From patchwork Sun Apr 16 08:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timotej Lazar X-Patchwork-Id: 49189 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3B9EC17599; Sun, 16 Apr 2023 09:47:31 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2CE4A17570 for ; Sun, 16 Apr 2023 09:47:26 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pny2L-0000qA-1P; Sun, 16 Apr 2023 04:47:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pny2J-0000pn-B4 for guix-patches@gnu.org; Sun, 16 Apr 2023 04:47:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pny2I-00071x-VG for guix-patches@gnu.org; Sun, 16 Apr 2023 04:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pny2I-0005U5-CB for guix-patches@gnu.org; Sun, 16 Apr 2023 04:47:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#62878] [PATCH core-updates] gnu: openhsm: Fix test failure with openssl-3. Resent-From: Timotej Lazar Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 16 Apr 2023 08:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 62878 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 62878@debbugs.gnu.org Cc: Timotej Lazar X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.168163477821026 (code B ref -1); Sun, 16 Apr 2023 08:47:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Apr 2023 08:46:18 +0000 Received: from localhost ([127.0.0.1]:50599 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pny1Y-0005T2-I8 for submit@debbugs.gnu.org; Sun, 16 Apr 2023 04:46:18 -0400 Received: from lists.gnu.org ([209.51.188.17]:57628) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pny1V-0005Sr-7A for submit@debbugs.gnu.org; Sun, 16 Apr 2023 04:46:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pny1U-0000gi-Jb for guix-patches@gnu.org; Sun, 16 Apr 2023 04:46:12 -0400 Received: from araneo.si ([2001:15c0:2110:3400::2]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pny1Q-0006y3-Lr for guix-patches@gnu.org; Sun, 16 Apr 2023 04:46:12 -0400 Received: from araneo.si (localhost.lan [127.0.0.1]) by araneo.si (OpenSMTPD) with ESMTP id 4b974410 for ; Sun, 16 Apr 2023 08:46:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=araneo.si; h=from:to:cc :subject:date:message-id:mime-version:content-transfer-encoding; s=20180623; bh=+gVw0mLwPHLyY3ZWKpYX07W2Lwk=; b=NJt1KpyhJ1lRE3Q9 nWFLnQDAQEGxWw9lamQm0BjFk5iOr/mkqSbGzZhbQDScyzPRLVrusfJp9kTwxkUI YA20fVjQntmDKcsGFYqzr7Uk6WvZohDpDSpiajG9HrDQsGWUUbCTTkbb4FWiqA+r Tins/1yjO15P/cxb3feLgoGs+p9w0283jX/y71RbdHiDC8knHEkI1OWYmt4cs3ax v0U8lDOe8jGaigh18bi8G9LvKS+qwBA7Ifp7VIFNcHSU0kUCymlhWcCvVQkOFXQ0 xYEokGJHKZi0uq49DuOdQbA/syCr/6QtBl7bbKmU3+inKwgpFHmGey3xiL5B6YYo qqqTOw== Received: by araneo.si (OpenSMTPD) with ESMTPSA id 39380c0c (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 16 Apr 2023 08:46:00 +0000 (UTC) From: Timotej Lazar Date: Sun, 16 Apr 2023 10:45:57 +0200 Message-Id: <20230416084557.22419-1-timotej.lazar@araneo.si> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Received-SPF: pass client-ip=2001:15c0:2110:3400::2; envelope-from=timotej.lazar@araneo.si; helo=araneo.si X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/softhsm-fix-openssl3-tests.patch: Add patch from Debian. * gnu/packages/security-token.scm (softhsm): Use it. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + .../patches/softhsm-fix-openssl3-tests.patch | 1010 +++++++++++++++++ gnu/packages/security-token.scm | 3 +- 3 files changed, 1013 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/softhsm-fix-openssl3-tests.patch base-commit: 60594711e944413ac0d18687cce6828707ca8ecf diff --git a/gnu/local.mk b/gnu/local.mk index 73756a8c49..c253b93b89 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1886,6 +1886,7 @@ dist_patch_DATA = \ %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \ %D%/packages/patches/snappy-add-inline-for-GCC.patch \ %D%/packages/patches/source-highlight-gcc-compat.patch \ + %D%/packages/patches/softhsm-fix-openssl3-tests.patch \ %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \ %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \ diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch new file mode 100644 index 0000000000..1538aa2407 --- /dev/null +++ b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch @@ -0,0 +1,1010 @@ +From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 20:03:25 +0300 +Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it + +OpenSSL 3.0 moves DES into a legacy provider which has to be loaded +explicitly. By default, it will not be loaded and DES methods in tests +will fail. Nest test blocks under successful initialization. + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- + 1 file changed, 182 insertions(+), 168 deletions(-) + +diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp +index bcb1c6b..aa68746 100644 +--- a/src/lib/crypto/test/DESTests.cpp ++++ b/src/lib/crypto/test/DESTests.cpp +@@ -259,54 +259,58 @@ void DESTests::testCBC() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; ++ ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + +- CPPUNIT_ASSERT(shsmPlainText == plainText); + #endif + + // Test 168-bit key +@@ -314,27 +318,28 @@ void DESTests::testCBC() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -534,54 +539,56 @@ void DESTests::testECB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -589,27 +596,28 @@ void DESTests::testECB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -809,54 +817,56 @@ void DESTests::testOFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -864,27 +874,28 @@ void DESTests::testOFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +@@ -1083,54 +1094,56 @@ void DESTests::testCFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + + // Test 112-bit key + cipherText = ByteString(testResult[i][j][1]); + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + #endif + + // Test 168-bit key +@@ -1138,27 +1151,28 @@ void DESTests::testCFB() + + // Now, do the same thing using our DES implementation + shsmCipherText.wipe(); +- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); ++ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { + +- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(des->encryptFinal(OB)); +- shsmCipherText += OB; ++ CPPUNIT_ASSERT(des->encryptFinal(OB)); ++ shsmCipherText += OB; + +- CPPUNIT_ASSERT(shsmCipherText == cipherText); ++ CPPUNIT_ASSERT(shsmCipherText == cipherText); + +- // Check that we can get the plain text +- shsmPlainText.wipe(); +- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); ++ // Check that we can get the plain text ++ shsmPlainText.wipe(); ++ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + +- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(des->decryptFinal(OB)); +- shsmPlainText += OB; ++ CPPUNIT_ASSERT(des->decryptFinal(OB)); ++ shsmPlainText += OB; + +- CPPUNIT_ASSERT(shsmPlainText == plainText); ++ CPPUNIT_ASSERT(shsmPlainText == plainText); ++ } + } + } + } +-- +2.31.1 + + +From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 20:09:31 +0300 +Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/RSATests.cpp | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp +index 6af1e19..e583b8b 100644 +--- a/src/lib/crypto/test/RSATests.cpp ++++ b/src/lib/crypto/test/RSATests.cpp +@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + #ifndef WITH_FIPS + keySizes.push_back(1025); + #endif +@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() + + void RSATests::testSerialisation() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -204,12 +203,12 @@ void RSATests::testSerialisation() + + void RSATests::testPKCS8() + { +- // Generate a 1024-bit key-pair for testing ++ // Generate a 2048-bit key-pair for testing + AsymmetricKeyPair* kp; + RSAParameters p; + + p.setE("010001"); +- p.setBitLength(1024); ++ p.setBitLength(2048); + + CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + CPPUNIT_ASSERT(kp != NULL); +@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() + + // Key sizes to test + std::vector keySizes; +- keySizes.push_back(1024); + keySizes.push_back(1280); + keySizes.push_back(2048); + //keySizes.push_back(4096); +-- +2.31.1 + + +From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 26 May 2021 22:29:22 +0300 +Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes + +OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, +CentOS 9 Stream) might block certain key sizes which causes the tests to +fail. Skip these tests because we are not going to get the results +anyway. + +There is no way with CPPUNIT to produce a warning only, so we have to +skip the whole test result. + +Signed-off-by: Alexander Bokovoy +--- + src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp +index e583b8b..3b397d2 100644 +--- a/src/lib/crypto/test/RSATests.cpp ++++ b/src/lib/crypto/test/RSATests.cpp +@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 ++ if (rsa->generateKeyPair(&kp, &p)) { + +- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); +- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); ++ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); ++ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + +- CPPUNIT_ASSERT(pub->getBitLength() == *k); +- CPPUNIT_ASSERT(priv->getBitLength() == *k); +- CPPUNIT_ASSERT(pub->getE() == *e); +- CPPUNIT_ASSERT(priv->getE() == *e); ++ CPPUNIT_ASSERT(pub->getBitLength() == *k); ++ CPPUNIT_ASSERT(priv->getBitLength() == *k); ++ CPPUNIT_ASSERT(pub->getE() == *e); ++ CPPUNIT_ASSERT(priv->getE() == *e); + +- rsa->recycleKeyPair(kp); ++ rsa->recycleKeyPair(kp); ++ } + } + } + } +@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + // Generate some data to sign + ByteString dataToSign; +@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() + p.setE(*e); + p.setBitLength(*k); + +- // Generate key-pair +- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); ++ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 ++ if (!rsa->generateKeyPair(&kp, &p)) { ++ continue; ++ } + + RNG* rng = CryptoFactory::i()->getRNG(); + +-- +2.31.1 + + +From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Thu, 27 May 2021 15:08:02 +0300 +Subject: [PATCH 4/4] openssl3: skip DES* tests + +Signed-off-by: Alexander Bokovoy +--- + src/lib/test/DeriveTests.cpp | 16 ++- + src/lib/test/ObjectTests.cpp | 21 ++-- + src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++---------- + 3 files changed, 100 insertions(+), 66 deletions(-) + +diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp +index 9438ac2..275c399 100644 +--- a/src/lib/test/DeriveTests.cpp ++++ b/src/lib/test/DeriveTests.cpp +@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 + }; + CK_ULONG secLen = 0; ++ CK_BBOOL oldMechs = CK_FALSE; + + switch (mechType) + { + case CKM_DES_ECB_ENCRYPT_DATA: + case