE"
- rm "$pkgdir/etc/softhsm2.conf.sample"
-
- cd "$pkgdir/usr/lib"
- install -dm0755 softhsm
- ln -s ../pkcs11/libsofthsm2.so softhsm/
- ln -s pkcs11/libsofthsm2.so
-}
Copied: softhsm/repos/community-staging-x86_64/PKGBUILD (from rev 1340230,
softhsm/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -0,0 +1,65 @@
+# Maintainer: Massimiliano Torromeo <[email protected]>
+# Contributor: Javier Torres <javitonino [at] gmail [dot] com>
+
+pkgname=softhsm
+pkgver=2.6.1
+pkgrel=4
+pkgdesc="Software PKCS#11 store"
+arch=('x86_64')
+url="https://www.opendnssec.org/softhsm/";
+license=('BSD')
+depends=('botan' 'sqlite3' 'openssl' 'p11-kit')
+checkdepends=('cppunit')
+backup=("etc/softhsm2.conf")
+options=(!libtool !lto debug)
+source=("https://dist.opendnssec.org/source/$pkgname-$pkgver.tar.gz"{,.sig}
+ "softhsm-openssl3-tests.patch"
+ "softhsm-2.6.1-rh1831086-exit.patch")
+sha256sums=('61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2'
+ 'SKIP'
+ 'd97f51e8d41e8bf0ef2ee3959be746d0349e8e1c0130ddaf3d905c23f8e43230'
+ '163338a73ab1bcc475e07b96f054d3c8f67ac9d2637b8f74ddaa97aa6b4171e1')
+validpgpkeys=('4D0388CE86BB398B387B663041F623BE4FCB0B94')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ patch -p1 -i "$srcdir/softhsm-openssl3-tests.patch"
+ patch -p1 -i "$srcdir/softhsm-2.6.1-rh1831086-exit.patch"
+ sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
+ sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
+ autoreconf -vfi
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ ./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib/pkcs11 \
+ --datarootdir=/usr/share \
+ --localstatedir=/var \
+ --sysconfdir=/etc \
+ --with-p11-kit=/usr/share/p11-kit/modules/ \
+ --with-migrate \
+ --enable-visibility \
+ --enable-ecc \
+ --enable-eddsa \
+ --disable-gost
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make check
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir/" install
+ install -Dm0644 "LICENSE" "$pkgdir/usr/share/licenses/softhsm/LICENSE"
+ rm "$pkgdir/etc/softhsm2.conf.sample"
+
+ cd "$pkgdir/usr/lib"
+ install -dm0755 softhsm
+ ln -s ../pkcs11/libsofthsm2.so softhsm/
+ ln -s pkcs11/libsofthsm2.so
+}
Deleted: softhsm-2.6.1-rh1831086-exit.patch
===================================================================
--- softhsm-2.6.1-rh1831086-exit.patch 2022-11-01 18:56:16 UTC (rev 1340230)
+++ softhsm-2.6.1-rh1831086-exit.patch 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -1,72 +0,0 @@
-diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp
b/src/lib/crypto/OSSLCryptoFactory.cpp
-index 32daca2..ace4bcb 100644
---- a/src/lib/crypto/OSSLCryptoFactory.cpp
-+++ b/src/lib/crypto/OSSLCryptoFactory.cpp
-@@ -226,31 +226,49 @@ err:
- // Destructor
- OSSLCryptoFactory::~OSSLCryptoFactory()
- {
--#ifdef WITH_GOST
-- // Finish the GOST engine
-- if (eg != NULL)
-+ bool ossl_shutdown = false;
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+ // OpenSSL 1.1.0+ will register an atexit() handler to run
-+ // OPENSSL_cleanup(). If that has already happened we must
-+ // not attempt to free any ENGINEs because they'll already
-+ // have been destroyed and the use-after-free would cause
-+ // a deadlock or crash.
-+ //
-+ // Detect that situation because reinitialisation will fail
-+ // after OPENSSL_cleanup() has run.
