Diff of the two buildlogs: -- --- b1/build.log 2024-11-27 19:43:49.063837551 +0000 +++ b2/build.log 2024-11-27 19:48:51.994197853 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Wed Nov 27 07:41:40 -12 2024 -I: pbuilder-time-stamp: 1732736500 +I: Current time: Thu Nov 28 09:44:01 +14 2024 +I: pbuilder-time-stamp: 1732736641 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration @@ -26,52 +26,84 @@ dpkg-source: info: unpacking pkcs11-provider_0.6-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/20104/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/D01_modify_environment starting +debug: Running on virt64a. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 Nov 27 19:44 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='armhf' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=3 ' - DISTRIBUTION='unstable' - HOME='/root' - HOST_ARCH='armhf' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="32" [3]="1" [4]="release" [5]="arm-unknown-linux-gnueabihf") + BASH_VERSION='5.2.32(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=armhf + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=4 ' + DIRSTACK=() + DISTRIBUTION=unstable + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=arm + HOST_ARCH=armhf IFS=' ' - INVOCATION_ID='79fc44e1a0ae41f78a32b9ac0e08eaea' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='20104' - PS1='# ' - PS2='> ' + INVOCATION_ID=d23e074d49184646bff643b2660afe36 + LANG=C + LANGUAGE=it_CH:it + LC_ALL=C + MACHTYPE=arm-unknown-linux-gnueabihf + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnueabihf + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=30916 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/pbuilderrc_e27K --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/b1 --logfile b1/build.log pkcs11-provider_0.6-1.dsc' - SUDO_GID='110' - SUDO_UID='103' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://10.0.0.15:3142/' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/pbuilderrc_pDHi --distribution unstable --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/b2 --logfile b2/build.log pkcs11-provider_0.6-1.dsc' + SUDO_GID=114 + SUDO_UID=108 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://10.0.0.15:3142/ I: uname -a - Linux virt32z 6.1.0-28-armmp-lpae #1 SMP Debian 6.1.119-1 (2024-11-22) armv7l GNU/Linux + Linux i-capture-the-hostname 6.1.0-28-arm64 #1 SMP Debian 6.1.119-1 (2024-11-22) aarch64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Nov 22 14:40 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/20104/tmp/hooks/D02_print_environment finished +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -233,7 +265,7 @@ Get: 96 http://deb.debian.org/debian unstable/main armhf pkgconf-bin armhf 1.8.1-4 [29.2 kB] Get: 97 http://deb.debian.org/debian unstable/main armhf pkgconf armhf 1.8.1-4 [26.1 kB] Get: 98 http://deb.debian.org/debian unstable/main armhf softhsm2 armhf 2.6.1-2.2+b1 [145 kB] -Fetched 41.7 MB in 1s (67.9 MB/s) +Fetched 41.7 MB in 3s (12.6 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.12-minimal:armhf. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19685 files and directories currently installed.) @@ -566,8 +598,8 @@ Setting up tzdata (2024b-3) ... Current default time zone: 'Etc/UTC' -Local time is now: Wed Nov 27 19:42:21 UTC 2024. -Universal Time is now: Wed Nov 27 19:42:21 UTC 2024. +Local time is now: Wed Nov 27 19:45:34 UTC 2024. +Universal Time is now: Wed Nov 27 19:45:34 UTC 2024. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up p11-kit-modules:armhf (0.25.5-2+b1) ... @@ -658,7 +690,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/pkcs11-provider-0.6/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_0.6-1_source.changes +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for unstable +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/pkcs11-provider-0.6/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../pkcs11-provider_0.6-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 0.6-1 dpkg-buildpackage: info: source distribution unstable @@ -686,7 +722,7 @@ C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-8) 14.2.0") C linker for the host machine: cc ld.bfd 2.43.50.20241126 Host machine cpu family: arm -Host machine cpu: armv7l +Host machine cpu: arm Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES @@ -731,42 +767,42 @@ Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson - cd obj-arm-linux-gnueabihf && LC_ALL=C.UTF-8 ninja -j3 -v + cd obj-arm-linux-gnueabihf && LC_ALL=C.UTF-8 ninja -j4 -v [1/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c -[2/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c -[3/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c -[4/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c -[5/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c -[6/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c -[7/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c -[8/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c +[2/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c +[3/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c +[4/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c +[5/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c +[6/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c +[7/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c +[8/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [9/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [10/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [11/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c -[12/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c -[13/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c +[12/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c +[13/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [14/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c -[15/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c -[16/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c -[17/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c -[18/41] cc -Itests/tsession.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tsession.p/tsession.c.o -MF tests/tsession.p/tsession.c.o.d -o tests/tsession.p/tsession.c.o -c ../tests/tsession.c -[19/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c +[15/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c +[16/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c +[17/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c +[18/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c +[19/41] cc -Itests/tsession.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tsession.p/tsession.c.o -MF tests/tsession.p/tsession.c.o.d -o tests/tsession.p/tsession.c.o -c ../tests/tsession.c [20/41] cc -Itests/tlsctx.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlsctx.p/tlsctx.c.o -MF tests/tlsctx.p/tlsctx.c.o.d -o tests/tlsctx.p/tlsctx.c.o -c ../tests/tlsctx.c -[21/41] cc -Itests/tgenkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tgenkey.p/tgenkey.c.o -MF tests/tgenkey.p/tgenkey.c.o.d -o tests/tgenkey.p/tgenkey.c.o -c ../tests/tgenkey.c -[22/41] cc -Itests/tlsctx.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlsctx.p/util.c.o -MF tests/tlsctx.p/util.c.o.d -o tests/tlsctx.p/util.c.o -c ../tests/util.c -[23/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c -[24/41] cc -Itests/tlssetkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlssetkey.p/tlssetkey.c.o -MF tests/tlssetkey.p/tlssetkey.c.o.d -o tests/tlssetkey.p/tlssetkey.c.o -c ../tests/tlssetkey.c -[25/41] cc -Itests/tdigests.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tdigests.p/tdigests.c.o -MF tests/tdigests.p/tdigests.c.o.d -o tests/tdigests.p/tdigests.c.o -c ../tests/tdigests.c -[26/41] cc -Itests/tlssetkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlssetkey.p/util.c.o -MF tests/tlssetkey.p/util.c.o.d -o tests/tlssetkey.p/util.c.o -c ../tests/util.c -[27/41] cc -Itests/treadkeys.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/treadkeys.p/treadkeys.c.o -MF tests/treadkeys.p/treadkeys.c.o.d -o tests/treadkeys.p/treadkeys.c.o -c ../tests/treadkeys.c -[28/41] cc -Itests/tcmpkeys.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tcmpkeys.p/tcmpkeys.c.o -MF tests/tcmpkeys.p/tcmpkeys.c.o.d -o tests/tcmpkeys.p/tcmpkeys.c.o -c ../tests/tcmpkeys.c +[21/41] cc -Itests/tlsctx.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlsctx.p/util.c.o -MF tests/tlsctx.p/util.c.o.d -o tests/tlsctx.p/util.c.o -c ../tests/util.c +[22/41] cc -Itests/tlssetkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlssetkey.p/tlssetkey.c.o -MF tests/tlssetkey.p/tlssetkey.c.o.d -o tests/tlssetkey.p/tlssetkey.c.o -c ../tests/tlssetkey.c +[23/41] cc -Itests/tgenkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tgenkey.p/tgenkey.c.o -MF tests/tgenkey.p/tgenkey.c.o.d -o tests/tgenkey.p/tgenkey.c.o -c ../tests/tgenkey.c +[24/41] cc -Itests/tdigests.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tdigests.p/tdigests.c.o -MF tests/tdigests.p/tdigests.c.o.d -o tests/tdigests.p/tdigests.c.o -c ../tests/tdigests.c +[25/41] cc -Itests/tlssetkey.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tlssetkey.p/util.c.o -MF tests/tlssetkey.p/util.c.o.d -o tests/tlssetkey.p/util.c.o -c ../tests/util.c +[26/41] cc -Itests/treadkeys.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/treadkeys.p/treadkeys.c.o -MF tests/treadkeys.p/treadkeys.c.o.d -o tests/treadkeys.p/treadkeys.c.o -c ../tests/treadkeys.c +[27/41] cc -Itests/tcmpkeys.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tcmpkeys.p/tcmpkeys.c.o -MF tests/tcmpkeys.p/tcmpkeys.c.o.d -o tests/tcmpkeys.p/tcmpkeys.c.o -c ../tests/tcmpkeys.c +[28/41] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [29/41] cc -Itests/tcmpkeys.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tcmpkeys.p/util.c.o -MF tests/tcmpkeys.p/util.c.o.d -o tests/tcmpkeys.p/util.c.o -c ../tests/util.c [30/41] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-0.6/src/provider.map /usr/lib/arm-linux-gnueabihf/libcrypto.so -[31/41] cc -Itests/tfork.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tfork.p/tfork.c.o -MF tests/tfork.p/tfork.c.o.d -o tests/tfork.p/tfork.c.o -c ../tests/tfork.c -[32/41] cc -Itests/pincache.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/pincache.p/pincache.c.o -MF tests/pincache.p/pincache.c.o.d -o tests/pincache.p/pincache.c.o -c ../tests/pincache.c -[33/41] cc -o tests/tsession tests/tsession.p/tsession.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group -[34/41] cc -o tests/tlsctx tests/tlsctx.p/tlsctx.c.o tests/tlsctx.p/util.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group -[35/41] cc -o tests/tgenkey tests/tgenkey.p/tgenkey.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group +[31/41] cc -o tests/tsession tests/tsession.p/tsession.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group +[32/41] cc -Itests/tfork.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/tfork.p/tfork.c.o -MF tests/tfork.p/tfork.c.o.d -o tests/tfork.p/tfork.c.o -c ../tests/tfork.c +[33/41] cc -o tests/tgenkey tests/tgenkey.p/tgenkey.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group +[34/41] cc -Itests/pincache.p -Itests -I../tests -I. -I.. -fdiagnostics-color=always -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -MD -MQ tests/pincache.p/pincache.c.o -MF tests/pincache.p/pincache.c.o.d -o tests/pincache.p/pincache.c.o -c ../tests/pincache.c +[35/41] cc -o tests/tlsctx tests/tlsctx.p/tlsctx.c.o tests/tlsctx.p/util.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group [36/41] cc -o tests/tlssetkey tests/tlssetkey.p/tlssetkey.c.o tests/tlssetkey.p/util.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group [37/41] cc -o tests/tdigests tests/tdigests.p/tdigests.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group [38/41] cc -o tests/treadkeys tests/treadkeys.p/treadkeys.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group @@ -774,127 +810,5115 @@ [40/41] cc -o tests/tfork tests/tfork.p/tfork.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group [41/41] cc -o tests/pincache tests/pincache.p/pincache.