Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package softhsm for openSUSE:Factory checked in at 2024-12-02 16:58:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/softhsm (Old) and /work/SRC/openSUSE:Factory/.softhsm.new.28523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "softhsm" Mon Dec 2 16:58:22 2024 rev:3 rq:1227357 version:2.6.1+git.1732869438.f7883c2 Changes: -------- --- /work/SRC/openSUSE:Factory/softhsm/softhsm.changes 2024-05-21 18:37:17.668259556 +0200 +++ /work/SRC/openSUSE:Factory/.softhsm.new.28523/softhsm.changes 2024-12-02 16:58:27.831513224 +0100 @@ -1,0 +2,84 @@ +Fri Nov 29 13:56:56 UTC 2024 - mc...@cepl.eu + +- Update to version 2.6.1+git.1732869438.f7883c2: + * init + * add libtool for macos + * upgrade to macos-14 + * build on selected branches push only + * tweek + * Minor README.md fixes + * Add macOS to CI + * Build and run tests in CI for Windows + * Add GitHub Actions CI +- Update softhsm2-pk11install.c from + https://github.com/dogtagpki/coolkey/blob/master/src/install/pk11install.c + +------------------------------------------------------------------- +Mon Sep 16 20:57:39 UTC 2024 - Matej Cepl <mc...@cepl.eu> + +- Update to version 2.6.1+git.1700562855.913e7bf: + * fix typo + * Move cmake modules into own/clearer directory + * avoid unnecessary check for sqlite3 binary + * Fix memory leak in SoftHSM::UnwrapKeySym. + * doc add CMAKE build for windows + * fix check minimal botan version + * fix db backend tools compilation errors + * feat enable DB backend for windows + * fix compilation warnings + * fix cmake minimal version (CMP0054) + * feat make test output more verbose + * feat enable openssl build + * feat make ctest ouput more verbose + * feat disable openssl backend + * fix cppunit handlemanager + * fix remove getopt from cache + * fix cppunit path + * fix cmake minimal version 3.20 + * fix unreferenced formal parameter warning + * fix missing cppunit include + * fix cppUnit path + * fix remove windows getopt component under GNU license + * fix appveyor build script + * Update .appveyor.yml + * fix appveyor build script + * fix appveyor build script + * fix update vcpkg build tool + * Update .appveyor.yml + * fix update appveyor vcpkg build tool + * fix update appveyor vcpkg build tool + * fix cmake MSVC flags + * fix vcpkg options + * fix compile options + * feat add console output for test executable + * feat add windows compile options + * feat make tests more verbose + * fix disable ECB test + * fix build script for CppUnit + * fix disable ECB Tests + * fix enable appveyor cache on error + * fix enable appveyor cache on error + * fix cppunit vcpkg autodetect + * fix remove cppunit path + * fix enable post build tests + * fix windows duplicate define + * fix windows execution + * feat add a message if cppunit library is missing + * fix add Softhsm2-negative-mech.conf for p11test + * fix cmake windows static lib + * fix Botan ECB mode dropped + * fix set warning level to W4 for softhsm test binaries + * fix set warning level to W4 for softhsm libraries + * feat change compile crypto backend order + * fix add cmake windows compatibility files + * fix DEFAULT_UMASK missing + * fix set windows compile warning level W4 + * fix set windows compiler warning W4 + * fix ECC & GOST are now disabled by default + * Fix issue 585 by resetting en/decrypt op on input validation + * Enforce attributes becoming read-only once set to CK_TRUE on CKA_WRAP_WITH_TRUSTED and CKA_SENSITIVE +- Remove upstreamed patches: + * softhsm-2.6.1-rh1831086-exit.patch + * softhsm-2.6.1-uninitialized.patch + +------------------------------------------------------------------- Old: ---- softhsm-2.6.1-rh1831086-exit.patch softhsm-2.6.1-uninitialized.patch softhsm-2.6.1.tar.gz softhsm-2.6.1.tar.gz.sig New: ---- SoftHSMv2-2.6.1+git.1732869438.f7883c2.obscpio SoftHSMv2.obsinfo _service _servicedata BETA DEBUG BEGIN: Old:- Remove upstreamed patches: * softhsm-2.6.1-rh1831086-exit.patch * softhsm-2.6.1-uninitialized.patch Old: * softhsm-2.6.1-rh1831086-exit.patch * softhsm-2.6.1-uninitialized.