-+ (void)ERR_set_mark();
-+ ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
-+ (void)ERR_pop_to_mark();
-+#endif
-+ if (!ossl_shutdown)
- {
-- ENGINE_finish(eg);
-- ENGINE_free(eg);
-- eg = NULL;
-- }
-+#ifdef WITH_GOST
-+ // Finish the GOST engine
-+ if (eg != NULL)
-+ {
-+ ENGINE_finish(eg);
-+ ENGINE_free(eg);
-+ eg = NULL;
-+ }
- #endif
-
-- // Finish the rd_rand engine
-- ENGINE_finish(rdrand_engine);
-- ENGINE_free(rdrand_engine);
-- rdrand_engine = NULL;
-+ // Finish the rd_rand engine
-+ ENGINE_finish(rdrand_engine);
-+ ENGINE_free(rdrand_engine);
-+ rdrand_engine = NULL;
-
-+ // Recycle locks
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+ if (setLockingCallback)
-+ {
-+ CRYPTO_set_locking_callback(NULL);
-+ }
-+#endif
-+ }
- // Destroy the one-and-only RNG
- delete rng;
-
-- // Recycle locks
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-- if (setLockingCallback)
-- {
-- CRYPTO_set_locking_callback(NULL);
-- }
--#endif
- for (unsigned i = 0; i < nlocks; i++)
- {
- MutexFactory::i()->recycleMutex(locks[i]);
Copied:
softhsm/repos/community-staging-x86_64/softhsm-2.6.1-rh1831086-exit.patch (from
rev 1340230, softhsm/trunk/softhsm-2.6.1-rh1831086-exit.patch)
===================================================================
--- softhsm-2.6.1-rh1831086-exit.patch (rev 0)
+++ softhsm-2.6.1-rh1831086-exit.patch 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -0,0 +1,72 @@
+diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp
b/src/lib/crypto/OSSLCryptoFactory.cpp
+index 32daca2..ace4bcb 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.cpp
++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
+@@ -226,31 +226,49 @@ err:
+ // Destructor
+ OSSLCryptoFactory::~OSSLCryptoFactory()
+ {
+-#ifdef WITH_GOST
+- // Finish the GOST engine
+- if (eg != NULL)
++ bool ossl_shutdown = false;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ // OpenSSL 1.1.0+ will register an atexit() handler to run
++ // OPENSSL_cleanup(). If that has already happened we must
++ // not attempt to free any ENGINEs because they'll already
++ // have been destroyed and the use-after-free would cause
++ // a deadlock or crash.
++ //
++ // Detect that situation because reinitialisation will fail
++ // after OPENSSL_cleanup() has run.
++ (void)ERR_set_mark();
++ ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
++ (void)ERR_pop_to_mark();
++#endif
++ if (!ossl_shutdown)
+ {
+- ENGINE_finish(eg);
+- ENGINE_free(eg);
+- eg = NULL;
+- }
++#ifdef WITH_GOST
++ // Finish the GOST engine
++ if (eg != NULL)
++ {
++ ENGINE_finish(eg);
++ ENGINE_free(eg);
++ eg = NULL;
++ }
+ #endif
+
+- // Finish the rd_rand engine
+- ENGINE_finish(rdrand_engine);
+- ENGINE_free(rdrand_engine);
+- rdrand_engine = NULL;
++ // Finish the rd_rand engine
++ ENGINE_finish(rdrand_engine);
++ ENGINE_free(rdrand_engine);
++ rdrand_engine = NULL;
+
++ // Recycle locks
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ if (setLockingCallback)
++ {
++ CRYPTO_set_locking_callback(NULL);
++ }
++#endif
++ }
+ // Destroy the one-and-only RNG
+ delete rng;
+
+- // Recycle locks
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+- if (setLockingCallback)
+- {
+- CRYPTO_set_locking_callback(NULL);
+- }
+-#endif
+ for (unsigned i = 0; i < nlocks; i++)
+ {
+ MutexFactory::i()->recycleMutex(locks[i]);
Deleted: softhsm-openssl3-tests.patch
===================================================================
--- softhsm-openssl3-tests.patch 2022-11-01 18:56:16 UTC (rev 1340230)
+++ softhsm-openssl3-tests.patch 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -1,1011 +0,0 @@
-From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <[email protected]>
-Date: Wed, 26 May 2021 20:03:25 +0300
-Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
-
-OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
-explicitly. By default, it will not be loaded and DES methods in tests
-will fail. Nest test blocks under successful initialization.