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--start-group /usr/lib/arm-linux-gnueabihf/libcrypto.so /usr/lib/arm-linux-gnueabihf/libssl.so -Wl,--end-group dh_auto_test -O--buildsystem=meson - cd obj-arm-linux-gnueabihf && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=3 meson test + cd obj-arm-linux-gnueabihf && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 meson test ninja: Entering directory `/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf' ninja: no work to do. - 1/64 pkcs11-provider:softokn / setup OK 0.03s - 2/64 pkcs11-provider:softhsm / setup OK 3.82s - 3/64 pkcs11-provider:kryoptic / setup OK 0.03s - 4/64 pkcs11-provider:softokn / basic SKIP 0.02s exit status 77 - 5/64 pkcs11-provider:softhsm / basic OK 16.88s - 6/64 pkcs11-provider:kryoptic / basic SKIP 0.03s exit status 77 - 7/64 pkcs11-provider:softokn / pubkey SKIP 0.03s exit status 77 - 8/64 pkcs11-provider:softhsm / pubkey OK 0.70s - 9/64 pkcs11-provider:kryoptic / pubkey SKIP 0.02s exit status 77 -10/64 pkcs11-provider:softokn / certs SKIP 0.02s exit status 77 -11/64 pkcs11-provider:softhsm / certs OK 0.38s -12/64 pkcs11-provider:kryoptic / certs SKIP 0.03s exit status 77 -13/64 pkcs11-provider:softokn / ecc SKIP 0.02s exit status 77 -14/64 pkcs11-provider:softhsm / ecc OK 0.99s -15/64 pkcs11-provider:kryoptic / ecc SKIP 0.02s exit status 77 -16/64 pkcs11-provider:softhsm / edwards OK 0.86s -17/64 pkcs11-provider:kryoptic / edwards SKIP 0.02s exit status 77 -18/64 pkcs11-provider:softokn / ecdh SKIP 0.02s exit status 77 -19/64 pkcs11-provider:kryoptic / ecdh SKIP 0.02s exit status 77 -20/64 pkcs11-provider:softokn / democa SKIP 0.02s exit status 77 -21/64 pkcs11-provider:softhsm / democa OK 1.51s -22/64 pkcs11-provider:kryoptic / democa SKIP 0.02s exit status 77 -23/64 pkcs11-provider:softokn / digest SKIP 0.03s exit status 77 -24/64 pkcs11-provider:softhsm / digest OK 0.13s -25/64 pkcs11-provider:kryoptic / digest SKIP 0.03s exit status 77 -26/64 pkcs11-provider:softokn / fork SKIP 0.03s exit status 77 -27/64 pkcs11-provider:softhsm / fork OK 2.07s -28/64 pkcs11-provider:kryoptic / fork SKIP 0.02s exit status 77 -29/64 pkcs11-provider:softokn / oaepsha2 SKIP 0.03s exit status 77 -30/64 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.02s exit status 77 -31/64 pkcs11-provider:softokn / hkdf SKIP 0.02s exit status 77 -32/64 pkcs11-provider:kryoptic / hkdf SKIP 0.02s exit status 77 -33/64 pkcs11-provider:softokn / imported SKIP 0.02s exit status 77 -34/64 pkcs11-provider:kryoptic / imported SKIP 0.03s exit status 77 -35/64 pkcs11-provider:softokn / rsapss SKIP 0.02s exit status 77 -36/64 pkcs11-provider:softhsm / rsapss OK 0.20s -37/64 pkcs11-provider:kryoptic / rsapss SKIP 0.02s exit status 77 -38/64 pkcs11-provider:softhsm / rsapssam OK 1.73s -39/64 pkcs11-provider:softokn / genkey SKIP 0.02s exit status 77 -40/64 pkcs11-provider:softhsm / genkey OK 0.04s -41/64 pkcs11-provider:kryoptic / genkey SKIP 0.02s exit status 77 -42/64 pkcs11-provider:softokn / session SKIP 0.02s exit status 77 -43/64 pkcs11-provider:softhsm / session OK 0.35s -44/64 pkcs11-provider:kryoptic / session SKIP 0.02s exit status 77 -45/64 pkcs11-provider:softokn / rand SKIP 0.02s exit status 77 -46/64 pkcs11-provider:softhsm / rand OK 0.11s -47/64 pkcs11-provider:kryoptic / rand SKIP 0.02s exit status 77 -48/64 pkcs11-provider:softokn / readkeys SKIP 0.02s exit status 77 -49/64 pkcs11-provider:softhsm / readkeys OK 0.08s -50/64 pkcs11-provider:kryoptic / readkeys SKIP 0.02s exit status 77 -51/64 pkcs11-provider:softokn / tls SKIP 0.03s exit status 77 -52/64 pkcs11-provider:softhsm / tls OK 3.03s -53/64 pkcs11-provider:kryoptic / tls SKIP 0.02s exit status 77 -54/64 pkcs11-provider:softokn / tlsfuzzer SKIP 0.03s exit status 77 -55/64 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.04s exit status 77 -56/64 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.03s exit status 77 -57/64 pkcs11-provider:softokn / uri SKIP 0.02s exit status 77 -58/64 pkcs11-provider:softhsm / uri OK 3.07s + 1/64 pkcs11-provider:softokn / setup OK 0.10s + 2/64 pkcs11-provider:softhsm / setup OK 9.20s + 3/64 pkcs11-provider:kryoptic / setup OK 0.08s + 4/64 pkcs11-provider:softokn / basic SKIP 0.07s exit status 77 + 5/64 pkcs11-provider:softhsm / basic TIMEOUT 30.11s killed by signal 15 SIGTERM +>>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=164 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper basic-softhsm.t + + 6/64 pkcs11-provider:kryoptic / basic SKIP 0.07s exit status 77 + 7/64 pkcs11-provider:softokn / pubkey SKIP 0.06s exit status 77 + 8/64 pkcs11-provider:softhsm / pubkey OK 2.10s + 9/64 pkcs11-provider:kryoptic / pubkey SKIP 0.07s exit status 77 +10/64 pkcs11-provider:softokn / certs SKIP 0.07s exit status 77 +11/64 pkcs11-provider:softhsm / certs OK 1.24s +12/64 pkcs11-provider:kryoptic / certs SKIP 0.06s exit status 77 +13/64 pkcs11-provider:softokn / ecc SKIP 0.06s exit status 77 +14/64 pkcs11-provider:softhsm / ecc OK 2.56s +15/64 pkcs11-provider:kryoptic / ecc SKIP 0.06s exit status 77 +16/64 pkcs11-provider:softhsm / edwards OK 2.25s +17/64 pkcs11-provider:kryoptic / edwards SKIP 0.06s exit status 77 +18/64 pkcs11-provider:softokn / ecdh SKIP 0.06s exit status 77 +19/64 pkcs11-provider:kryoptic / ecdh SKIP 0.06s exit status 77 +20/64 pkcs11-provider:softokn / democa SKIP 0.06s exit status 77 +21/64 pkcs11-provider:softhsm / democa OK 3.16s +22/64 pkcs11-provider:kryoptic / democa SKIP 0.07s exit status 77 +23/64 pkcs11-provider:softokn / digest SKIP 0.06s exit status 77 +24/64 pkcs11-provider:softhsm / digest OK 0.42s +25/64 pkcs11-provider:kryoptic / digest SKIP 0.06s exit status 77 +26/64 pkcs11-provider:softokn / fork SKIP 0.06s exit status 77 +27/64 pkcs11-provider:softhsm / fork OK 4.49s +28/64 pkcs11-provider:kryoptic / fork SKIP 0.07s exit status 77 +29/64 pkcs11-provider:softokn / oaepsha2 SKIP 0.06s exit status 77 +30/64 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.06s exit status 77 +31/64 pkcs11-provider:softokn / hkdf SKIP 0.06s exit status 77 +32/64 pkcs11-provider:kryoptic / hkdf SKIP 0.06s exit status 77 +33/64 pkcs11-provider:softokn / imported SKIP 0.06s exit status 77 +34/64 pkcs11-provider:kryoptic / imported SKIP 0.06s exit status 77 +35/64 pkcs11-provider:softokn / rsapss SKIP 0.06s exit status 77 +36/64 pkcs11-provider:softhsm / rsapss OK 0.55s +37/64 pkcs11-provider:kryoptic / rsapss SKIP 0.06s exit status 77 +38/64 pkcs11-provider:softhsm / rsapssam OK 3.29s +39/64 pkcs11-provider:softokn / genkey SKIP 0.07s exit status 77 +40/64 pkcs11-provider:softhsm / genkey OK 0.10s +41/64 pkcs11-provider:kryoptic / genkey SKIP 0.06s exit status 77 +42/64 pkcs11-provider:softokn / session SKIP 0.06s exit status 77 +43/64 pkcs11-provider:softhsm / session OK 1.10s +44/64 pkcs11-provider:kryoptic / session SKIP 0.06s exit status 77 +45/64 pkcs11-provider:softokn / rand SKIP 0.06s exit status 77 +46/64 pkcs11-provider:softhsm / rand OK 0.35s +47/64 pkcs11-provider:kryoptic / rand SKIP 0.06s exit status 77 +48/64 pkcs11-provider:softokn / readkeys SKIP 0.06s exit status 77 +49/64 pkcs11-provider:softhsm / readkeys OK 0.27s +50/64 pkcs11-provider:kryoptic / readkeys SKIP 0.06s exit status 77 +51/64 pkcs11-provider:softokn / tls SKIP 0.06s exit status 77 +52/64 pkcs11-provider:softhsm / tls OK 10.08s +53/64 pkcs11-provider:kryoptic / tls SKIP 0.07s exit status 77 +54/64 pkcs11-provider:softokn / tlsfuzzer SKIP 0.06s exit status 77 +55/64 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.12s exit status 77 +56/64 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.06s exit status 77 +57/64 pkcs11-provider:softokn / uri SKIP 0.06s exit status 77 +58/64 pkcs11-provider:softhsm / uri OK 8.01s 59/64 pkcs11-provider:kryoptic / uri SKIP 0.03s exit status 77 -60/64 pkcs11-provider:softhsm / ecxc OK 1.15s -61/64 pkcs11-provider:kryoptic / ecxc SKIP 0.03s exit status 77 -62/64 pkcs11-provider:softokn / cms SKIP 0.03s exit status 77 -63/64 pkcs11-provider:kryoptic / cms SKIP 0.03s exit status 77 -64/64 pkcs11-provider:kryoptic / pinlock SKIP 0.03s exit status 77 +60/64 pkcs11-provider:softhsm / ecxc OK 1.86s +61/64 pkcs11-provider:kryoptic / ecxc SKIP 0.02s exit status 77 +62/64 pkcs11-provider:softokn / cms SKIP 0.02s exit status 77 +63/64 pkcs11-provider:kryoptic / cms SKIP 0.04s exit status 77 +64/64 pkcs11-provider:kryoptic / pinlock SKIP 0.06s exit status 77 -Ok: 20 +Ok: 19 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 44 -Timeout: 0 +Timeout: 1 Full log written to /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/meson-logs/testlog.txt - create-stamp debian/debhelper-build-stamp - dh_testroot -O--buildsystem=meson - dh_prep -O--buildsystem=meson - dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson - cd obj-arm-linux-gnueabihf && DESTDIR=/build/reproducible-path/pkcs11-provider-0.6/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install -[0/1] Installing files. -Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-0.6/debian/pkcs11-provider/usr/lib/arm-linux-gnueabihf/ossl-modules -Installing /build/reproducible-path/pkcs11-provider-0.6/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-0.6/debian/pkcs11-provider/usr/share/man/man7 - dh_installdocs -O--buildsystem=meson - dh_installchangelogs -O--buildsystem=meson - dh_installman -O--buildsystem=meson - dh_installsystemduser -O--buildsystem=meson - dh_perl -O--buildsystem=meson - dh_link -O--buildsystem=meson - dh_strip_nondeterminism -O--buildsystem=meson - dh_compress -O--buildsystem=meson - dh_fixperms -O--buildsystem=meson - dh_missing -O--buildsystem=meson - dh_dwz -a -O--buildsystem=meson - dh_strip -a -O--buildsystem=meson - dh_makeshlibs -a -O--buildsystem=meson - dh_shlibdeps -a -O--buildsystem=meson -dpkg-shlibdeps: warning: diversions involved - output may be incorrect - diversion by libc6 from: /lib/ld-linux-armhf.so.3 -dpkg-shlibdeps: warning: diversions involved - output may be incorrect - diversion by libc6 to: /lib/ld-linux-armhf.so.3.usr-is-merged - dh_installdeb -O--buildsystem=meson - dh_gencontrol -O--buildsystem=meson - dh_md5sums -O--buildsystem=meson - dh_builddeb -O--buildsystem=meson -dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_0.6-1_armhf.deb'. -dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_0.6-1_armhf.deb'. - dpkg-genbuildinfo --build=binary -O../pkcs11-provider_0.6-1_armhf.buildinfo - dpkg-genchanges --build=binary -O../pkcs11-provider_0.6-1_armhf.changes -dpkg-genchanges: info: binary-only upload (no source code included) - dpkg-source --after-build . -dpkg-buildpackage: info: binary-only upload (no source included) -dpkg-genchanges: info: including full source code in upload + cd obj-arm-linux-gnueabihf && tail -v -n \+0 meson-logs/testlog.txt +==> meson-logs/testlog.txt <== +Log of Meson test suite run on 2024-11-28T09:47:18.004988 + +Inherited environment: DEB_HOST_MULTIARCH=arm-linux-gnueabihf LC_ALL=C.UTF-8 DEB_HOST_GNU_SYSTEM=linux-gnueabihf DEB_BUILD_GNU_TYPE=arm-linux-gnueabihf DEB_LDFLAGS_MAINT_APPEND=-specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs DEB_TARGET_ARCH_LIBC=gnu SUDO_UID=108 DEB_BUILD_ARCH_ENDIAN=little DEB_BUILD_GNU_SYSTEM=linux-gnueabihf DEB_BUILD_ARCH_BITS=32 DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=4 ' DEB_HOST_ARCH=armhf DEB_TARGET_ARCH_ENDIAN=little PWD=/build/reproducible-path/pkcs11-provider-0.6 SOURCE_DATE_EPOCH=1732312733 MAIL=/var/mail/root OLDPWD=/ PBUILDER_PKGDATADIR=/usr/share/pbuilder DEB_HOST_ARCH_BITS=32 LANG=C MAKEFLAGS='' DEB_TARGET_ARCH=armhf DEB_HOST_GNU_CPU=arm DEB_BUILD_ARCH_LIBC=gnu DEB_VENDOR=Debian BUILDUSERNAME=pbuilder2 MFLAGS='' DEB_TARGET_ARCH_BITS=32 DEB_BUILD_ARCH_CPU=arm LD_PRELOAD='' DEB_HOST_ARCH_OS=linux SHELL=/bin/bash SHLVL=3 DEB_HOST_ARCH_CPU=arm PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path PBCURRENTCOMMANDLINEOPERATION=build DEB_BUILD_ARCH_ABI=eabihf LANGUAGE=it_CH:it PBUILDER_SYSCONFDIR=/etc DEB_SOURCE_PACKAGE_NAME=pkcs11-provider DEB_BUILD_ARCH=armhf DEB_HOST_ARCH_LIBC=gnu TZ=/usr/share/zoneinfo/Etc/GMT-14 INVOCATION_ID=535b9afa4f9f4bf5b6e08203cdfb8000 SUDO_GID=114 SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/pbuilderrc_pDHi --distribution unstable --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.LtK6lfqe/b2 --logfile b2/build.log pkcs11-provider_0.6-1.dsc' DEB_TARGET_ARCH_CPU=arm DEB_HOST_GNU_TYPE=arm-linux-gnueabihf DEB_BUILD_ARCH_OS=linux LOGNAME=pbuilder2 BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' DEB_TARGET_MULTIARCH=arm-linux-gnueabihf DEB_BUILD_GNU_CPU=arm DEB_TARGET_ARCH_OS=linux USER=pbuilder2 DEB_HOST_ARCH_ABI=eabihf DEB_BUILD_MULTIARCH=arm-linux-gnueabihf DEBUGINFOD_URLS=https://debuginfod.debian.net DEB_TARGET_GNU_TYPE=arm-linux-gnueabihf DEB_TARGET_ARCH_ABI=eabihf _=/usr/bin/env SUDO_USER=jenkins PBUILDER_PKGLIBDIR=/usr/lib/pbuilder DEB_TARGET_GNU_CPU=arm DEBIAN_FRONTEND=noninteractive HOME=/build/reproducible-path/pkcs11-provider-0.6/debian/.debhelper/generated/_source/home DEB_RULES_REQUIRES_ROOT=no DEB_TARGET_GNU_SYSTEM=linux-gnueabihf DEB_HOST_ARCH_ENDIAN=little TERM=unknown DEB_SOURCE_PACKAGE_VERSION=0.6-1 DEB_BUILD_MAINT_OPTIONS=hardening=+all PBUILDER_OPERATION=build MAKELEVEL=1 DH_INTERNAL_BUILDFLAGS=1 ASFLAGS='' ASFLAGS_FOR_BUILD='' CFLAGS='-g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' CFLAGS_FOR_BUILD='-g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' CPPFLAGS='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2' CPPFLAGS_FOR_BUILD='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time -D_FORTIFY_SOURCE=2' CXXFLAGS='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' CXXFLAGS_FOR_BUILD='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' DFLAGS=-frelease DFLAGS_FOR_BUILD=-frelease FCFLAGS='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection' FCFLAGS_FOR_BUILD='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection' FFLAGS='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection' FFLAGS_FOR_BUILD='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection' LDFLAGS='-Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs' LDFLAGS_FOR_BUILD='-Wl,-z,relro -Wl,-z,now' OBJCFLAGS='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' OBJCFLAGS_FOR_BUILD='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' OBJCXXFLAGS='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' OBJCXXFLAGS_FOR_BUILD='-g -O2 -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-0.6=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security' XDG_RUNTIME_DIR=/tmp/dh-xdg-rundir-MzeG4zUd DEB_PYTHON_INSTALL_LAYOUT=deb MESON_TESTTHREADS=4 + +==================================== 1/64 ==================================== +test: pkcs11-provider:softokn / setup +start time: 19:47:18 +duration: 0.10s +result: exit status 0 +command: LIBSPATH=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/src ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/arm-linux-gnueabihf/pkcs11/p11-kit-client.so SOFTOKNPATH=/usr/lib/arm-linux-gnueabihf UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=156 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-0.6/tests /build/reproducible-path/pkcs11-provider-0.6/tests/setup.sh softokn +----------------------------------- stdout ----------------------------------- +######################################## +## Setup NSS Softokn + +NSS's certutil command is required +----------------------------------- stderr ----------------------------------- ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/helpers.sh +++ : /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests +++ helper_emit=1 +++ grep -q 'GNU sed' +++ sed --version +++ sed_inplace=('-i') +++ export sed_inplace ++ '[' 1 -ne 1 ']' ++ TOKENTYPE=softokn ++ TMPPDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn ++ TOKDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn/tokens ++ '[' -d /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn ']' ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn/tokens ++ PINVALUE=12345678 ++ PINFILE=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softokn/pinfile.txt ++ echo 12345678 ++ export GNUTLS_PIN=12345678 ++ GNUTLS_PIN=12345678 ++ '[' softokn == softhsm ']' ++ '[' softokn == softokn ']' ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/softokn-init.sh +++ title SECTION 'Setup NSS Softokn' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Setup NSS Softokn' +++ echo '' +++ command -v certutil +++ echo 'NSS'\''s certutil command is required' +++ exit 0 +============================================================================== + +==================================== 2/64 ==================================== +test: pkcs11-provider:softhsm / setup +start time: 19:47:18 +duration: 9.20s +result: exit status 0 +command: LIBSPATH=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/src ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/arm-linux-gnueabihf/pkcs11/p11-kit-client.so SOFTOKNPATH=/usr/lib/arm-linux-gnueabihf UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=30 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-0.6/tests /build/reproducible-path/pkcs11-provider-0.6/tests/setup.sh softhsm +----------------------------------- stdout ----------------------------------- +######################################## +## Searching for SoftHSM PKCS#11 library + +Using softhsm path /usr/lib/softhsm/libsofthsm2.so +######################################## +## Set up testing system + +Slot 0 has a free/uninitialized token. +The token has been initialized and is reassigned to slot 1628087051 +Creating new Self Sign CA +Key pair generated: +Private Key Object; RSA + label: caCert + ID: 0000 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local +Public Key Object; RSA 2048 bits + label: caCert + ID: 0000 + Usage: encrypt, verify, verifyRecover, wrap + Access: local +Generating a self signed certificate... +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 01 + Validity: + Not Before: Wed Nov 27 19:47:21 UTC 2024 + Not After: Thu Nov 27 19:47:21 UTC 2025 + Subject: CN=Issuer + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:cb:b8:64:6c:19:8f:bd:4c:2f:99:4e:8d:03:6b:cd + c8:b5:5c:4f:bc:6a:ef:44:61:d4:a4:1b:94:1d:59:00 + 86:8a:fa:80:f1:d7:75:98:54:40:4e:4a:90:11:89:02 + c6:55:65:c4:5b:2c:03:0e:94:4a:56:7c:20:af:c5:77 + c0:b3:43:33:0a:67:c7:8c:21:21:5a:30:80:83:23:0c + 77:c9:d3:bf:60:d2:62:5f:49:9c:e4:71:10:c3:41:12 + 30:bd:08:5d:60:35:71:a4:0a:e5:ba:fb:a0:d2:04:36 + 4d:6a:6c:f9:f8:18:0d:d1:a4:fe:98:e2:8e:a6:f8:32 + d9:aa:f2:55:55:e5:c8:29:cd:da:1e:fe:df:5e:a5:7f + c4:4d:44:ce:25:90:9d:00:3e:da:a3:f2:e2:85:30:2a + de:ca:a4:31:cd:d3:cb:a8:c6:4c:50:db:4a:8a:0b:72 + d4:69:9a:99:44:d8:6e:40:fd:f0:01:26:c4:d7:e0:48 + 04:af:cb:f8:75:33:91:90:c5:f4:d2:5f:6b:c3:d8:91 + 39:8e:7f:ea:c7:be:84:e9:8e:f9:13:0d:e3:b8:15:fa + 94:08:9c:f2:e7:18:d7:69:bb:2e:ae:37:ec:9a:fb:4f + 35:06:b9:77:e9:ff:e4:30:e3:fc:78:eb:24:5e:e5:10 + 7d + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Certificate signing. + Subject Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:abd6a46f4f5676487d5e4500448db3add4fa6df8 + sha256:acddd00eade39ba21c203ea49a5c462941519fc06606f945c0724cf5d585539d + Public Key PIN: + pin-sha256:rN3QDq3jm6IcID6kmlxGKUFRn8BmBvlFwHJM9dWFU50= + + + +Signing certificate... +Created certificate: +Certificate Object; type = X.509 cert + label: caCert + subject: DN: CN=Issuer + serial: 01 + ID: 0000 +Key pair generated: +Private Key Object; RSA + label: testCert + ID: 0001 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local +Public Key Object; RSA 2048 bits + label: testCert + ID: 0001 + Usage: encrypt, verify, verifyRecover, wrap + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: testCert + subject: DN: O=PKCS11 Provider, CN=My Test Cert + serial: 03 + ID: 0001 +RSA PKCS11 URIS +pkcs11:id=%00%01?pin-value=12345678 +pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%01 +pkcs11:type=public;id=%00%01 +pkcs11:type=private;id=%00%01 +pkcs11:type=cert;object=testCert + +Key pair generated: +Private Key Object; EC + label: ecCert + ID: 0002 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Public Key Object; EC EC_POINT 256 bits + EC_POINT: 044104f445912a95e03062de051a4cbbd30e3caba0b43b41c9d04e1fafdb44387877df6603d85882eccf8820a557462b83ad18f3827fc33dfdb0a94cf1320521f1a015 + EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) + label: ecCert + ID: 0002 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: ecCert + subject: DN: O=PKCS11 Provider, CN=My EC Cert + serial: 04 + ID: 0002 +Key pair generated: +Private Key Object; EC + label: ecPeerCert + ID: 0003 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Public Key Object; EC EC_POINT 256 bits + EC_POINT: 044104893f01c8a7cc896ab4071b5a01cf60ae90b0299a7806a6cf48a37345a3ed4529e040ed626559399424ca6f19b1bb96c71e48a54d8c169529a674355aa7bcfc73 + EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) + label: ecPeerCert + ID: 0003 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: ecPeerCert + subject: DN: O=PKCS11 Provider, CN=My Peer EC Cert + serial: 05 + ID: 0003 +EC PKCS11 URIS +pkcs11:id=%00%02?pin-value=12345678 +pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%02 +pkcs11:type=public;id=%00%02 +pkcs11:type=private;id=%00%02 +pkcs11:type=cert;object=ecCert +pkcs11:id=%00%03?pin-value=12345678 +pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%03 +pkcs11:type=public;id=%00%03 +pkcs11:type=private;id=%00%03 +pkcs11:type=cert;object=ecPeerCert + +Key pair generated: +Private Key Object; EC_EDWARDS + label: edCert + ID: 0004 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Public Key Object; EC_EDWARDS EC_POINT 272 bits + EC_POINT: 04207c1718daae60bdff1204477cda146ecca170ed32f571e2f00238fc3e3b23c5d9 + EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) + label: edCert + ID: 0004 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: edCert + subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert + serial: 06 + ID: 0004 +ED25519 PKCS11 URIS +pkcs11:id=%00%04;pin-value=12345678 +pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%04 +pkcs11:type=public;id=%00%04 +pkcs11:type=private;id=%00%04 +pkcs11:type=cert;object=edCert + +## generate RSA key pair, self-signed certificate, remove public key +Key pair generated: +Private Key Object; RSA + label: testCert2 + ID: 0005 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local +Public Key Object; RSA 2048 bits + label: testCert2 + ID: 0005 + Usage: encrypt, verify, verifyRecover, wrap + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: testCert2 + subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 + serial: 07 + ID: 0005 +RSA2 PKCS11 URIS +pkcs11:id=%00%05?pin-value=12345678 +pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%05 +pkcs11:type=private;id=%00%05 +pkcs11:type=cert;object=testCert2 + + +## generate EC key pair, self-signed certificate, remove public key +Key pair generated: +Private Key Object; EC + label: ecCert2 + ID: 0006 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Public Key Object; EC EC_POINT 384 bits + EC_POINT: 046104dedb36e488790dd1a59e8932b361a75c30cab3e7bd8acb231c8d3e9fabf351d7cac2f6a7c1af25643435b524f1c11ca18ca5d25654f00bd2a932035f798b6e629b9a1285bf4627ccd8d4fa8666756f1ee60c4afd657808cf8c00846d915a5b2f + EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) + label: ecCert2 + ID: 0006 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: ecCert2 + subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 + serial: 08 + ID: 0006 +EC2 PKCS11 URIS +pkcs11:id=%00%06?pin-value=12345678 +pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%06 +pkcs11:type=private;id=%00%06 +pkcs11:type=cert;object=ecCert2 + + +## generate explicit EC key pair +Created private key: +Private Key Object; EC + label: ecExplicitCert + ID: 0007 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive +Created public key: +Public Key Object; EC EC_POINT 192 bits + EC_POINT: 04310410930965f1d0849c2ffa3a575f777f57a7c8c40934e4525eb1e31e689de38a3e7b136b4d3c2bd2c82de70d753ec7209a + EC_PARAMS: 3081af020101302406072a8648ce3d0101021900befa5d6fd594a058d22f2bc4c22009a83685639a85a54d7d303404186f54e1bd75f76fb5d11bec084bd18f94e68e9e02db73852a0418657510e059c61603405486c8a7550ca6530aed3c98a517630431043981fb5d14d3808971275dea9831573301cba0117bea9ab25ef767e188fb4a659d4693e1d27edb94bead8c345db5179902182fbe975bf5652816348bcaf164dc6772e88e010fa5c95c21020104 + label: ecExplicitCert + ID: 0007 + Usage: encrypt, verify, verifyRecover, wrap + Access: none +EXPLICIT EC PKCS11 URIS +pkcs11:id=%00%07 +pkcs11:type=public;id=%00%07 +pkcs11:type=private;id=%00%07 + + +## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate +Key pair generated: +Private Key Object; EC + label: ecCert3 + ID: 0008 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: always authenticate, sensitive, always sensitive, never extractable, local +Public Key Object; EC EC_POINT 528 bits + EC_POINT: 0481850401d71ab805853d4d9d4ac7971135c22ab77412bfadd57d1e6a7b01ffbf68e6fd81867d19abdd751d544d86eedf62370cb2665f06ac69c693dac82a696761a1fd6bf80105f02f70842353e8f35ad67769eee22b6df0a20bd2d675e164b374bc2b5c16c7bdab147742754c694c1108b57114a086c79f4614088b5f1ea861eace73942df6a3 + EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) + label: ecCert3 + ID: 0008 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Created certificate: +Certificate Object; type = X.509 cert + label: ecCert3 + subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 + serial: 09 + ID: 0008 +EC3 PKCS11 URIS +pkcs11:id=%00%08?pin-value=12345678 +pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt +pkcs11:id=%00%08 +pkcs11:type=public;id=%00%08 +pkcs11:type=private;id=%00%08 +pkcs11:type=cert;object=ecCert3 + + +## Show contents of softhsm token + ---------------------------------------------------------------------------------------------------- +Public Key Object; EC EC_POINT 256 bits + EC_POINT: 044104893f01c8a7cc896ab4071b5a01cf60ae90b0299a7806a6cf48a37345a3ed4529e040ed626559399424ca6f19b1bb96c71e48a54d8c169529a674355aa7bcfc73 + EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) + label: ecPeerCert + ID: 0003 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Certificate Object; type = X.509 cert + label: ecPeerCert + subject: DN: O=PKCS11 Provider, CN=My Peer EC Cert + serial: 05 + ID: 0003 +Certificate Object; type = X.509 cert + label: ecCert2 + subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 + serial: 08 + ID: 0006 +Public Key Object; RSA 2048 bits + label: testCert + ID: 0001 + Usage: encrypt, verify, verifyRecover, wrap + Access: local +Certificate Object; type = X.509 cert + label: testCert2 + subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 + serial: 07 + ID: 0005 +Private Key Object; EC + label: ecCert2 + ID: 0006 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Certificate Object; type = X.509 cert + label: caCert + subject: DN: CN=Issuer + serial: 01 + ID: 0000 +Private Key Object; EC + label: ecPeerCert + ID: 0003 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Certificate Object; type = X.509 cert + label: ecCert3 + subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 + serial: 09 + ID: 0008 +Private Key Object; RSA + label: testCert + ID: 0001 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local +Certificate Object; type = X.509 cert + label: ecCert + subject: DN: O=PKCS11 Provider, CN=My EC Cert + serial: 04 + ID: 0002 +Public Key Object; EC EC_POINT 256 bits + EC_POINT: 044104f445912a95e03062de051a4cbbd30e3caba0b43b41c9d04e1fafdb44387877df6603d85882eccf8820a557462b83ad18f3827fc33dfdb0a94cf1320521f1a015 + EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) + label: ecCert + ID: 0002 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Private Key Object; EC + label: ecCert3 + ID: 0008 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: always authenticate, sensitive, always sensitive, never extractable, local +Certificate Object; type = X.509 cert + label: edCert + subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert + serial: 06 + ID: 0004 +Private Key Object; EC + label: ecExplicitCert + ID: 0007 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive +Private Key Object; RSA + label: testCert2 + ID: 0005 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local +Public Key Object; RSA 2048 bits + label: caCert + ID: 0000 + Usage: encrypt, verify, verifyRecover, wrap + Access: local +Private Key Object; EC_EDWARDS + label: edCert + ID: 0004 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Public Key Object; EC