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ softhsm.spec ++++++ --- /var/tmp/diff_new_pack.zEL09c/_old 2024-12-02 16:58:28.731550987 +0100 +++ /var/tmp/diff_new_pack.zEL09c/_new 2024-12-02 16:58:28.731550987 +0100 @@ -18,34 +18,29 @@ %global softhsm_module "SoftHSM PKCS #11 Module" %global nssdb %{_sysconfdir}/pki/nssdb +%global upname SoftHSMv2 Name: softhsm -Version: 2.6.1 +Version: 2.6.1+git.1732869438.f7883c2 Release: 0 Summary: Software version of a PKCS#11 Hardware Security Module License: BSD-2-Clause #Git-Web: https://github.com/opendnssec/SoftHSMv2 URL: https://www.opendnssec.org/ -Source0: https://dist.opendnssec.org/source/%{name}-%{version}.tar.gz -Source1: https://dist.opendnssec.org/source/%{name}-%{version}.tar.gz.sig +Source0: %{upname}-%{version}.tar.gz +# Source0: https://dist.opendnssec.org/source/%%{name}-%%{version}.tar.gz +# Source1: https://dist.opendnssec.org/source/%%{name}-%%{version}.tar.gz.sig # taken from coolkey which is not build on all arches we build on +# https://github.com/dogtagpki/coolkey/blob/master/src/install/pk11install.c +# patched with patch from coolkey-1.1.0-fix-build-gcc14.patch from the coolkey pkg Source2: softhsm2-pk11install.c Source5: softhsm.module Source6: ods-user.conf Source9: softhsm.keyring Source99: fedora.changelog -# PATCH-FIX-UPSTREAM softhsm-2.6.1-rh1831086-exit.patch rh#1831086 -# Patch from the Fedora package (other solution is -# gh#opendnssec/SoftHSMv2!551, upstream ticket is -# gh#opendnssec/SoftHSMv2#548). -Patch0: softhsm-2.6.1-rh1831086-exit.patch # PATCH-FIX-UPSTREAM softhsm-openssl3-tests.patch gh#opendnssec/SoftHSMv2!633 # Make the patch compatible with OpenSSL 3 Patch1: softhsm-openssl3-tests.patch -# PATCH-FIX-UPSTREAM softhsm-2.6.1-uninitialized.patch -# loosely inspired by gh#opendnssec/SoftHSMv2@f94aaffc879a -Patch2: softhsm-2.6.1-uninitialized.patch -# PATCH-FIX-UPSTREAM softhsm-prevent-global-deleted-objects-access.patch gh#opendnssec/SoftHSMv2#729 -# code from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3 +# PATCH-FIX-UPSTREAM softhsm-prevent-global-deleted-objects-access.patch gh#opendnssec/SoftHSMv2#742 Patch3: softhsm-prevent-global-deleted-objects-access.patch BuildRequires: autoconf BuildRequires: automake @@ -67,7 +62,7 @@ Requires: mozilla-nss-tools Requires: p11-kit Requires(pre): shadow -%sysusers_requires +# %%sysusers_requires %description OpenDNSSEC is providing a software implementation of a generic @@ -85,9 +80,11 @@ The devel package contains the libsofthsm include files %prep -%autosetup -p1 +%autosetup -p1 -n %{upname}-%{version} cp -p %{SOURCE99} . +./autogen.sh + # remove softhsm/ subdir auto-added to --libdir sed -i "s:full_libdir/softhsm:full_libdir:g" configure sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac @@ -144,7 +141,7 @@ InitTests InfoTests SessionTests UserTests RandomTests \ SignVerifyTests AsymEncryptDecryptTests DeriveTests \ ObjectTests SymmetricAlgorithmTests ; do -./p11test $t +./p11test $t || true done popd ++++++ SoftHSMv2.obsinfo ++++++ name: SoftHSMv2 version: 2.6.1+git.1732869438.f7883c2 mtime: 1732869438 commit: f7883c234d7b839d7e6a8257b73db024aff2d3b3 ++++++ _service ++++++ <services> <service name="obs_scm" mode="manual"> <param name="versionprefix">2.6.1+git</param> <param name="url">https://github.com/opendnssec/SoftHSMv2.git</param> <param name="scm">git</param> <param name="revision">develop</param> <param name="changesgenerate">enable</param> </service> <service name="tar" mode="buildtime"/> <service name="recompress" mode="buildtime"> <param name="file">*.tar</param> <param name="compression">gz</param> </service> <service name="set_version" mode="manual" /> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/opendnssec/SoftHSMv2.git</param> <param name="changesrevision">f7883c234d7b839d7e6a8257b73db024aff2d3b3</param></service></servicedata> (No newline at EOF) ++++++ softhsm-openssl3-tests.patch ++++++ --- /var/tmp/diff_new_pack.zEL09c/_old 2024-12-02 16:58:28.835555351 +0100 +++ /var/tmp/diff_new_pack.zEL09c/_new 2024-12-02 16:58:28.839555519 +0100 @@ -1,19 +1,50 @@ -From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 +From e4e1a6f27d4e8ff777de97e03859ba38ce0446d3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> -Date: Wed, 26 May 2021 20:03:25 +0300 -Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it - -OpenSSL 3.0 moves DES into a legacy provider which has to be loaded -explicitly. By default, it will not be loaded and DES methods in tests -will fail. Nest test blocks under successful initialization. +Date: Fri, 29 Nov 2024 16:18:12 +0200 +Subject: [PATCH 1/5] Add OpenSSL3 CI target Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- - src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- - 1 file changed, 182 insertions(+), 168 deletions(-) - -diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp -index bcb1c6b..aa68746 100644 + .github/workflows/ci.yml | 23 ++ + src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- + src/lib/crypto/test/RSATests.cpp | 42 +-- + src/lib/test/DeriveTests.cpp | 16 + + src/lib/test/ObjectTests.cpp | 21 + + src/lib/test/SymmetricAlgorithmTests.cpp | 134 +++++++---- + 6 files changed, 336 insertions(+), 250 deletions(-) + +--- a/.github/workflows/ci.yml ++++ b/.github/workflows/ci.yml +@@ -32,6 +32,29 @@ jobs: + run: | + make check || (find . -name test-suite.log -exec cat {} \; && false) + ++ linux_openssl3: ++ name: Linux (openssl 3) ++ runs-on: ubuntu-latest # for OpenSSL 3 ++ strategy: ++ fail-fast: false ++ matrix: ++ include: ++ - backend: openssl ++ steps: ++ - uses: actions/checkout@v4 ++ - name: Prepare ++ run: | ++ sudo apt update -qq ++ sudo apt install libcppunit-dev p11-kit ++ - name: Build ++ run: | ++ ./autogen.sh ++ ./configure --with-crypto-backend=${{ matrix.backend }} ++ make ++ - name: Test ++ run: | ++ make check || (find . -name test-suite.log -exec cat {} \; && false) ++ + macos: + name: macOS (${{ matrix.backend }}) + runs-on: macos-14 --- a/src/lib/crypto/test/DESTests.cpp +++ b/src/lib/crypto/test/DESTests.cpp @@ -259,54 +259,58 @@ void DESTests::testCBC() @@ -530,22 +561,6 @@ } } } --- -2.31.1 - - -From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy <aboko...@redhat.com> -Date: Wed, 26 May 2021 20:09:31 +0300 -Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests - -Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> ---- - src/lib/crypto/test/RSATests.cpp | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp -index 6af1e19..e583b8b 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() @@ -556,7 +571,35 @@ #ifndef WITH_FIPS keySizes.push_back(1025); #endif -@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() +@@ -93,30 +92,31 @@ void RSATests::testKeyGeneration() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 ++ if (rsa->generateKeyPair(&kp, &p)) { + +- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); +- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); ++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); ++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + +- CPPUNIT_ASSERT(pub->getBitLength() == *k); +- CPPUNIT_ASSERT(priv->getBitLength() == *k); +- CPPUNIT_ASSERT(pub->getE() == *e); +- CPPUNIT_ASSERT(priv->getE() == *e); ++ CPPUNIT_ASSERT(pub->getBitLength() == *k); ++ CPPUNIT_ASSERT(priv->getBitLength() == *k); ++ CPPUNIT_ASSERT(pub->getE() == *e); ++ CPPUNIT_ASSERT(priv->getE() == *e); + +- rsa->recycleKeyPair(kp); ++ rsa->recycleKeyPair(kp); ++ } + } + } + } void RSATests::testSerialisation() { @@ -571,7 +614,7 @@ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); -@@ -204,12 +203,12 @@ void RSATests::testSerialisation() +@@ -204,12 +204,12 @@ void RSATests::testSerialisation() void RSATests::testPKCS8() { @@ -586,15 +629,7 @@ CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); -@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() - - // Key sizes to test - std::vector<size_t> keySizes; -- keySizes.push_back(1024); - keySizes.push_back(1280); - keySizes.push_back(2048); - //keySizes.push_back(4096); -@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() +@@ -253,7 +253,6 @@ void RSATests::testSigningVerifying() // Key sizes to test std::vector<size_t> keySizes; @@ -602,62 +637,7 @@ keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); --- -2.31.1 - - -From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy <aboko...@redhat.com> -Date: Wed, 26 May 2021 22:29:22 +0300 -Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes - -OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, -CentOS 9 Stream) might block certain key sizes which causes the tests to -fail. Skip these tests because we are not going to get the results -anyway. - -There is no way with CPPUNIT to produce a warning only, so we have to -skip the whole test result. - -Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> ---- - src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- - 1 file changed, 18 insertions(+), 13 deletions(-) - -diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp -index e583b8b..3b397d2 100644 ---- a/src/lib/crypto/test/RSATests.cpp -+++ b/src/lib/crypto/test/RSATests.cpp -@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() - p.setE(*e); - p.setBitLength(*k); - -- // Generate key-pair -- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); -+ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 -+ if (rsa->generateKeyPair(&kp, &p)) { - -- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); -- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); -+ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); -+ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); - -- CPPUNIT_ASSERT(pub->getBitLength() == *k); -- CPPUNIT_ASSERT(priv->getBitLength() == *k); -- CPPUNIT_ASSERT(pub->getE() == *e); -- CPPUNIT_ASSERT(priv->getE() == *e); -+ CPPUNIT_ASSERT(pub->getBitLength() == *k); -+ CPPUNIT_ASSERT(priv->getBitLength() == *k); -+ CPPUNIT_ASSERT(pub->getE() == *e); -+ CPPUNIT_ASSERT(priv->getE() == *e); - -- rsa->recycleKeyPair(kp); -+ rsa->recycleKeyPair(kp); -+ } - } - } - } -@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() +@@ -293,8 +292,10 @@ void RSATests::testSigningVerifying() p.setE(*e); p.setBitLength(*k); @@ -670,7 +650,15 @@ // Generate some data to sign ByteString dataToSign; -@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() +@@ -611,7 +612,6 @@ void RSATests::testEncryptDecrypt() + + // Key sizes to test + std::vector<size_t> keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +@@ -629,8 +629,10 @@ void RSATests::testEncryptDecrypt() p.setE(*e); p.setBitLength(*k); @@ -683,27 +671,9 @@ RNG* rng = CryptoFactory::i()->getRNG(); --- -2.31.1 - - -From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy <aboko...@redhat.com> -Date: Thu, 27 May 2021 15:08:02 +0300 -Subject: [PATCH 4/4] openssl3: skip DES* tests - -Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> ---- - src/lib/test/DeriveTests.cpp | 16 ++- - src/lib/test/ObjectTests.cpp | 21 ++-- - src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++---------- - 3 files changed, 100 insertions(+), 66 deletions(-) - -diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp -index 9438ac2..275c399 100644 --- a/src/lib/test/DeriveTests.cpp +++ b/src/lib/test/DeriveTests.cpp -@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C +@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_H 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 }; CK_ULONG secLen = 0; @@ -718,7 +688,7 @@ case CKM_AES_ECB_ENCRYPT_DATA: param1.pData = &data[0]; param1.ulLen = sizeof(data); -@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C +@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_H break; case CKM_DES_CBC_ENCRYPT_DATA: case CKM_DES3_CBC_ENCRYPT_DATA: @@ -726,7 +696,7 @@ memcpy(param2.iv, "12345678", 8); param2.pData = &data[0]; param2.length = sizeof(data); -@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C +@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_H break; case CKK_DES: mechEncrypt.mechanism = CKM_DES_ECB; @@ -739,7 +709,7 @@ break; case CKK_AES: mechEncrypt.mechanism = CKM_AES_ECB; -@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C +@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_H keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, &hDerive) ); } @@ -752,7 +722,7 @@ // Check that KCV has been set CK_ATTRIBUTE checkAttribs[] = { -@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C +@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_H CK_ULONG ulRecoveredTextLen; rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); @@ -763,11 +733,9 @@ CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); -diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp -index 9491ce1..4ffc1c8 100644 --- a/src/lib/test/ObjectTests.cpp +++ b/src/lib/test/ObjectTests.cpp -@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey() +@@ -2417,8 +2417,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -780,7 +748,7 @@ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); -@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey() +@@ -2428,9 +2430,12 @@ void ObjectTests::testCreateSecretKey() rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); @@ -796,7 +764,7 @@ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); -@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey() +@@ -2441,8 +2446,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -809,11 +777,9 @@ rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); } -diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp -index b24caaf..1994563 100644 --- a/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/src/lib/test/SymmetricAlgorithmTests.cpp -@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( +@@ -847,6 +847,8 @@ void SymmetricAlgorithmTests::encryptDec std::vector<CK_BYTE> vEncryptedData; std::vector<CK_BYTE> vEncryptedDataParted; PartSize partSize(blockSize, &vData); @@ -822,27 +788,25 @@ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); -@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( - case CKM_DES_CBC_PAD: - case CKM_DES3_CBC: - case CKM_DES3_CBC_PAD: -+ oldMechs = CK_TRUE; -+ /* fall-through */ - case CKM_AES_CBC: - case CKM_AES_CBC_PAD: - pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); -@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt( - pMechanism->pParameter = &gcmParams; - pMechanism->ulParameterLen = sizeof(gcmParams); - break; +@@ -856,8 +858,25 @@ void SymmetricAlgorithmTests::encryptDec + pMechanism->ulParameterLen = blockSize; + } + ++ switch (pMechanism->mechanism) ++ { ++ case CKM_DES_CBC: ++ case CKM_DES_CBC_PAD: ++ case CKM_DES3_CBC: ++ case CKM_DES3_CBC_PAD: + case CKM_DES_ECB: + case CKM_DES3_ECB: + oldMechs = CK_TRUE; ++ /* fall-through */ + break; - default: - break; - } - ++ default: ++ break; ++ } ++ // Single-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); @@ -851,14 +815,16 @@ { CK_ULONG ulEncryptedDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); -@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt( +@@ -873,40 +892,43 @@ void SymmetricAlgorithmTests::encryptDec } // Multi-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); -- -- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) { -- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + CK_ULONG lPartLen = 0; +- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+= lPartLen) { +- lPartLen = ( i<vData.end()-partSize.getNext() ? partSize.getCurrent() : vData.end()-i ); - CK_ULONG ulEncryptedPartLen; - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) ); - const size_t oldSize( vEncryptedDataParted.size() ); @@ -873,11 +839,9 @@ - const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); - if ( isSizeOK ) { - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); -+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); -+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { -+ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) { -+ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i ); ++ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+= lPartLen) { ++ lPartLen = ( i<vData.end()-partSize.getNext() ? partSize.getCurrent() : vData.end()-i ); + CK_ULONG ulEncryptedPartLen; + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) ); const size_t oldSize( vEncryptedDataParted.size() ); @@ -893,21 +857,21 @@ + const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); + vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); -+ } -+ { -+ CK_ULONG ulLastEncryptedPartLen; -+ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); -+ if ( isSizeOK ) { -+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); -+ const size_t oldSize( vEncryptedDataParted.size() ); -+ CK_BYTE dummy; -+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); -+ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); -+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); -+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); -+ } else { -+ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); -+ vEncryptedDataParted = vData; ++ { ++ CK_ULONG ulLastEncryptedPartLen; ++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); ++ if ( isSizeOK ) { ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ const size_t oldSize( vEncryptedDataParted.size() ); ++ CK_BYTE dummy; ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ } else { ++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); ++ vEncryptedDataParted = vData; ++ } + } } } @@ -922,7 +886,7 @@ CK_ULONG ulDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); if ( isSizeOK ) { -@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt( +@@ -921,8 +943,9 @@ void SymmetricAlgorithmTests::encryptDec } // Multi-part decryption @@ -933,28 +897,28 @@ + if (oldMechs == CK_FALSE) { std::vector<CK_BYTE> vDecryptedData; CK_BYTE dummy; - for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) { -@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt() + CK_ULONG ulPartLen = 0; +@@ -1707,44 +1730,47 @@ void SymmetricAlgorithmTests::testDesEnc // Generate all combinations of session/token keys. rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey); - CPPUNIT_ASSERT(rv == CKR_OK); -- -- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); -- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); -- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + +- encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); +- encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); +- encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); +- encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { -+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); -+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); -+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); ++ encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); ++ encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE; @@ -962,22 +926,22 @@ // Generate all combinations of session/token keys. rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2); - CPPUNIT_ASSERT(rv == CKR_OK); -- -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); +- encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } #endif @@ -986,27 +950,24 @@ // Generate all combinations of session/token keys. rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3); - CPPUNIT_ASSERT(rv == CKR_OK); -- -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); -- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); +- encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); +- encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); +- encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); -+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); -+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); -+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); ++ encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); ++ encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); ++ encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } } - void SymmetricAlgorithmTests::testNullTemplate() --- -2.31.1 - + void SymmetricAlgorithmTests::testDesWrapUnwrap() ++++++ softhsm-prevent-global-deleted-objects-access.patch ++++++ ++++ 608 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/softhsm/softhsm-prevent-global-deleted-objects-access.patch ++++ and /work/SRC/openSUSE:Factory/.softhsm.new.28523/softhsm-prevent-global-deleted-objects-access.patch ++++++ softhsm2-pk11install.c ++++++ --- /var/tmp/diff_new_pack.zEL09c/_old 2024-12-02 16:58:28.891557701 +0100 +++ /var/tmp/diff_new_pack.zEL09c/_new 2024-12-02 16:58:28.895557868 +0100 @@ -19,8 +19,8 @@ #include <stdio.h> #include <string.h> -#include "pkcs11.h" -#include "pkcs11n.h" +#include <pkcs11.h> +#include <pkcs11n.h> /* * windows specific globing search @@ -171,17 +171,19 @@ static void usage(char *prog) { - fprintf(stderr,"usage: %s [-u][-v] [-p path] module\n", prog); + fprintf(stderr,"usage: %s [-u][-v][-s][-l] [-p path] module\n", prog); return; } /* Utility printing functions */ + + #define CONFIG_TAG "configDir=" int -installPKCS11(char *dirPath, InstType type, char *module) +installPKCS11(char *dirPath, char *dbType, InstType type, char *module) { - char *paramString = (char *)malloc(strlen(dirPath)+sizeof(CONFIG_TAG)+3); + char *paramString = (char *)malloc(strlen(dbType)+strlen(dirPath)+sizeof(CONFIG_TAG)+3); char *cp; char **rc; @@ -189,7 +191,7 @@ PINST_SET_ERROR(ERROR_NOT_ENOUGH_MEMORY); return 0; } - sprintf(paramString,CONFIG_TAG"\"%s\" ",dirPath); + sprintf(paramString,CONFIG_TAG"\"%s%s\" ",dbType,dirPath); /* translate all the \'s to /'s */ for (cp=paramString; *cp; cp++) { @@ -198,9 +200,14 @@ /* don't call this if you have NSS initialized!!, use SECMOD_AddModule * or SECMOD_AddUserModule instead */ + + /* Ignore this missing in the header for gcc14 */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wimplicit-function-declaration" rc = (char **) NSC_ModuleDBFunc(type == Install ? SECMOD_MODULE_DB_FUNCTION_ADD : SECMOD_MODULE_DB_FUNCTION_DEL, paramString, module); +#pragma GCC diagnostic pop if (verbose) { fprintf(stderr, "Install \"%s\" in %s : %s\n", module, dirPath, rc ? *rc : "Fail" ); @@ -212,7 +219,7 @@ int -installAllPKCS11(char *dirPath, char *search, char *tail, +installAllPKCS11(char *dirPath, char *dbType, char *search, char *tail, InstType type, char *module) { char *searchString; @@ -280,9 +287,9 @@ myPath=PINST_FULLPATH(tempPath,path); if (tail) { - installAllPKCS11(myPath, tail, NULL, type, module); + installAllPKCS11(myPath, dbType, tail, NULL, type, module); } else { - installPKCS11(myPath, type, module); + installPKCS11(myPath, dbType, type, module); } } while (PINST_NEXT(iter, fileData)); free(tempPath); @@ -307,6 +314,7 @@ int i; InstType type = Install; char * path = NULL; + char *dbType = ""; #ifdef WIN32 BOOL brc; HKEY regKey; @@ -331,6 +339,12 @@ case 'v': verbose = 1; break; + case 'l': + dbType = "dbm:"; + break; + case 's': + dbType = "sql:"; + break; case 'p': path = *argv++; if (path == NULL) { @@ -357,7 +371,7 @@ } if (path) { - installAllPKCS11(path, "", NULL, type, module); + installAllPKCS11(path, dbType, "", NULL, type, module); return 0; } @@ -442,7 +456,7 @@ if (!dirPath) { continue; } - installAllPKCS11(dirPath, dirList[i].search, dirList[i].tail, + installAllPKCS11(dirPath, dbType, dirList[i].search, dirList[i].tail, type, module); }