-
-Signed-off-by: Alexander Bokovoy <[email protected]>
----
- src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
- 1 file changed, 182 insertions(+), 168 deletions(-)
-
-diff --git a/src/lib/crypto/test/DESTests.cpp
b/src/lib/crypto/test/DESTests.cpp
-index bcb1c6b..aa68746 100644
---- a/src/lib/crypto/test/DESTests.cpp
-+++ b/src/lib/crypto/test/DESTests.cpp
-@@ -259,54 +259,58 @@ void DESTests::testCBC()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::CBC, IV));
-+ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CBC, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CBC, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+
-+ }
-
- // Test 112-bit key
- cipherText = ByteString(testResult[i][j][1]);
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::CBC, IV));
-+ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CBC, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CBC, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-+
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
- #endif
-
- // Test 168-bit key
-@@ -314,27 +318,28 @@ void DESTests::testCBC()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::CBC, IV));
-+ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CBC, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CBC, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- }
- }
- }
-@@ -534,54 +539,56 @@ void DESTests::testECB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::ECB, IV));
-+ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::ECB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::ECB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
-
- // Test 112-bit key
- cipherText = ByteString(testResult[i][j][1]);
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::ECB, IV));
-+ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::ECB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::ECB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- #endif
-
- // Test 168-bit key
-@@ -589,27 +596,28 @@ void DESTests::testECB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::ECB, IV));
-+ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::ECB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::ECB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- }
- }
- }
-@@ -809,54 +817,56 @@ void DESTests::testOFB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::OFB, IV));
-+ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::OFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::OFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
-
- // Test 112-bit key
- cipherText = ByteString(testResult[i][j][1]);
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::OFB, IV));
-+ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::OFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::OFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- #endif
-
- // Test 168-bit key
-@@ -864,27 +874,28 @@ void DESTests::testOFB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::OFB, IV));
-+ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::OFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::OFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- }
- }
- }
-@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::CFB, IV));
-+ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
-
- // Test 112-bit key
- cipherText = ByteString(testResult[i][j][1]);
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::CFB, IV));
-+ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- #endif
-
- // Test 168-bit key
-@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
-
- // Now, do the same thing using our DES implementation
- shsmCipherText.wipe();
-- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::CFB, IV));
-+ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
-
-- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(des->encryptFinal(OB));
-- shsmCipherText += OB;
-+ CPPUNIT_ASSERT(des->encryptFinal(OB));
-+ shsmCipherText += OB;
-
-- CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
-
-- // Check that we can get the plain text
-- shsmPlainText.wipe();
-- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CFB, IV));
-+ // Check that we can get the plain text
-+ shsmPlainText.wipe();
-+ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CFB, IV));
-
-- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-- shsmPlainText += OB;
-+
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(des->decryptFinal(OB));
-- shsmPlainText += OB;
-+ CPPUNIT_ASSERT(des->decryptFinal(OB));
-+ shsmPlainText += OB;
-
-- CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ CPPUNIT_ASSERT(shsmPlainText == plainText);
-+ }
- }
- }
- }
---
-2.31.1
-
-
-From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <[email protected]>
-Date: Wed, 26 May 2021 20:09:31 +0300
-Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
-
-Signed-off-by: Alexander Bokovoy <[email protected]>
----
- src/lib/crypto/test/RSATests.cpp | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/src/lib/crypto/test/RSATests.cpp
b/src/lib/crypto/test/RSATests.cpp
-index 6af1e19..e583b8b 100644
---- a/src/lib/crypto/test/RSATests.cpp
-+++ b/src/lib/crypto/test/RSATests.cpp
-@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
-
- // Key sizes to test
- std::vector<size_t> keySizes;
-- keySizes.push_back(1024);
- #ifndef WITH_FIPS
- keySizes.push_back(1025);
- #endif
-@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
-
- void RSATests::testSerialisation()
- {
-- // Generate a 1024-bit key-pair for testing
-+ // Generate a 2048-bit key-pair for testing
- AsymmetricKeyPair* kp;
- RSAParameters p;
-
- p.setE("010001");
-- p.setBitLength(1024);
-+ p.setBitLength(2048);
-
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
- CPPUNIT_ASSERT(kp != NULL);
-@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
-
- void RSATests::testPKCS8()
- {
-- // Generate a 1024-bit key-pair for testing
-+ // Generate a 2048-bit key-pair for testing
- AsymmetricKeyPair* kp;
- RSAParameters p;
-
- p.setE("010001");
-- p.setBitLength(1024);
-+ p.setBitLength(2048);
-
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
- CPPUNIT_ASSERT(kp != NULL);
-@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
-
- // Key sizes to test
- std::vector<size_t> keySizes;
-- keySizes.push_back(1024);
- keySizes.push_back(1280);
- keySizes.push_back(2048);
- //keySizes.push_back(4096);
-@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
-
- // Key sizes to test
- std::vector<size_t> keySizes;
-- keySizes.push_back(1024);
- keySizes.push_back(1280);
- keySizes.push_back(2048);
- //keySizes.push_back(4096);
---
-2.31.1
-
-
-From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <[email protected]>
-Date: Wed, 26 May 2021 22:29:22 +0300
-Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
-
-OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
-CentOS 9 Stream) might block certain key sizes which causes the tests to
-fail. Skip these tests because we are not going to get the results
-anyway.
-
-There is no way with CPPUNIT to produce a warning only, so we have to
-skip the whole test result.