EC_POINT 192 bits + EC_POINT: 04310410930965f1d0849c2ffa3a575f777f57a7c8c40934e4525eb1e31e689de38a3e7b136b4d3c2bd2c82de70d753ec7209a + EC_PARAMS: 3081af020101302406072a8648ce3d0101021900befa5d6fd594a058d22f2bc4c22009a83685639a85a54d7d303404186f54e1bd75f76fb5d11bec084bd18f94e68e9e02db73852a0418657510e059c61603405486c8a7550ca6530aed3c98a517630431043981fb5d14d3808971275dea9831573301cba0117bea9ab25ef767e188fb4a659d4693e1d27edb94bead8c345db5179902182fbe975bf5652816348bcaf164dc6772e88e010fa5c95c21020104 + label: ecExplicitCert + ID: 0007 + Usage: encrypt, verify, verifyRecover, wrap + Access: none +Certificate Object; type = X.509 cert + label: testCert + subject: DN: O=PKCS11 Provider, CN=My Test Cert + serial: 03 + ID: 0001 +Public Key Object; EC_EDWARDS EC_POINT 272 bits + EC_POINT: 04207c1718daae60bdff1204477cda146ecca170ed32f571e2f00238fc3e3b23c5d9 + EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) + label: edCert + ID: 0004 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Public Key Object; EC EC_POINT 528 bits + EC_POINT: 0481850401d71ab805853d4d9d4ac7971135c22ab77412bfadd57d1e6a7b01ffbf68e6fd81867d19abdd751d544d86eedf62370cb2665f06ac69c693dac82a696761a1fd6bf80105f02f70842353e8f35ad67769eee22b6df0a20bd2d675e164b374bc2b5c16c7bdab147742754c694c1108b57114a086c79f4614088b5f1ea861eace73942df6a3 + EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) + label: ecCert3 + ID: 0008 + Usage: encrypt, verify, verifyRecover, wrap, derive + Access: local +Private Key Object; EC + label: ecCert + ID: 0002 + Usage: decrypt, sign, signRecover, unwrap, derive + Access: sensitive, always sensitive, never extractable, local +Private Key Object; RSA + label: caCert + ID: 0000 + Usage: decrypt, sign, signRecover, unwrap + Access: sensitive, always sensitive, never extractable, local + ---------------------------------------------------------------------------------------------------- + +## Output configurations +Generate openssl config file +Export test variables to /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testvars + + ## +######################################## + +----------------------------------- stderr ----------------------------------- ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/helpers.sh +++ : /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests +++ helper_emit=1 +++ grep -q 'GNU sed' +++ sed --version +++ sed_inplace=('-i') +++ export sed_inplace ++ '[' 1 -ne 1 ']' ++ TOKENTYPE=softhsm ++ TMPPDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm ++ TOKDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/tokens ++ '[' -d /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm ']' ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/tokens ++ PINVALUE=12345678 ++ PINFILE=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt ++ echo 12345678 ++ export GNUTLS_PIN=12345678 ++ GNUTLS_PIN=12345678 ++ '[' softhsm == softhsm ']' ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/softhsm-init.sh +++ title SECTION 'Searching for SoftHSM PKCS#11 library' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for SoftHSM PKCS#11 library' +++ echo '' +++ command -v softhsm2-util ++++++ type -p softhsm2-util +++++ dirname /usr/bin/softhsm2-util ++++ dirname /usr/bin +++ softhsm_prefix=/usr +++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so +++ for _lib in "$@" +++ test -f /usr/lib64/softhsm/libsofthsm2.so +++ for _lib in "$@" +++ test -f /usr/lib/softhsm/libsofthsm2.so +++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' +++ P11LIB=/usr/lib/softhsm/libsofthsm2.so +++ return +++ export P11LIB +++ title SECTION 'Set up testing system' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Set up testing system' +++ echo '' +++ cat +++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/softhsm.conf +++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/softhsm.conf +++ export 'TOKENLABEL=SoftHSM Token' +++ TOKENLABEL='SoftHSM Token' +++ export TOKENLABELURI=SoftHSM%20Token +++ TOKENLABELURI=SoftHSM%20Token +++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 +++ export 'TOKENOPTIONS=pkcs11-module-quirks = no-deinit no-operation-state' +++ TOKENOPTIONS='pkcs11-module-quirks = no-deinit no-operation-state' +++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/softhsm.conf' +++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/softhsm.conf' +++ export TESTPORT=32000 +++ TESTPORT=32000 ++ SEEDFILE=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/noisefile.bin ++ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/noisefile.bin bs=2048 count=1 ++ RAND64FILE=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/64krandom.bin ++ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/64krandom.bin bs=2048 count=32 +++ uname ++ '[' Linux == Darwin ']' +++ type -p certtool ++ certtool=/usr/bin/certtool ++ '[' -z /usr/bin/certtool ']' ++ P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") ++ cat ++ title LINE 'Creating new Self Sign CA' ++ case "$1" in ++ shift 1 ++ echo 'Creating new Self Sign CA' ++ KEYID=0000 ++ URIKEYID=%00%00 ++ CACRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt ++ CACRT_PEM=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem ++ CACRTN=caCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 ++ /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --type=cert --id=0000 --label=caCert ++ SERIAL=2 ++ openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem ++ echo 'organization = "PKCS11 Provider"' ++ sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ KEYID=0001 ++ URIKEYID=%00%01 ++ TSTCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert ++ TSTCRTN=testCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert testCert 'My Test Cert' 0001 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert ++ LABEL=testCert ++ CN='My Test Cert' ++ KEYID=0001 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:23 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 03 + Validity: + Not Before: Wed Nov 27 19:47:23 UTC 2024 + Not After: Thu Nov 27 19:47:23 UTC 2025 + Subject: CN=My Test Cert,O=PKCS11 Provider + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:e0:53:39:21:3e:33:c9:9a:20:8a:da:de:04:c3:ba + de:2d:3d:0d:93:96:24:03:07:7a:8a:62:1b:07:04:31 + 96:fe:85:c9:b0:3c:9d:21:48:e6:2e:73:b0:84:44:70 + a5:41:da:21:7e:3b:e6:b1:ce:24:5b:dc:42:de:8a:e2 + 57:25:81:56:94:42:30:34:65:f7:5a:43:13:04:83:7b + ef:f0:eb:b7:46:ec:10:71:04:d5:65:18:bb:e2:24:a6 + 93:26:59:68:5e:a5:bb:ab:41:72:54:2b:f8:c0:90:d8 + 2a:d0:88:30:8f:20:10:c2:d7:c8:0b:0c:1d:c6:40:bc + 6a:92:6a:05:61:39:58:01:84:c2:3f:22:94:36:af:4f + 44:96:09:49:05:39:c6:26:d2:ec:19:1c:d4:a6:34:1a + 23:b1:3b:b4:b8:fd:c9:11:8b:c0:2c:87:6e:64:8c:41 + e3:2c:f9:d1:22:d3:09:fd:98:ac:a0:34:c1:24:44:a0 + bf:ee:b1:10:3d:77:ba:38:18:23:fd:99:11:1b:ba:45 + 08:52:f5:f9:f5:f9:40:14:dd:e4:de:ac:d1:e8:d5:55 + d0:03:2a:06:0b:5b:c9:51:43:89:99:0e:f7:25:4a:da + 21:e4:0c:b4:36:8f:35:ed:bc:29:03:d4:36:84:15:63 + ab + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Key encipherment. + Subject Key Identifier (not critical): + 1f006d9b5a7a08f2f818e846ead17b8420118434 + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:1f006d9b5a7a08f2f818e846ead17b8420118434 + sha256:c6f6dd401e3005eab36ca736ea12604b4d889abf5fe6da72c4f21c73b164dd4a + Public Key PIN: + pin-sha256:xvbdQB4wBeqzbKc26hJgS02Imr9f5tpyxPIcc7Fk3Uo= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert.crt --type=cert --id=0001 --label=testCert ++ BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' ++ BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ BASEURI=pkcs11:id=%00%01 ++ PUBURI='pkcs11:type=public;id=%00%01' ++ PRIURI='pkcs11:type=private;id=%00%01' ++ CRTURI='pkcs11:type=cert;object=testCert' ++ title LINE 'RSA PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'RSA PKCS11 URIS' ++ echo 'pkcs11:id=%00%01?pin-value=12345678' ++ echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%01 ++ echo 'pkcs11:type=public;id=%00%01' ++ echo 'pkcs11:type=private;id=%00%01' ++ echo 'pkcs11:type=cert;object=testCert' ++ echo '' ++ KEYID=0002 ++ URIKEYID=%00%02 ++ ECCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert ++ ECCRTN=ecCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert ecCert 'My EC Cert' 0002 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert ++ LABEL=ecCert ++ CN='My EC Cert' ++ KEYID=0002 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:23 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 04 + Validity: + Not Before: Wed Nov 27 19:47:23 UTC 2024 + Not After: Thu Nov 27 19:47:23 UTC 2025 + Subject: CN=My EC Cert,O=PKCS11 Provider + Subject Public Key Algorithm: EC/ECDSA + Algorithm Security Level: High (256 bits) + Curve: SECP256R1 + X: + 00:f4:45:91:2a:95:e0:30:62:de:05:1a:4c:bb:d3:0e + 3c:ab:a0:b4:3b:41:c9:d0:4e:1f:af:db:44:38:78:77 + df + Y: + 66:03:d8:58:82:ec:cf:88:20:a5:57:46:2b:83:ad:18 + f3:82:7f:c3:3d:fd:b0:a9:4c:f1:32:05:21:f1:a0:15 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + 4f19bf0c9f0e50b781c3ecbe4b11472b5d1e4571 + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:4f19bf0c9f0e50b781c3ecbe4b11472b5d1e4571 + sha256:60c81da1eaf0fe10ab03e392bff8bbdf673c881ac94ae1b197a7b180af65c5c4 + Public Key PIN: + pin-sha256:YMgdoerw/hCrA+OSv/i732c8iBrJSuGxl6exgK9lxcQ= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert.crt --type=cert --id=0002 --label=ecCert ++ ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' ++ ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ ECBASEURI=pkcs11:id=%00%02 ++ ECPUBURI='pkcs11:type=public;id=%00%02' ++ ECPRIURI='pkcs11:type=private;id=%00%02' ++ ECCRTURI='pkcs11:type=cert;object=ecCert' ++ KEYID=0003 ++ URIKEYID=%00%03 ++ ECPEERCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/ecpeercert ++ ECPEERCRTN=ecPeerCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/ecpeercert ecPeerCert 'My Peer EC Cert' 0003 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/ecpeercert ++ LABEL=ecPeerCert ++ CN='My Peer EC Cert' ++ KEYID=0003 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/ecpeercert.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:24 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 05 + Validity: + Not Before: Wed Nov 27 19:47:24 UTC 2024 + Not After: Thu Nov 27 19:47:24 UTC 2025 + Subject: CN=My Peer EC Cert,O=PKCS11 Provider + Subject Public Key Algorithm: EC/ECDSA + Algorithm Security Level: High (256 bits) + Curve: SECP256R1 + X: + 00:89:3f:01:c8:a7:cc:89:6a:b4:07:1b:5a:01:cf:60 + ae:90:b0:29:9a:78:06:a6:cf:48:a3:73:45:a3:ed:45 + 29 + Y: + 00:e0:40:ed:62:65:59:39:94:24:ca:6f:19:b1:bb:96 + c7:1e:48:a5:4d:8c:16:95:29:a6:74:35:5a:a7:bc:fc + 73 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + 9931ba28090040bbbdfb650c32d8935c3198aaa7 + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:9931ba28090040bbbdfb650c32d8935c3198aaa7 + sha256:8b7ad3f8b6446a73794f18a35fc8595ed09a62fe3284ccd314d5bb603aec2e2f + Public Key PIN: + pin-sha256:i3rT+LZEanN5TxijX8hZXtCaYv4yhMzTFNW7YDrsLi8= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/ecpeercert.crt --type=cert --id=0003 --label=ecPeerCert ++ ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' ++ ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ ECPEERBASEURI=pkcs11:id=%00%03 ++ ECPEERPUBURI='pkcs11:type=public;id=%00%03' ++ ECPEERPRIURI='pkcs11:type=private;id=%00%03' ++ ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' ++ title LINE 'EC PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'EC PKCS11 URIS' ++ echo 'pkcs11:id=%00%02?pin-value=12345678' ++ echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%02 ++ echo 'pkcs11:type=public;id=%00%02' ++ echo 'pkcs11:type=private;id=%00%02' ++ echo 'pkcs11:type=cert;object=ecCert' ++ echo 'pkcs11:id=%00%03?pin-value=12345678' ++ echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%03 ++ echo 'pkcs11:type=public;id=%00%03' ++ echo 'pkcs11:type=private;id=%00%03' ++ echo 'pkcs11:type=cert;object=ecPeerCert' ++ echo '' ++ '[' softhsm '!=' softokn ']' ++ KEYID=0004 ++ URIKEYID=%00%04 ++ EDCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/edcert ++ EDCRTN=edCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/edcert edCert 'My ED25519 Cert' 0004 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/edcert ++ LABEL=edCert ++ CN='My ED25519 Cert' ++ KEYID=0004 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/edcert.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:24 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 06 + Validity: + Not Before: Wed Nov 27 19:47:24 UTC 2024 + Not After: Thu Nov 27 19:47:24 UTC 2025 + Subject: CN=My ED25519 Cert,O=PKCS11 Provider + Subject Public Key Algorithm: EdDSA (Ed25519) + Algorithm Security Level: High (256 bits) + Curve: Ed25519 + X: + 7c:17:18:da:ae:60:bd:ff:12:04:47:7c:da:14:6e:cc + a1:70:ed:32:f5:71:e2:f0:02:38:fc:3e:3b:23:c5:d9 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + 73c1a8b88f11fb08033265b9655857064e1439c7 + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:73c1a8b88f11fb08033265b9655857064e1439c7 + sha256:8f2661206ff8dd562b41d53c56e5ed8c362b40e313ed3b968244ba51a5ed641a + Public Key PIN: + pin-sha256:jyZhIG/43VYrQdU8VuXtjDYrQOMT7TuWgkS6UaXtZBo= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/edcert.crt --type=cert --id=0004 --label=edCert ++ EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' ++ EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ EDBASEURI=pkcs11:id=%00%04 ++ EDPUBURI='pkcs11:type=public;id=%00%04' ++ EDPRIURI='pkcs11:type=private;id=%00%04' ++ EDCRTURI='pkcs11:type=cert;object=edCert' ++ title LINE 'ED25519 PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'ED25519 PKCS11 URIS' ++ echo 'pkcs11:id=%00%04;pin-value=12345678' ++ echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%04 ++ echo 'pkcs11:type=public;id=%00%04' ++ echo 'pkcs11:type=private;id=%00%04' ++ echo 'pkcs11:type=cert;object=edCert' ++ title PARA 'generate RSA key pair, self-signed certificate, remove public key' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## generate RSA key pair, self-signed certificate, remove public key' ++ '[' -f '' ']' ++ KEYID=0005 ++ URIKEYID=%00%05 ++ TSTCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert2 ++ TSTCRTN=testCert2 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert2 testCert2 'My Test Cert 2' 0005 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert2 ++ LABEL=testCert2 ++ CN='My Test Cert 2' ++ KEYID=0005 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert2.