CKM_DES3_ECB_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_ECB_ENCRYPT_DATA: + param1.pData = &data[0]; + param1.ulLen = sizeof(data); +@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + break; + case CKM_DES_CBC_ENCRYPT_DATA: + case CKM_DES3_CBC_ENCRYPT_DATA: ++ oldMechs = CK_TRUE; + memcpy(param2.iv, "12345678", 8); + param2.pData = &data[0]; + param2.length = sizeof(data); +@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + break; + case CKK_DES: + mechEncrypt.mechanism = CKM_DES_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_DES2: + case CKK_DES3: + mechEncrypt.mechanism = CKM_DES3_ECB; ++ oldMechs = CK_TRUE; + break; + case CKK_AES: + mechEncrypt.mechanism = CKM_AES_ECB; +@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, + &hDerive) ); + } +- CPPUNIT_ASSERT(rv == CKR_OK); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } ++ CPPUNIT_ASSERT(rv==CKR_OK); + + // Check that KCV has been set + CK_ATTRIBUTE checkAttribs[] = { +@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C + CK_ULONG ulRecoveredTextLen; + + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); ++ if (rv != CKR_OK && oldMechs == CK_TRUE) { ++ // Skip old mechanisms, they don't work under this crypto library ++ return; ++ } + CPPUNIT_ASSERT(rv==CKR_OK); + + ulCipherTextLen = sizeof(cipherText); +diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp +index 9491ce1..4ffc1c8 100644 +--- a/src/lib/test/ObjectTests.cpp ++++ b/src/lib/test/ObjectTests.cpp +@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey() + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ // If DES key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey() + rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); +- CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ // If DES2 key is not supported, skip it ++ if (rv == CKR_OK) { ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); ++ } ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + +@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey() + CPPUNIT_ASSERT(rv == CKR_OK); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); + CPPUNIT_ASSERT(rv == CKR_OK); +- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); +- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ // If DES3 key is not supported, skip it ++ if (attribKCV[0].ulValueLen == 3) { ++ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); ++ } + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); + CPPUNIT_ASSERT(rv == CKR_OK); + } +diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp +index b24caaf..1994563 100644 +--- a/src/lib/test/SymmetricAlgorithmTests.cpp ++++ b/src/lib/test/SymmetricAlgorithmTests.cpp +@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( + std::vector vEncryptedData; + std::vector vEncryptedDataParted; + PartSize partSize(blockSize, &vData); ++ CK_BBOOL oldMechs = CK_FALSE; ++ CK_RV rv = CKR_OK; + + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); + +@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC: + case CKM_DES3_CBC_PAD: ++ oldMechs = CK_TRUE; ++ /* fall-through */ + case CKM_AES_CBC: + case CKM_AES_CBC_PAD: + pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); +@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt( + pMechanism->pParameter = &gcmParams; + pMechanism->ulParameterLen = sizeof(gcmParams); + break; ++ case CKM_DES_ECB: ++ case CKM_DES3_ECB: ++ oldMechs = CK_TRUE; ++ break; + default: + break; + } + + // Single-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) + { + CK_ULONG ulEncryptedDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); +@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt( + } + + // Multi-part encryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); +- +- for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); +- } +- { +- CK_ULONG ulLastEncryptedPartLen; +- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); +- if ( isSizeOK ) { +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { ++ for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); +- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); +- } else { +- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); +- vEncryptedDataParted = vData; ++ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); ++ } ++ { ++ CK_ULONG ulLastEncryptedPartLen; ++ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); ++ if ( isSizeOK ) { ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); ++ const size_t oldSize( vEncryptedDataParted.size() ); ++ CK_BYTE dummy; ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); ++ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); ++ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); ++ } else { ++ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); ++ vEncryptedDataParted = vData; ++ } + } + } + + // Single-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + CK_ULONG ulDataLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); + if ( isSizeOK ) { +@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt( + } + + // Multi-part decryption +- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); +- { ++ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); ++ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); ++ if (oldMechs == CK_FALSE) { + std::vector vDecryptedData; + CK_BYTE dummy; + for ( std::vector::iterator i(vEncryptedDataParted.begin()); i