-
-Signed-off-by: Alexander Bokovoy <[email protected]>
----
- src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
- 1 file changed, 18 insertions(+), 13 deletions(-)
-
-diff --git a/src/lib/crypto/test/RSATests.cpp
b/src/lib/crypto/test/RSATests.cpp
-index e583b8b..3b397d2 100644
---- a/src/lib/crypto/test/RSATests.cpp
-+++ b/src/lib/crypto/test/RSATests.cpp
-@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
- p.setE(*e);
- p.setBitLength(*k);
-
-- // Generate key-pair
-- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+ // Generate key-pair but skip test if key size is
unsupported in OpenSSL 3.0.0
-+ if (rsa->generateKeyPair(&kp, &p)) {
-
-- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
-- RSAPrivateKey* priv = (RSAPrivateKey*)
kp->getPrivateKey();
-+ RSAPublicKey* pub = (RSAPublicKey*)
kp->getPublicKey();
-+ RSAPrivateKey* priv = (RSAPrivateKey*)
kp->getPrivateKey();
-
-- CPPUNIT_ASSERT(pub->getBitLength() == *k);
-- CPPUNIT_ASSERT(priv->getBitLength() == *k);
-- CPPUNIT_ASSERT(pub->getE() == *e);
-- CPPUNIT_ASSERT(priv->getE() == *e);
-+ CPPUNIT_ASSERT(pub->getBitLength() == *k);
-+ CPPUNIT_ASSERT(priv->getBitLength() == *k);
-+ CPPUNIT_ASSERT(pub->getE() == *e);
-+ CPPUNIT_ASSERT(priv->getE() == *e);
-
-- rsa->recycleKeyPair(kp);
-+ rsa->recycleKeyPair(kp);
-+ }
- }
- }
- }
-@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
- p.setE(*e);
- p.setBitLength(*k);
-
-- // Generate key-pair
-- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+ // Generate key-pair but skip those that unsupported in
OpenSSL 3.0.0
-+ if (!rsa->generateKeyPair(&kp, &p)) {
-+ continue;
-+ }
-
- // Generate some data to sign
- ByteString dataToSign;
-@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
- p.setE(*e);
- p.setBitLength(*k);
-
-- // Generate key-pair
-- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+ // Generate key-pair but skip those that unsupported in
OpenSSL 3.0.0
-+ if (!rsa->generateKeyPair(&kp, &p)) {
-+ continue;
-+ }
-
- RNG* rng = CryptoFactory::i()->getRNG();
-
---
-2.31.1
-
-
-From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <[email protected]>
-Date: Thu, 27 May 2021 15:08:02 +0300
-Subject: [PATCH 4/4] openssl3: skip DES* tests
-
-Signed-off-by: Alexander Bokovoy <[email protected]>
----
- src/lib/test/DeriveTests.cpp | 16 ++-
- src/lib/test/ObjectTests.cpp | 21 ++--
- src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
- 3 files changed, 100 insertions(+), 66 deletions(-)
-
-diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
-index 9438ac2..275c399 100644
---- a/src/lib/test/DeriveTests.cpp
-+++ b/src/lib/test/DeriveTests.cpp
-@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
- };
- CK_ULONG secLen = 0;
-+ CK_BBOOL oldMechs = CK_FALSE;
-
- switch (mechType)
- {
- case CKM_DES_ECB_ENCRYPT_DATA:
- case CKM_DES3_ECB_ENCRYPT_DATA:
-+ oldMechs = CK_TRUE;
-+ /* fall-through */
- case CKM_AES_ECB_ENCRYPT_DATA:
- param1.pData = &data[0];
- param1.ulLen = sizeof(data);
-@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
- break;
- case CKM_DES_CBC_ENCRYPT_DATA:
- case CKM_DES3_CBC_ENCRYPT_DATA:
-+ oldMechs = CK_TRUE;
- memcpy(param2.iv, "12345678", 8);
- param2.pData = &data[0];
- param2.length = sizeof(data);
-@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
- break;
- case CKK_DES:
- mechEncrypt.mechanism = CKM_DES_ECB;
-+ oldMechs = CK_TRUE;
- break;
- case CKK_DES2:
- case CKK_DES3:
- mechEncrypt.mechanism = CKM_DES3_ECB;
-+ oldMechs = CK_TRUE;
- break;
- case CKK_AES:
- mechEncrypt.mechanism = CKM_AES_ECB;
-@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
- keyAttribs,
sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
- &hDerive) );
- }
-- CPPUNIT_ASSERT(rv == CKR_OK);
-+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
-+ // Skip old mechanisms, they don't work under this crypto
library
-+ return;
-+ }
-+ CPPUNIT_ASSERT(rv==CKR_OK);
-
- // Check that KCV has been set
- CK_ATTRIBUTE checkAttribs[] = {
-@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
- CK_ULONG ulRecoveredTextLen;
-
- rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
-+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
-+ // Skip old mechanisms, they don't work under this crypto
library
-+ return;
-+ }
- CPPUNIT_ASSERT(rv==CKR_OK);
-
- ulCipherTextLen = sizeof(cipherText);
-diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
-index 9491ce1..4ffc1c8 100644
---- a/src/lib/test/ObjectTests.cpp
-+++ b/src/lib/test/ObjectTests.cpp
-@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
- CPPUNIT_ASSERT(rv == CKR_OK);
- rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
- CPPUNIT_ASSERT(rv == CKR_OK);
-- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
-+ // If DES key is not supported, skip it
-+ if (attribKCV[0].ulValueLen == 3) {
-+ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
-+ }
- rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- CPPUNIT_ASSERT(rv == CKR_OK);
-
-@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
- rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs,
sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
- CPPUNIT_ASSERT(rv == CKR_OK);
- rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
-- CPPUNIT_ASSERT(rv == CKR_OK);
-- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
-+ // If DES2 key is not supported, skip it
-+ if (rv == CKR_OK) {
-+ if (attribKCV[0].ulValueLen == 3) {
-+ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
-+ }
-+ }
- rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- CPPUNIT_ASSERT(rv == CKR_OK);
-
-@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
- CPPUNIT_ASSERT(rv == CKR_OK);
- rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