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:26 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 07 + Validity: + Not Before: Wed Nov 27 19:47:26 UTC 2024 + Not After: Thu Nov 27 19:47:26 UTC 2025 + Subject: CN=My Test Cert 2,O=PKCS11 Provider + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:ba:bf:c2:de:d4:fe:7f:e1:fa:50:d0:82:4d:fd:ab + 22:ab:ec:13:53:0c:46:e2:13:af:94:d4:5e:a8:f2:17 + 6d:6b:a0:89:df:57:a9:24:32:0a:f0:4d:f3:58:94:3e + df:64:8a:ab:70:6b:6a:05:44:65:bb:74:29:f5:63:98 + cd:e7:85:04:e8:5c:92:a9:cd:e9:78:2b:81:de:87:13 + 4a:e4:ed:90:56:8b:2b:4f:69:84:d9:f4:b1:ec:69:1d + 98:df:50:02:aa:11:23:a2:fa:b8:91:6f:76:eb:12:95 + bd:5e:dd:e1:d7:58:d8:46:11:8c:eb:3b:f7:62:39:d7 + a6:ea:81:21:e4:5c:cc:a5:96:a9:2e:bf:e1:e3:35:fb + ee:0d:92:7b:23:39:ed:e1:38:5e:f4:f7:59:cd:c6:95 + 6d:49:23:de:58:3b:61:3c:ff:07:a8:ea:02:d5:01:9f + 33:9c:88:ff:51:68:94:62:91:22:d8:ca:01:d8:17:d1 + ab:51:1a:73:81:d3:73:be:dd:eb:6e:c1:7f:8d:a9:7f + 8a:7a:a1:b1:d5:6a:6d:b2:6d:3f:08:8f:f6:14:f8:88 + 02:83:0d:5b:ee:a9:5c:db:ae:5a:13:9a:41:eb:93:57 + ce:d9:92:77:75:15:22:7b:c6:18:f6:27:6d:66:6a:e6 + f1 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Key encipherment. + Subject Key Identifier (not critical): + 67df5d19be2353ddedbd38b2d6dfb82f12fe83ba + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:67df5d19be2353ddedbd38b2d6dfb82f12fe83ba + sha256:b4ed52a4ec1a5519e99daa7883c660bf3f6b22e17a250a7cd5b0004250de0a16 + Public Key PIN: + pin-sha256:tO1SpOwaVRnpnap4g8Zgvz9rIuF6JQp81bAAQlDeChY= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testcert2.crt --type=cert --id=0005 --label=testCert2 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 ++ BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' ++ BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ BASE2URI=pkcs11:id=%00%05 ++ PRI2URI='pkcs11:type=private;id=%00%05' ++ CRT2URI='pkcs11:type=cert;object=testCert2' ++ title LINE 'RSA2 PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'RSA2 PKCS11 URIS' ++ echo 'pkcs11:id=%00%05?pin-value=12345678' ++ echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%05 ++ echo 'pkcs11:type=private;id=%00%05' ++ echo 'pkcs11:type=cert;object=testCert2' ++ echo '' ++ title PARA 'generate EC key pair, self-signed certificate, remove public key' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## generate EC key pair, self-signed certificate, remove public key' ++ '[' -f '' ']' ++ KEYID=0006 ++ URIKEYID=%00%06 ++ TSTCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert2 ++ TSTCRTN=ecCert2 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert2 ecCert2 'My EC Cert 2' 0006 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert2 ++ LABEL=ecCert2 ++ CN='My EC Cert 2' ++ KEYID=0006 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert2.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:26 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 08 + Validity: + Not Before: Wed Nov 27 19:47:26 UTC 2024 + Not After: Thu Nov 27 19:47:26 UTC 2025 + Subject: CN=My EC Cert 2,O=PKCS11 Provider + Subject Public Key Algorithm: EC/ECDSA + Algorithm Security Level: Ultra (384 bits) + Curve: SECP384R1 + X: + 00:de:db:36:e4:88:79:0d:d1:a5:9e:89:32:b3:61:a7 + 5c:30:ca:b3:e7:bd:8a:cb:23:1c:8d:3e:9f:ab:f3:51 + d7:ca:c2:f6:a7:c1:af:25:64:34:35:b5:24:f1:c1:1c + a1 + Y: + 00:8c:a5:d2:56:54:f0:0b:d2:a9:32:03:5f:79:8b:6e + 62:9b:9a:12:85:bf:46:27:cc:d8:d4:fa:86:66:75:6f + 1e:e6:0c:4a:fd:65:78:08:cf:8c:00:84:6d:91:5a:5b + 2f + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + ab25403ba360ed6cb99b3764cd0f21f3861756ff + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:ab25403ba360ed6cb99b3764cd0f21f3861756ff + sha256:623ad328cf2e4bcb37e4b202a9f7cb54b39094bde6c5ae49b1978f86e42a047b + Public Key PIN: + pin-sha256:YjrTKM8uS8s35LICqffLVLOQlL3mxa5JsZePhuQqBHs= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert2.crt --type=cert --id=0006 --label=ecCert2 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 ++ ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' ++ ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ ECBASE2URI=pkcs11:id=%00%06 ++ ECPRI2URI='pkcs11:type=private;id=%00%06' ++ ECCRT2URI='pkcs11:type=cert;object=ecCert2' ++ title LINE 'EC2 PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'EC2 PKCS11 URIS' ++ echo 'pkcs11:id=%00%06?pin-value=12345678' ++ echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%06 ++ echo 'pkcs11:type=private;id=%00%06' ++ echo 'pkcs11:type=cert;object=ecCert2' ++ echo '' ++ '[' -f /etc/redhat-release ']' ++ '[' softhsm == softokn ']' ++ title PARA 'generate explicit EC key pair' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## generate explicit EC key pair' ++ '[' -f '' ']' ++ KEYID=0007 ++ URIKEYID=%00%07 ++ ECXCRTN=ecExplicitCert ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object=/build/reproducible-path/pkcs11-provider-0.6/tests/explicit_ec.key.der --type=privkey --label=ecExplicitCert --id=0007 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object=/build/reproducible-path/pkcs11-provider-0.6/tests/explicit_ec.pub.der --type=pubkey --label=ecExplicitCert --id=0007 ++ ECXBASEURIWITHPINVALUE='pkcs11:id=%00%07?pin-value=12345678' ++ ECXBASEURIWITHPINSOURCE='pkcs11:id=%00%07?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ ECXBASEURI=pkcs11:id=%00%07 ++ ECXPUBURI='pkcs11:type=public;id=%00%07' ++ ECXPRIURI='pkcs11:type=private;id=%00%07' ++ title LINE 'EXPLICIT EC PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'EXPLICIT EC PKCS11 URIS' ++ echo pkcs11:id=%00%07 ++ echo 'pkcs11:type=public;id=%00%07' ++ echo 'pkcs11:type=private;id=%00%07' ++ echo '' ++ title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' ++ '[' -f '' ']' ++ KEYID=0008 ++ URIKEYID=%00%08 ++ TSTCRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert3 ++ TSTCRTN=ecCert3 ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth ++ ca_sign /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert3 ecCert3 'My EC Cert 3' 0008 ++ CRT=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert3 ++ LABEL=ecCert3 ++ CN='My EC Cert 3' ++ KEYID=0008 ++ (( SERIAL+=1 )) ++ sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg ++ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert3.crt --template=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' +Generating a signed certificate... + +Expiration time: Fri Nov 28 09:47:27 2025 +CA expiration time: Fri Nov 28 09:47:21 2025 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 09 + Validity: + Not Before: Wed Nov 27 19:47:27 UTC 2024 + Not After: Thu Nov 27 19:47:27 UTC 2025 + Subject: CN=My EC Cert 3,O=PKCS11 Provider + Subject Public Key Algorithm: EC/ECDSA + Algorithm Security Level: Future (528 bits) + Curve: SECP521R1 + X: + 01:d7:1a:b8:05:85:3d:4d:9d:4a:c7:97:11:35:c2:2a + b7:74:12:bf:ad:d5:7d:1e:6a:7b:01:ff:bf:68:e6:fd + 81:86:7d:19:ab:dd:75:1d:54:4d:86:ee:df:62:37:0c + b2:66:5f:06:ac:69:c6:93:da:c8:2a:69:67:61:a1:fd + 6b:f8 + Y: + 01:05:f0:2f:70:84:23:53:e8:f3:5a:d6:77:69:ee:e2 + 2b:6d:f0:a2:0b:d2:d6:75:e1:64:b3:74:bc:2b:5c:16 + c7:bd:ab:14:77:42:75:4c:69:4c:11:08:b5:71:14:a0 + 86:c7:9f:46:14:08:8b:5f:1e:a8:61:ea:ce:73:94:2d + f6:a3 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + RFC822Name: testcert@example.org + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + a46ea747916ebad02aa983a28c44f99debfbc088 + Authority Key Identifier (not critical): + abd6a46f4f5676487d5e4500448db3add4fa6df8 +Other Information: + Public Key ID: + sha1:a46ea747916ebad02aa983a28c44f99debfbc088 + sha256:dc9d68e2c63452df3bfb2527abd9e8006e4a76d60c0516774ef00f9724aab896 + Public Key PIN: + pin-sha256:3J1o4sY0Ut87+yUnq9noAG5KdtYMBRZ3TvAPlySquJY= + + + +Signing certificate... ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/eccert3.crt --type=cert --id=0008 --label=ecCert3 ++ ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' ++ ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ ECBASE3URI=pkcs11:id=%00%08 ++ ECPUB3URI='pkcs11:type=public;id=%00%08' ++ ECPRI3URI='pkcs11:type=private;id=%00%08' ++ ECCRT3URI='pkcs11:type=cert;object=ecCert3' ++ title LINE 'EC3 PKCS11 URIS' ++ case "$1" in ++ shift 1 ++ echo 'EC3 PKCS11 URIS' ++ echo 'pkcs11:id=%00%08?pin-value=12345678' ++ echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt' ++ echo pkcs11:id=%00%08 ++ echo 'pkcs11:type=public;id=%00%08' ++ echo 'pkcs11:type=private;id=%00%08' ++ echo 'pkcs11:type=cert;object=ecCert3' ++ echo '' ++ title PARA 'Show contents of softhsm token' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## Show contents of softhsm token' ++ '[' -f '' ']' ++ echo ' ----------------------------------------------------------------------------------------------------' ++ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O ++ echo ' ----------------------------------------------------------------------------------------------------' ++ title PARA 'Output configurations' ++ case "$1" in ++ shift 1 ++ echo '' ++ echo '## Output configurations' ++ '[' -f '' ']' ++ OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf ++ title LINE 'Generate openssl config file' ++ case "$1" in ++ shift 1 ++ echo 'Generate openssl config file' ++ sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|pkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-0.6/tests/openssl.cnf.in ++ title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testvars' ++ case "$1" in ++ shift 1 ++ echo 'Export test variables to /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testvars' ++ cat ++ '[' -n pkcs11:id=%00%04 ']' ++ cat ++ '[' -n pkcs11:id=%00%07 ']' ++ cat ++ cat ++ gen_unsetvars ++ sed -e s/export/unset/ -e 's/=.*$//' ++ grep '^export' /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/testvars ++ title ENDSECTION ++ case "$1" in ++ echo '' ++ echo ' ##' ++ echo '########################################' ++ echo '' +============================================================================== + +==================================== 3/64 ==================================== +test: pkcs11-provider:kryoptic / setup +start time: 19:47:27 +duration: 0.08s +result: exit status 0 +command: LIBSPATH=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/src ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/arm-linux-gnueabihf/pkcs11/p11-kit-client.so SOFTOKNPATH=/usr/lib/arm-linux-gnueabihf UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=185 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-0.6/tests /build/reproducible-path/pkcs11-provider-0.6/tests/setup.sh kryoptic +----------------------------------- stdout ----------------------------------- +######################################## +## Searching for Kryoptic module + +skipped: Unable to find kryoptic PKCS#11 library +----------------------------------- stderr ----------------------------------- ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/helpers.sh +++ : /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests +++ helper_emit=1 +++ sed --version +++ grep -q 'GNU sed' +++ sed_inplace=('-i') +++ export sed_inplace ++ '[' 1 -ne 1 ']' ++ TOKENTYPE=kryoptic ++ TMPPDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic ++ TOKDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic/tokens ++ '[' -d /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic ']' ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic ++ mkdir /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic/tokens ++ PINVALUE=12345678 ++ PINFILE=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/kryoptic/pinfile.txt ++ echo 12345678 ++ export GNUTLS_PIN=12345678 ++ GNUTLS_PIN=12345678 ++ '[' kryoptic == softhsm ']' ++ '[' kryoptic == softokn ']' ++ '[' kryoptic == kryoptic ']' ++ source /build/reproducible-path/pkcs11-provider-0.6/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 +============================================================================== + +==================================== 4/64 ==================================== +test: pkcs11-provider:softokn / basic +start time: 19:47:27 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=14 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper basic-softokn.t +============================================================================== + +==================================== 5/64 ==================================== +test: pkcs11-provider:softhsm / basic +start time: 19:47:27 +duration: 30.11s +result: killed by signal 15 SIGTERM +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=164 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper basic-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tbasic + +## Raw Sign check error + openssl +pkeyutl -sign -inkey "${BASEURI}" + -pkeyopt pad-mode:none + -in ${TMPPDIR}/64Brandom.bin + -out ${TMPPDIR}/raw-sig.bin +Public Key operation error +20E09CF7:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:908: + + +## Sign and Verify with provided Hash and RSA + openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} + + openssl +pkeyutl -sign -inkey "${PRIURI}" + -in ${TMPPDIR}/sha256.bin + -out ${TMPPDIR}/sha256-sig.bin + + openssl +pkeyutl -verify -inkey "${PUBURI}" + -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-sig.bin +Signature Verified Successfully + +## Sign and Verify with provided Hash and RSA with DigestInfo struct + openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} + + openssl +pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 + -in ${TMPPDIR}/sha256.bin + -out ${TMPPDIR}/sha256-sig.bin + + openssl +pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 + -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-sig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with RSA + openssl +pkeyutl -sign -inkey "${BASEURI}" + -digest sha256 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-dgstsig.bin + + openssl +pkeyutl -verify -inkey "${BASEURI}" -pubin + -digest sha256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-dgstsig.bin +Signature Verified Successfully + openssl +pkeyutl -verify -inkey "${PUBURI}" + -pubin + -digest sha256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-dgstsig.bin +Signature Verified Successfully +RSA basic encrypt and decrypt + openssl +pkeyutl -encrypt -inkey "${PUBURI}" -pubin + -in ${SECRETFILE} + -out ${SECRETFILE}.enc + + openssl +pkeyutl -decrypt -inkey "${PRIURI}" + -in ${SECRETFILE}.enc + -out ${SECRETFILE}.dec + + +## Test Disallow Public Export + openssl pkey -in $PUBURI -pubin -pubout -text + +## Test CSR generation from RSA private keys + openssl +req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem + + openssl +req -in ${TMPPDIR}/rsa_csr.pem -verify -noout +Certificate request self-signature verify OK + +## Test fetching public keys without PIN in config files + openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem + + openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem + + openssl pkey -in $ECXPUBURI -pubin -pubout -out ${TMPPDIR}/ecx.pub.nopin.pem + + openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem + + +## Test fetching public keys with a PIN in URI + openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem + + openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem + + openssl pkey -in $ECXBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripin.pem + + openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem + + +## Test fetching public keys with a PIN source in URI + openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem + + openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem + + openssl pkey -in $ECXBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripinsource.pem + + openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem + + +## Test prompting without PIN in config files + +## Test EVP_PKEY_eq on public RSA key both on token + +## Test EVP_PKEY_eq on public EC key both on token + +## Test EVP_PKEY_eq on public explicit EC key both on token + +## Test EVP_PKEY_eq on public RSA key via import + +## Match private RSA key against public key + +## Match private RSA key against public key (commutativity) + +## Test EVP_PKEY_eq on public EC key via import + +## Match private EC key against public key + +## Match private EC key against public key (commutativity) +ECXPUBURI is pkcs11:type=public;id=%00%07 + +## Test EVP_PKEY_eq on public explicit EC key via import + +## Match private explicit EC key against public key + +## Match private explicit EC key against public key (commutativity) + +## Test EVP_PKEY_eq with key exporting disabled + +## Test RSA key + +## Test EC key + +## Test explicit EC key + +## Test PIN caching +Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1628087051 - SoftHSM slot ID 0x610aa30b):" +Returning: 12345678 +Child Done +ALL A-OK! +Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1628087051 - SoftHSM slot ID 0x610aa30b):" +Returning: 12345678 +Child Done +ALL A-OK! + +## Test interactive Login on key without ALWAYS AUTHENTICATE +expect: spawn id exp3 not open + while executing +"expect "ALL A-OK"" + +## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE +expect: spawn id exp3 not open + while executing +"expect "ALL A-OK"" + +## Test Key generation +============================================================================== + +==================================== 6/64 ==================================== +test: pkcs11-provider:kryoptic / basic +start time: 19:47:57 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=184 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper basic-kryoptic.t +============================================================================== + +==================================== 7/64 ==================================== +test: pkcs11-provider:softokn / pubkey +start time: 19:47:57 +duration: 0.06s +result: exit status 77 +command: MALLOC_PERTURB_=248 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper pubkey-softokn.t +============================================================================== + +==================================== 8/64 ==================================== +test: pkcs11-provider:softhsm / pubkey +start time: 19:47:57 +duration: 2.10s +result: exit status 0 +command: MALLOC_PERTURB_=202 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper pubkey-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tpubkey + +## Export RSA Public key to a file + openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub + +Export Public key to a file (pub-uri) + openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub + +Print Public key from private + openssl pkey -in $PRIURI -pubout -text + +## Export Public check error + openssl pkey -in pkcs11:id=%de%ad -pubin + -pubout -out ${TMPPDIR}/pubout-invlid.pub +Could not find private key of Public Key from pkcs11:id=%de%ad + + +## Export EC Public key to a file + openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub + +Export EC Public key to a file (pub-uri) + openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub + +Print EC Public key from private + openssl pkey -in $ECPRIURI -pubout -text + +## Check we can get RSA public keys from certificate objects +Export Public key to a file (priv-uri) + openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub + +Export Public key to a file (base-uri) + openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub + + +## Check we can get EC public keys from certificate objects +Export Public EC key to a file (priv-uri) + openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub + +Export Public key to a file (base-uri) + openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub + +============================================================================== + +==================================== 9/64 ==================================== +test: pkcs11-provider:kryoptic / pubkey +start time: 19:47:59 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=174 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper pubkey-kryoptic.t +============================================================================== + +=================================== 10/64 ==================================== +test: pkcs11-provider:softokn / certs +start time: 19:47:59 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=170 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper certs-softokn.t +============================================================================== + +=================================== 11/64 ==================================== +test: pkcs11-provider:softhsm / certs +start time: 19:48:00 +duration: 1.24s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=212 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper certs-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tcerts + +## Check we can fetch certifiatce objects + openssl +x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt + + openssl +x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt + + +## Use storeutl command to match specific certs via params + openssl +storeutl -certs -subject "${subj}" + -out ${TMPPDIR}/storeutl-crt-subj.txt + pkcs11:type=cert +0: Certificate + openssl +storeutl -certs -subject "${subj}" + -out ${TMPPDIR}/storeutl-crt-subj.txt + pkcs11:type=cert +0: Certificate + openssl +storeutl -certs -subject "${subj}" + -out ${TMPPDIR}/storeutl-crt-subj.txt + pkcs11:type=cert +0: Certificate + openssl +storeutl -certs -subject "${subj}" + -out ${TMPPDIR}/storeutl-crt-subj.txt + pkcs11:type=cert +0: Certificate +============================================================================== + +=================================== 12/64 ==================================== +test: pkcs11-provider:kryoptic / certs +start time: 19:48:01 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=236 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper certs-kryoptic.t +============================================================================== + +=================================== 13/64 ==================================== +test: pkcs11-provider:softokn / ecc +start time: 19:48:01 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=91 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecc-softokn.t +============================================================================== + +=================================== 14/64 ==================================== +test: pkcs11-provider:softhsm / ecc +start time: 19:48:01 +duration: 2.56s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=78 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecc-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tecc + +## Export EC Public key to a file + openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub + +Print EC Public key from private + openssl pkey -in $ECPRIURI -pubout -text + +## Sign and Verify with provided Hash and EC + openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} + + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -in ${TMPPDIR}/sha256.bin + -out ${TMPPDIR}/sha256-ecsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-ecsig.bin +Signature Verified Successfully + openssl +pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-ecsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-256) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha256 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-384) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha384 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha384-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha384 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-512) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha512 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha512-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha512 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-256) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha3-256 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-256-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha3-256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-384) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha3-384 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-384-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha3-384 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-512) + openssl +pkeyutl -sign -inkey "${ECBASEURI}" + -digest sha3-512 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-512-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECBASEURI}" -pubin + -digest sha3-512 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin +Signature Verified Successfully + +## Test CSR generation from private ECC keys + openssl +req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem + + openssl +req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout +Certificate request self-signature verify OK +============================================================================== + +=================================== 15/64 ==================================== +test: pkcs11-provider:kryoptic / ecc +start time: 19:48:03 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=165 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecc-kryoptic.t +============================================================================== + +=================================== 16/64 ==================================== +test: pkcs11-provider:softhsm / edwards +start time: 19:48:04 +duration: 2.25s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper edwards-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tedwards + +## Export ED25519 Public key to a file + openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub + +Print ED25519 Public key from private + openssl pkey -in $EDPRIURI -pubout -text + +## DigestSign and DigestVerify with ED25519 + openssl +pkeyutl -sign -inkey "${EDBASEURI}" + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-eddgstsig.bin + + openssl +pkeyutl -verify -inkey "${EDBASEURI}" -pubin + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-eddgstsig.bin +Signature Verified Successfully + +## Test CSR generation from private ED25519 keys + openssl +req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem + + openssl +req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout +Certificate request self-signature