- CPPUNIT_ASSERT(rv == CKR_OK);
-- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
-+ // If DES3 key is not supported, skip it
-+ if (attribKCV[0].ulValueLen == 3) {
-+ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
-+ }
- rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- CPPUNIT_ASSERT(rv == CKR_OK);
- }
-diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp
b/src/lib/test/SymmetricAlgorithmTests.cpp
-index b24caaf..1994563 100644
---- a/src/lib/test/SymmetricAlgorithmTests.cpp
-+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
-@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
- std::vector<CK_BYTE> vEncryptedData;
- std::vector<CK_BYTE> vEncryptedDataParted;
- PartSize partSize(blockSize, &vData);
-+ CK_BBOOL oldMechs = CK_FALSE;
-+ CK_RV rv = CKR_OK;
-
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
-
-@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
- case CKM_DES_CBC_PAD:
- case CKM_DES3_CBC:
- case CKM_DES3_CBC_PAD:
-+ oldMechs = CK_TRUE;
-+ /* fall-through */
- case CKM_AES_CBC:
- case CKM_AES_CBC_PAD:
- pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
-@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
- pMechanism->pParameter = &gcmParams;
- pMechanism->ulParameterLen = sizeof(gcmParams);
- break;
-+ case CKM_DES_ECB:
-+ case CKM_DES3_ECB:
-+ oldMechs = CK_TRUE;
-+ break;
- default:
- break;
- }
-
- // Single-part encryption
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptInit(hSession,pMechanism,hKey) ) );
-+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
-+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
-+ if (oldMechs == CK_FALSE)
- {
- CK_ULONG ulEncryptedDataLen;
- const CK_RV rv( CRYPTOKI_F_PTR(
C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen)
) );
-@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
- }
-
- // Multi-part encryption
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptInit(hSession,pMechanism,hKey) ) );
--
-- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin());
i<vData.end(); i+=partSize.getCurrent() ) {
-- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ?
partSize.getCurrent() : vData.end()-i );
-- CK_ULONG ulEncryptedPartLen;
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
) );
-- const size_t oldSize( vEncryptedDataParted.size() );
-- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-- CK_BYTE dummy;
-- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ?
&vEncryptedDataParted.at(oldSize) : &dummy );
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
) );
-- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-- }
-- {
-- CK_ULONG ulLastEncryptedPartLen;
-- const CK_RV rv( CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
-- if ( isSizeOK ) {
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
-+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
-+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
-+ if (oldMechs == CK_FALSE) {
-+ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin());
i<vData.end(); i+=partSize.getCurrent() ) {
-+ const CK_ULONG lPartLen(
i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
-+ CK_ULONG ulEncryptedPartLen;
-+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
) );
- const size_t oldSize( vEncryptedDataParted.size() );
-+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
- CK_BYTE dummy;
--
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-- const CK_BYTE_PTR pLastEncryptedPart(
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
--
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-- } else {
-- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should
fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
-- vEncryptedDataParted = vData;
-+ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0
? &vEncryptedDataParted.at(oldSize) : &dummy );
-+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
) );
-+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-+ }
-+ {
-+ CK_ULONG ulLastEncryptedPartLen;
-+ const CK_RV rv( CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
-+ if ( isSizeOK ) {
-+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
-+ const size_t oldSize(
vEncryptedDataParted.size() );
-+ CK_BYTE dummy;
-+
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-+ const CK_BYTE_PTR pLastEncryptedPart(
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK,
CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
-+
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-+ } else {
-+ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal
should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
-+ vEncryptedDataParted = vData;
-+ }
- }
- }
-
- // Single-part decryption
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_DecryptInit(hSession,pMechanism,hKey) ) );
--
-- {
-+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
-+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
-+ if (oldMechs == CK_FALSE) {
- CK_ULONG ulDataLen;
- const CK_RV rv( CRYPTOKI_F_PTR(
C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen)
) );
- if ( isSizeOK ) {
-@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
- }
-
- // Multi-part decryption
-- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_DecryptInit(hSession,pMechanism,hKey) ) );
-- {
-+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
-+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
-+ if (oldMechs == CK_FALSE) {
- std::vector<CK_BYTE> vDecryptedData;
- CK_BYTE dummy;
- for ( std::vector<CK_BYTE>::iterator
i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end();
i+=partSize.getCurrent()) {
-@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
-
- // Generate all combinations of session/token keys.
- rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
-- CPPUNIT_ASSERT(rv == CKR_OK);
--
--
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
--
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ if (rv == CKR_OK) {
-+
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ }
-
- CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
-
- // Generate all combinations of session/token keys.
- rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
-- CPPUNIT_ASSERT(rv == CKR_OK);
--
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
--
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ if (rv == CKR_OK) {
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ }
- #endif
-
- CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
-
- // Generate all combinations of session/token keys.
- rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
-- CPPUNIT_ASSERT(rv == CKR_OK);
--
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
--
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ if (rv == CKR_OK) {
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
-+ }
- }
-
- void SymmetricAlgorithmTests::testNullTemplate()
---
-2.31.1
-
Copied: softhsm/repos/community-staging-x86_64/softhsm-openssl3-tests.patch
(from rev 1340230, softhsm/trunk/softhsm-openssl3-tests.patch)
===================================================================
--- softhsm-openssl3-tests.patch (rev 0)
+++ softhsm-openssl3-tests.patch 2022-11-01 18:56:22 UTC (rev 1340231)
@@ -0,0 +1,1011 @@
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <[email protected]>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <[email protected]>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+diff --git a/src/lib/crypto/test/DESTests.cpp
b/src/lib/crypto/test/DESTests.cpp
+index bcb1c6b..aa68746 100644
+--- a/src/lib/crypto/test/DESTests.cpp
++++ b/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@ void DESTests::testCBC()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::CBC, IV));
++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::CBC, IV));
++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
++
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+
+ // Test 168-bit key
+@@ -314,27 +318,28 @@ void DESTests::testCBC()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::CBC, IV));
++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CBC, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CBC, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -534,54 +539,56 @@ void DESTests::testECB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::ECB, IV));
++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::ECB, IV));
++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -589,27 +596,28 @@ void DESTests::testECB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::ECB, IV));
++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::ECB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::ECB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -809,54 +817,56 @@ void DESTests::testOFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::OFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::OFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -864,27 +874,28 @@ void DESTests::testOFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::OFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::OFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::OFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey56,
SymMode::CFB, IV));
++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey56,
SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+
+ // Test 112-bit key
+ cipherText = ByteString(testResult[i][j][1]);
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey112,
SymMode::CFB, IV));
++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey112,
SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ #endif
+
+ // Test 168-bit key
+@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
+
+ // Now, do the same thing using our DES implementation
+ shsmCipherText.wipe();
+- CPPUNIT_ASSERT(des->encryptInit(&desKey168,
SymMode::CFB, IV));
++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+
+- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptUpdate(plainText,
OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(des->encryptFinal(OB));
+- shsmCipherText += OB;
++ CPPUNIT_ASSERT(des->encryptFinal(OB));
++ shsmCipherText += OB;
+
+- CPPUNIT_ASSERT(shsmCipherText == cipherText);
++ CPPUNIT_ASSERT(shsmCipherText == cipherText);
+
+- // Check that we can get the plain text
+- shsmPlainText.wipe();
+- CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CFB, IV));
++ // Check that we can get the plain text
++ shsmPlainText.wipe();
++ CPPUNIT_ASSERT(des->decryptInit(&desKey168,
SymMode::CFB, IV));
+
+- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+- shsmPlainText += OB;
++
CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(des->decryptFinal(OB));
+- shsmPlainText += OB;
++ CPPUNIT_ASSERT(des->decryptFinal(OB));
++ shsmPlainText += OB;
+
+- CPPUNIT_ASSERT(shsmPlainText == plainText);
++ CPPUNIT_ASSERT(shsmPlainText == plainText);
++ }
+ }
+ }
+ }
+--
+2.31.1
+
+
+From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <[email protected]>
+Date: Wed, 26 May 2021 20:09:31 +0300
+Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
+
+Signed-off-by: Alexander Bokovoy <[email protected]>
+---
+ src/lib/crypto/test/RSATests.cpp | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp
b/src/lib/crypto/test/RSATests.cpp
+index 6af1e19..e583b8b 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+ keySizes.push_back(1025);
+ #endif
+@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
+
+ void RSATests::testSerialisation()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
+
+ void RSATests::testPKCS8()
+ {
+- // Generate a 1024-bit key-pair for testing
++ // Generate a 2048-bit key-pair for testing
+ AsymmetricKeyPair* kp;
+ RSAParameters p;
+
+ p.setE("010001");
+- p.setBitLength(1024);
++ p.setBitLength(2048);
+
+ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
+
+ // Key sizes to test
+ std::vector<size_t> keySizes;
+- keySizes.push_back(1024);
+ keySizes.push_back(1280);
+ keySizes.push_back(2048);
+ //keySizes.push_back(4096);
+--
+2.31.1
+
+
+From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <[email protected]>
+Date: Wed, 26 May 2021 22:29:22 +0300
+Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
+
+OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
+CentOS 9 Stream) might block certain key sizes which causes the tests to
+fail. Skip these tests because we are not going to get the results
+anyway.
+
+There is no way with CPPUNIT to produce a warning only, so we have to
+skip the whole test result.
+
+Signed-off-by: Alexander Bokovoy <[email protected]>
+---
+ src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp
b/src/lib/crypto/test/RSATests.cpp
+index e583b8b..3b397d2 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip test if key size is
unsupported in OpenSSL 3.0.0
++ if (rsa->generateKeyPair(&kp, &p)) {
+
+- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+- RSAPrivateKey* priv = (RSAPrivateKey*)
kp->getPrivateKey();
++ RSAPublicKey* pub = (RSAPublicKey*)
kp->getPublicKey();
++ RSAPrivateKey* priv = (RSAPrivateKey*)
kp->getPrivateKey();
+
+- CPPUNIT_ASSERT(pub->getBitLength() == *k);
+- CPPUNIT_ASSERT(priv->getBitLength() == *k);
+- CPPUNIT_ASSERT(pub->getE() == *e);
+- CPPUNIT_ASSERT(priv->getE() == *e);
++ CPPUNIT_ASSERT(pub->getBitLength() == *k);
++ CPPUNIT_ASSERT(priv->getBitLength() == *k);
++ CPPUNIT_ASSERT(pub->getE() == *e);
++ CPPUNIT_ASSERT(priv->getE() == *e);
+
+- rsa->recycleKeyPair(kp);
++ rsa->recycleKeyPair(kp);
++ }
+ }
+ }
+ }
+@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in
OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ // Generate some data to sign
+ ByteString dataToSign;
+@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
+ p.setE(*e);
+ p.setBitLength(*k);
+
+- // Generate key-pair
+- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++ // Generate key-pair but skip those that unsupported in
OpenSSL 3.0.0
++ if (!rsa->generateKeyPair(&kp, &p)) {
++ continue;
++ }
+
+ RNG* rng = CryptoFactory::i()->getRNG();
+
+--
+2.31.1
+
+
+From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <[email protected]>
+Date: Thu, 27 May 2021 15:08:02 +0300
+Subject: [PATCH 4/4] openssl3: skip DES* tests
+
+Signed-off-by: Alexander Bokovoy <[email protected]>
+---
+ src/lib/test/DeriveTests.cpp | 16 ++-
+ src/lib/test/ObjectTests.cpp | 21 ++--
+ src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
+ 3 files changed, 100 insertions(+), 66 deletions(-)
+
+diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
+index 9438ac2..275c399 100644
+--- a/src/lib/test/DeriveTests.cpp
++++ b/src/lib/test/DeriveTests.cpp
+@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ };
+ CK_ULONG secLen = 0;
++ CK_BBOOL oldMechs = CK_FALSE;
+
+ switch (mechType)
+ {
+ case CKM_DES_ECB_ENCRYPT_DATA:
+ case CKM_DES3_ECB_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_ECB_ENCRYPT_DATA:
+ param1.pData = &data[0];
+ param1.ulLen = sizeof(data);
+@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
+ break;
+ case CKM_DES_CBC_ENCRYPT_DATA:
+ case CKM_DES3_CBC_ENCRYPT_DATA:
++ oldMechs = CK_TRUE;
+ memcpy(param2.iv, "12345678", 8);
+ param2.pData = &data[0];
+ param2.length = sizeof(data);
+@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
+ break;
+ case CKK_DES:
+ mechEncrypt.mechanism = CKM_DES_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_DES2:
+ case CKK_DES3:
+ mechEncrypt.mechanism = CKM_DES3_ECB;
++ oldMechs = CK_TRUE;
+ break;
+ case CKK_AES:
+ mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
+ keyAttribs,
sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ &hDerive) );
+ }
+- CPPUNIT_ASSERT(rv == CKR_OK);
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto
library
++ return;
++ }
++ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ // Check that KCV has been set
+ CK_ATTRIBUTE checkAttribs[] = {
+@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey, C
+ CK_ULONG ulRecoveredTextLen;
+
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++ if (rv != CKR_OK && oldMechs == CK_TRUE) {
++ // Skip old mechanisms, they don't work under this crypto
library
++ return;
++ }
+ CPPUNIT_ASSERT(rv==CKR_OK);
+
+ ulCipherTextLen = sizeof(cipherText);
+diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
+index 9491ce1..4ffc1c8 100644
+--- a/src/lib/test/ObjectTests.cpp
++++ b/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ // If DES key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
+ rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs,
sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
+- CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ // If DES2 key is not supported, skip it
++ if (rv == CKR_OK) {
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++ }
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+
+@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV,
1) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ // If DES3 key is not supported, skip it
++ if (attribKCV[0].ulValueLen == 3) {
++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++ }
+ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp
b/src/lib/test/SymmetricAlgorithmTests.cpp
+index b24caaf..1994563 100644
+--- a/src/lib/test/SymmetricAlgorithmTests.cpp
++++ b/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ std::vector<CK_BYTE> vEncryptedData;
+ std::vector<CK_BYTE> vEncryptedDataParted;
+ PartSize partSize(blockSize, &vData);
++ CK_BBOOL oldMechs = CK_FALSE;
++ CK_RV rv = CKR_OK;
+
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+
+@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ case CKM_DES_CBC_PAD:
+ case CKM_DES3_CBC:
+ case CKM_DES3_CBC_PAD:
++ oldMechs = CK_TRUE;
++ /* fall-through */
+ case CKM_AES_CBC:
+ case CKM_AES_CBC_PAD:
+ pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ pMechanism->pParameter = &gcmParams;
+ pMechanism->ulParameterLen = sizeof(gcmParams);
+ break;
++ case CKM_DES_ECB:
++ case CKM_DES3_ECB:
++ oldMechs = CK_TRUE;
++ break;
+ default:
+ break;
+ }
+
+ // Single-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptInit(hSession,pMechanism,hKey) ) );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE)
+ {
+ CK_ULONG ulEncryptedDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR(
C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen)
) );
+@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ }
+
+ // Multi-part encryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin());
i<vData.end(); i+=partSize.getCurrent() ) {
+- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ?
partSize.getCurrent() : vData.end()-i );
+- CK_ULONG ulEncryptedPartLen;
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
) );
+- const size_t oldSize( vEncryptedDataParted.size() );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- CK_BYTE dummy;
+- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ?
&vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
) );
+- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+- }
+- {
+- CK_ULONG ulLastEncryptedPartLen;
+- const CK_RV rv( CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+- if ( isSizeOK ) {
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin());
i<vData.end(); i+=partSize.getCurrent() ) {
++ const CK_ULONG lPartLen(
i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++ CK_ULONG ulEncryptedPartLen;
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen)
) );
+ const size_t oldSize( vEncryptedDataParted.size() );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ CK_BYTE dummy;
+-
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- const CK_BYTE_PTR pLastEncryptedPart(
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+-
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+- } else {
+- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should
fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+- vEncryptedDataParted = vData;
++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0
? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen)
) );
++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++ }
++ {
++ CK_ULONG ulLastEncryptedPartLen;
++ const CK_RV rv( CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++ if ( isSizeOK ) {
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++ const size_t oldSize(
vEncryptedDataParted.size() );
++ CK_BYTE dummy;
++
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ const CK_BYTE_PTR pLastEncryptedPart(
ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK,
CRYPTOKI_F_PTR(
C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++
vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++ } else {
++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal
should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++ vEncryptedDataParted = vData;
++ }
+ }
+ }
+
+ // Single-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ CK_ULONG ulDataLen;
+ const CK_RV rv( CRYPTOKI_F_PTR(
C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen)
) );
+ if ( isSizeOK ) {
+@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ }
+
+ // Multi-part decryption
+- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR(
C_DecryptInit(hSession,pMechanism,hKey) ) );
+- {
++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK)
&& (oldMechs == CK_FALSE)) );
++ if (oldMechs == CK_FALSE) {
+ std::vector<CK_BYTE> vDecryptedData;
+ CK_BYTE dummy;
+ for ( std::vector<CK_BYTE>::iterator
i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end();
i+=partSize.getCurrent()) {
+@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
+
+ // Generate all combinations of session/token keys.
+ rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
+-
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ if (rv == CKR_OK) {
++
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++
encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ }
+
+ CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
+-
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ if (rv == CKR_OK) {
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ }
+ #endif
+
+ CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+
+ // Generate all combinations of session/token keys.
+ rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+- CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
+-
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ if (rv == CKR_OK) {
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++
encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++
encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1,
false);
++ }
+ }
+
+ void SymmetricAlgorithmTests::testNullTemplate()
+--
+2.31.1
+