verify OK + +## Test EVP_PKEY_eq on public Edwards key both on token + +## Test EVP_PKEY_eq on public ED key via import + +## Match private ED key against public key + +## Match private ED key against public key (commutativity) + +## Test Key generation +Performed tests: 1 + +## Test Ed448 Key generation +Performed tests: 1 +============================================================================== + +=================================== 17/64 ==================================== +test: pkcs11-provider:kryoptic / edwards +start time: 19:48:06 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=53 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper edwards-kryoptic.t +============================================================================== + +=================================== 18/64 ==================================== +test: pkcs11-provider:softokn / ecdh +start time: 19:48:06 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=78 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecdh-softokn.t +============================================================================== + +=================================== 19/64 ==================================== +test: pkcs11-provider:kryoptic / ecdh +start time: 19:48:06 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=200 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecdh-kryoptic.t +============================================================================== + +=================================== 20/64 ==================================== +test: pkcs11-provider:softokn / democa +start time: 19:48:06 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=30 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper democa-softokn.t +============================================================================== + +=================================== 21/64 ==================================== +test: pkcs11-provider:softhsm / democa +start time: 19:48:06 +duration: 3.16s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=238 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper democa-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tdemoca + +## Set up demoCA + +## Generating CA cert if needed + openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem + + +## Generating a new CSR with key in file + openssl +req -batch -noenc -newkey rsa:2048 + -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" + -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr +...+.....+++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++*.+.....+.......+.........+......+...+...............+...........+..........+...+...+.....+.......+..+..........+...+..+..........+.........+.........+..+.........+.+........+..........++++++ +........+..+++++++++++++++++++++++++++++++++++++++*.+.......+........+....+..+.........+......+.+...+++++++++++++++++++++++++++++++++++++++*..+.....+.+....................+..........+.........+..+.........+.+..............+......+....+..+.......+......+.........+......+.....+......+.+...+............+..+......+....+...........+.+.....+......+.......+...+.........+...+........+..........+.........+.....+...............+.+........+......+.+..+..........+..+......++++++ +----- + + +## Signing the new certificate + openssl +ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem +Using configuration from /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'testing-csr-signing' +organizationName :ASN.1 12:'PKCS11 Provider' +countryName :PRINTABLE:'US' +Certificate is to be certified until Nov 27 19:48:07 2025 GMT (365 days) + +Write out database with 1 new entries +Database updated + + +## Generating a new CSR with existing RSA key in token + openssl +req -batch -noenc -new -key ${PRIURI} + -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" + -out ${DEMOCA}/cert-rsa.csr + + +## Signing the new RSA key certificate + openssl +ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem +Using configuration from /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'testing-rsa-signing' +organizationName :ASN.1 12:'PKCS11 Provider' +countryName :PRINTABLE:'US' +Certificate is to be certified until Nov 27 19:48:08 2025 GMT (365 days) + +Write out database with 1 new entries +Database updated + + +## Generating a new CSR with existing EC key in token + openssl +req -batch -noenc -new -key ${ECPRIURI} + -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" + -out ${DEMOCA}/cert-ec.csr + + +## Signing the new EC key certificate + openssl +ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem +Using configuration from /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'testing-ec-signing' +organizationName :ASN.1 12:'PKCS11 Provider' +countryName :PRINTABLE:'US' +Certificate is to be certified until Nov 27 19:48:08 2025 GMT (365 days) + +Write out database with 1 new entries +Database updated + + +## Generating a new CSR with existing ED key in token + openssl + req -batch -noenc -new -key ${EDPRIURI} + -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" + -out ${DEMOCA}/cert-ed.csr + + +## Signing the new ED key certificate + openssl + ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem +Using configuration from /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'testing-ed-signing' +organizationName :ASN.1 12:'PKCS11 Provider' +countryName :PRINTABLE:'US' +Certificate is to be certified until Nov 27 19:48:09 2025 GMT (365 days) + +Write out database with 1 new entries +Database updated + + +## Set up OCSP + openssl +req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" + -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr + + openssl +ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem + -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem +Using configuration from /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/openssl.cnf +Check that the request matches the signature +Signature ok +The Subject's Distinguished Name is as follows +commonName :ASN.1 12:'OCSP' +organizationName :ASN.1 12:'PKCS11 Provider' +countryName :PRINTABLE:'US' +Certificate is to be certified until Nov 27 19:48:09 2025 GMT (365 days) + +Write out database with 1 new entries +Database updated + +============================================================================== + +=================================== 22/64 ==================================== +test: pkcs11-provider:kryoptic / democa +start time: 19:48:09 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=197 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper democa-kryoptic.t +============================================================================== + +=================================== 23/64 ==================================== +test: pkcs11-provider:softokn / digest +start time: 19:48:09 +duration: 0.06s +result: exit status 77 +command: MALLOC_PERTURB_=163 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper digest-softokn.t +============================================================================== + +=================================== 24/64 ==================================== +test: pkcs11-provider:softhsm / digest +start time: 19:48:09 +duration: 0.42s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=4 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper digest-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tdigest + +## Test Digests support +sha512-224: Unsupported by pkcs11 token +sha512-256: Unsupported by pkcs11 token +sha3-224: Unsupported by pkcs11 token +sha3-256: Unsupported by pkcs11 token +sha3-384: Unsupported by pkcs11 token +sha3-512: Unsupported by pkcs11 token +PASSED + +## Test Digests Blocked +No digest available for testing pkcs11 provider +Digest operations failed as expected +============================================================================== + +=================================== 25/64 ==================================== +test: pkcs11-provider:kryoptic / digest +start time: 19:48:10 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=33 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper digest-kryoptic.t +============================================================================== + +=================================== 26/64 ==================================== +test: pkcs11-provider:softokn / fork +start time: 19:48:10 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=200 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper fork-softokn.t +============================================================================== + +=================================== 27/64 ==================================== +test: pkcs11-provider:softhsm / fork +start time: 19:48:10 +duration: 4.49s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=15 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper fork-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/tfork +Child Done +Child Done +ALL A-OK! +============================================================================== + +=================================== 28/64 ==================================== +test: pkcs11-provider:kryoptic / fork +start time: 19:48:14 +duration: 0.07s +result: exit status 77 +command: MALLOC_PERTURB_=35 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper fork-kryoptic.t +============================================================================== + +=================================== 29/64 ==================================== +test: pkcs11-provider:softokn / oaepsha2 +start time: 19:48:14 +duration: 0.06s +result: exit status 77 +command: MALLOC_PERTURB_=12 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper oaepsha2-softokn.t +============================================================================== + +=================================== 30/64 ==================================== +test: pkcs11-provider:kryoptic / oaepsha2 +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=207 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper oaepsha2-kryoptic.t +============================================================================== + +=================================== 31/64 ==================================== +test: pkcs11-provider:softokn / hkdf +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=30 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper hkdf-softokn.t +============================================================================== + +=================================== 32/64 ==================================== +test: pkcs11-provider:kryoptic / hkdf +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=27 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper hkdf-kryoptic.t +============================================================================== + +=================================== 33/64 ==================================== +test: pkcs11-provider:softokn / imported +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=186 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper imported-softokn.t +============================================================================== + +=================================== 34/64 ==================================== +test: pkcs11-provider:kryoptic / imported +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=151 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper imported-kryoptic.t +============================================================================== + +=================================== 35/64 ==================================== +test: pkcs11-provider:softokn / rsapss +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=27 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rsapss-softokn.t +============================================================================== + +=================================== 36/64 ==================================== +test: pkcs11-provider:softhsm / rsapss +start time: 19:48:15 +duration: 0.55s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=32 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rsapss-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/trsapss + +## DigestSign and DigestVerify with RSA PSS + openssl +pkeyutl -sign -inkey "${BASEURI}" + -digest sha256 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha256 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-dgstsig.bin + + openssl +pkeyutl -verify -inkey "${BASEURI}" -pubin + -digest sha256 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha256 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-dgstsig.bin +Signature Verified Successfully +Re-verify using OpenSSL default provider + openssl +pkeyutl -verify -inkey "${PUBURI}" + -pubin + -digest sha256 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha256 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-dgstsig.bin +Signature Verified Successfully +============================================================================== + +=================================== 37/64 ==================================== +test: pkcs11-provider:kryoptic / rsapss +start time: 19:48:15 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=13 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rsapss-kryoptic.t +============================================================================== + +=================================== 38/64 ==================================== +test: pkcs11-provider:softhsm / rsapssam +start time: 19:48:16 +duration: 3.29s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=71 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rsapssam-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/trsapssam + +## Generate RSA PSS key restricted to SHA256 + openssl +genpkey -propquery "?provider=pkcs11" + -algorithm "RSA-PSS" -pkeyopt "rsa_pss_keygen_md:SHA256" + -pkeyopt "pkcs11_uri:pkcs11:object=Test-RSA-PSS-Restrictions" +-----BEGIN PKCS#11 PROVIDER URI----- +MIHmGhlQS0NTIzExIFByb3ZpZGVyIFVSSSB2MS4wDIHIcGtjczExOm1vZGVsPVNv +ZnRIU00lMjB2MjttYW51ZmFjdHVyZXI9U29mdEhTTSUyMHByb2plY3Q7c2VyaWFs +PWUzMGMxNjRkZTEwYWEzMGI7dG9rZW49U29mdEhTTSUyMFRva2VuO2lkPSVFNCUz +QSVEMiUxRCVGNCU1RiUyNyUzNyVBOSU1NSU2NyVBNyU0MyU1NCVDNCUzRjtvYmpl +Y3Q9VGVzdC1SU0EtUFNTLVJlc3RyaWN0aW9uczt0eXBlPXByaXZhdGU= +-----END PKCS#11 PROVIDER URI----- + +## DigestSign and DigestVerify with RSA PSS + openssl +pkeyutl -sign -inkey "pkcs11:object=Test-RSA-PSS-Restrictions;type=private" + -digest sha256 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha256 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin + + openssl +pkeyutl -verify -inkey "pkcs11:object=Test-RSA-PSS-Restrictions;type=public" -pubin + -digest sha256 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha256 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin +Signature Verified Successfully + +## Fail DigestSign with RSA PSS because of restricted Digest + openssl +pkeyutl -sign -inkey "pkcs11:object=Test-RSA-PSS-Restrictions;type=private" + -digest sha384 + -pkeyopt pad-mode:pss + -pkeyopt mgf1-digest:sha384 + -pkeyopt saltlen:digest + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 + +## Generate RSA PSS key + openssl +genpkey -propquery "?provider=pkcs11" + -algorithm "RSA-PSS" + -pkeyopt "pkcs11_uri:pkcs11:object=Test-RSA-PSS-Only" +-----BEGIN PKCS#11 PROVIDER URI----- +MIHeGhlQS0NTIzExIFByb3ZpZGVyIFVSSSB2MS4wDIHAcGtjczExOm1vZGVsPVNv +ZnRIU00lMjB2MjttYW51ZmFjdHVyZXI9U29mdEhTTSUyMHByb2plY3Q7c2VyaWFs +PWUzMGMxNjRkZTEwYWEzMGI7dG9rZW49U29mdEhTTSUyMFRva2VuO2lkPSU0QSUw +MyVGQyVBNCVFRSU2OCU4MCU4OCVBQiVFMiU5QyVEQiUzMCU3RiU0NCU4RDtvYmpl +Y3Q9VGVzdC1SU0EtUFNTLU9ubHk7dHlwZT1wcml2YXRl +-----END PKCS#11 PROVIDER URI----- + +## Fail Signing with RSA PKCS1 mech and RSA-PSS key + openssl +pkeyutl -sign -inkey "pkcs11:object=Test-RSA-PSS-Only;type=private" + -digest sha256 + -pkeyopt rsa_padding_mode:pkcs1 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 +============================================================================== + +=================================== 39/64 ==================================== +test: pkcs11-provider:softokn / genkey +start time: 19:48:19 +duration: 0.07s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=180 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper genkey-softokn.t +============================================================================== + +=================================== 40/64 ==================================== +test: pkcs11-provider:softhsm / genkey +start time: 19:48:19 +duration: 0.10s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=137 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper genkey-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/tgenkey +Performed tests: 0 +============================================================================== + +=================================== 41/64 ==================================== +test: pkcs11-provider:kryoptic / genkey +start time: 19:48:19 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=160 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper genkey-kryoptic.t +============================================================================== + +=================================== 42/64 ==================================== +test: pkcs11-provider:softokn / session +start time: 19:48:19 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=90 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper session-softokn.t +============================================================================== + +=================================== 43/64 ==================================== +test: pkcs11-provider:softhsm / session +start time: 19:48:19 +duration: 1.10s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=246 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper session-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/tsession +ALL A-OK! +============================================================================== + +=================================== 44/64 ==================================== +test: pkcs11-provider:kryoptic / session +start time: 19:48:20 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=15 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper session-kryoptic.t +============================================================================== + +=================================== 45/64 ==================================== +test: pkcs11-provider:softokn / rand +start time: 19:48:20 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=174 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rand-softokn.t +============================================================================== + +=================================== 46/64 ==================================== +test: pkcs11-provider:softhsm / rand +start time: 19:48:20 +duration: 0.35s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=230 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rand-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/trand + +## Test PKCS11 RNG + openssl rand 1 +207069F7:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () +207069F7:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:655: + + openssl rand 1 +ø +============================================================================== + +=================================== 47/64 ==================================== +test: pkcs11-provider:kryoptic / rand +start time: 19:48:21 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MALLOC_PERTURB_=208 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper rand-kryoptic.t +============================================================================== + +=================================== 48/64 ==================================== +test: pkcs11-provider:softokn / readkeys +start time: 19:48:21 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=122 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper readkeys-softokn.t +============================================================================== + +=================================== 49/64 ==================================== +test: pkcs11-provider:softhsm / readkeys +start time: 19:48:21 +duration: 0.27s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=58 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper readkeys-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/treadkeys +============================================================================== + +=================================== 50/64 ==================================== +test: pkcs11-provider:kryoptic / readkeys +start time: 19:48:21 +duration: 0.06s +result: exit status 77 +command: MALLOC_PERTURB_=113 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper readkeys-kryoptic.t +============================================================================== + +=================================== 51/64 ==================================== +test: pkcs11-provider:softokn / tls +start time: 19:48:21 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=246 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tls-softokn.t +============================================================================== + +=================================== 52/64 ==================================== +test: pkcs11-provider:softhsm / tls +start time: 19:48:21 +duration: 10.08s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=182 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tls-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/ttls + +## Test SSL_CTX creation +SSL Context works! + +## Test setting cert/keys on TLS Context +Cert and Key successfully set on TLS Context! + +## Test setting cert/keys on TLS Context w/o pub key +Cert and Key successfully set on TLS Context! + +## Test an actual TLS connection +######################################## +## TLS with key in provider + + +## Run sanity test with default values (RSA) +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1391 bytes and written 388 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 2048 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 012143E0D59D4D43B03EF778FD16CF29BD15DE7F28EB7C768519C9CDB3909CC9 + Session-ID-ctx: + Resumption PSK: B7B32DC66BFA9840D8C086F61B782887A51ABC0C1DF0D5A10FA29963CB963BF0A6AE17BEE9E7564B0C58C8BE5B034CD2 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 22 ce 06 af 54 77 91 83-57 df 36 66 b3 92 67 2e "...Tw..W.6f..g. + 0010 - e7 b6 ac 7d c3 4b 82 e2-30 c2 b1 24 2f 5c 74 70 ...}.K..0..$/\tp + 0020 - 82 f8 5a 03 c9 f6 d5 59-20 5e c0 b4 a1 4e b8 12 ..Z....Y ^...N.. + 0030 - 1b f4 77 9b 01 d8 5f cc-ec 68 da 1f 0f ba 64 f6 ..w..._..h....d. + 0040 - f8 13 90 d3 27 02 bb db-d4 6d bb 12 2b 6e 20 b3 ....'....m..+n . + 0050 - de 96 ae 7b 3a 21 ab 4e-24 20 f9 b8 6b 01 15 1d ...{:!.N$ ..k... + 0060 - 98 23 70 98 f7 a7 1c ea-e9 a8 a2 44 13 89 20 28 .#p........D.. ( + 0070 - c3 42 89 7e 64 bc ee f0-70 c5 e0 17 d6 a0 eb 57 .B.~d...p......W + 0080 - 91 fb d7 e6 b8 b5 c3 ae-03 52 7d e2 a2 7c 5b b2 .........R}..|[. + 0090 - f1 7f b1 cc 15 7c 0f a2-bd 34 64 fd 1f f9 8a 64 .....|...4d....d + 00a0 - df 7f c1 41 66 0d ee ac-5b 07 51 0b e9 74 7b 9c ...Af...[.Q..t{. + 00b0 - 2c ed e3 32 75 69 2d 34-93 b9 be bb d7 b8 71 3d ,..2ui-4......q= + 00c0 - 83 15 3a 6e b3 70 5c de-5a e0 2e 33 e8 87 9b e4 ..:n.p\.Z..3.... + + Start Time: 1732736903 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 9BF4B3CFD7F6C4FA75A2B7566BF00B6190180DBFBB162D892F9E384B207CB956 + Session-ID-ctx: + Resumption PSK: 5CB82FCC11E1CB5CDF7D37B693BD3EE955AB9D4FB77F808368183BEC825F0FE030131FFFEEA38C3F59A9168A4D0C2E9B + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 22 ce 06 af 54 77 91 83-57 df 36 66 b3 92 67 2e "...Tw..W.6f..g. + 0010 - 28 5f d9 33 c5 d6 89 b1-fc d4 53 b2 5c 39 7c fe (_.3......S.\9|. + 0020 - cb c0 78 ed 2b 51 7f 6b-e5 cd c3 bd 2c c0 b5 43 ..x.+Q.k....,..C + 0030 - ff e5 f9 b8 9e c2 c9 77-16 60 4f 5e 78 97 6b 7f .......w.`O^x.k. + 0040 - a0 ba 2c 43 11 49 59 f2-97 bf 59 7b 17 a2 c2 dc ..,C.IY...Y{.... + 0050 - b2 7b e2 fa e3 8d 00 c7-ac 25 6e 37 47 ba ec 1f .{.......%n7G... + 0060 - ac 7c dc de b4 6c 8f b2-c3 0e ff 82 d5 c4 9b 74 .|...l.........t + 0070 - c0 61 d2 a8 6d 66 66 1f-a9 39 f5 56 8d ed c8 39 .a..mff..9.V...9 + 0080 - 44 45 a0 48 d0 10 d4 71-4c 08 0b dd fd 38 52 0d DE.H...qL....8R. + 0090 - f8 59 ab 74 8a 0f 61 c9-ed 8a 4c c4 12 e0 c0 da .Y.t..a...L..... + 00a0 - 49 ae 84 7b 7b 00 d3 c9-39 09 f2 99 b7 5e bb d0 I..{{...9....^.. + 00b0 - ca e0 6b 87 e8 b3 86 e7-2c e0 cd 12 09 a2 f5 56 ..k.....,......V + 00c0 - 9e bc 04 65 8a 12 03 56-75 e2 0e f9 20 76 15 8e ...e...Vu... v.. + + Start Time: 1732736903 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20E0A0F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGDAgEBAgIDBAQCEwIEIG5S1JNAe0R02gCkvap5y/SmcJmyfht0mYjCtAGmDxcQ +BDBcuC/MEeHLXN99N7aTvT7pVaudT7d/gINoGDvsgl8P4DATH//uo4w/WakWik0M +LpuhBgIEZ0d3h6IEAgIcIKQGBAQBAAAArgcCBQDd3RC3swMCAR0= +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run sanity test with default values (ECDSA) +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1001 bytes and written 388 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: A0EABA52BDB108102BC0AE6E47D5C85E984CDF57F0530E814C83E0318B3198E8 + Session-ID-ctx: + Resumption PSK: 13A41172C8D45AEF39239E55317DF4D936E60F0452F5BB57917681B91E9897A356A40D2F046014F23C8C8F8CA934CE7E + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 95 ef 5f 49 4e 6d f8 6e-6a 90 1a ff e5 95 ec 7c .._INm.nj......| + 0010 - ff 96 58 db 3d c6 c8 46-1d be 25 9e 58 56 b8 89 ..X.=..F..%.XV.. + 0020 - 62 d8 89 2c a7 87 1e ec-23 78 f7 ab 3b c7 67 90 b..,....#x..;.g. + 0030 - de 52 b5 b7 dc 31 67 65-f9 ed 29 bd 86 a1 af 87 .R...1ge..)..... + 0040 - a6 66 82 13 0d 17 d6 c0-e2 8a 45 c7 4f 88 b6 c9 .f........E.O... + 0050 - b0 10 65 c0 9b f0 fb df-ad bd 3c 4d d3 22 16 a8 ..e........@..S.D.a^D.. + + Start Time: 1732736903 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 4B022DAB0ED75CE870C26845D686DBC35E774595684D821978057D73021FA52A + Session-ID-ctx: + Resumption PSK: 09E2262C809F04E272B311D8F8998248DBA1578B3621F9A486440F056B4B50EDE9CEC96D402FF6124D2E003BFC968ACE + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 95 ef 5f 49 4e 6d f8 6e-6a 90 1a ff e5 95 ec 7c .._INm.nj......| + 0010 - c2 0c f1 36 c2 b8 70 cf-ca 53 3c 5f 44 d0 f9 7b ...6..p..S<_D..{ + 0020 - ba d7 77 37 c9 99 c5 e6-a8 e0 1c 13 44 36 90 0f ..w7........D6.. + 0030 - da 90 3d 84 3d ee bc 68-86 8c 62 21 78 74 ed 62 ..=.=..h..b!xt.b + 0040 - 26 e7 1e c5 d6 b0 1c 05-35 fa ce a1 3c ae a4 05 &.......5...<... + 0050 - 4f 6e 71 5f cd 64 4a ac-8c e5 fa 3e fd 9b 9f 3a Onq_.dJ....>...: + 0060 - 3f f3 91 02 a7 9a 2a 64-b8 e0 cd 78 b8 82 a1 50 ?.....*d...x...P + 0070 - 50 f8 19 82 85 c5 1e 4b-f1 c7 77 ce 1c 30 2c 9c P......K..w..0,. + 0080 - 57 01 3e 08 f6 27 f3 9a-e4 b8 1a c4 e3 07 24 0a W.>..'........$. + 0090 - 24 25 14 65 94 c9 56 4c-26 55 24 39 7a c7 8c 47 $%.e..VL&U$9z..G + 00a0 - 1d f2 13 19 ef 64 5e c2-27 05 73 da 78 c1 30 6b .....d^.'.s.x.0k + 00b0 - c4 8f 41 63 d6 54 00 6f-c5 78 02 23 ac 56 af 16 ..Ac.T.o.x.#.V.. + 00c0 - 85 f8 8b 27 7b 8a fd 78-55 3b 6f 86 ff aa ab 82 ...'{..xU;o..... + + Start Time: 1732736903 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20409FF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEIGIOcTBCfy0S5bu+i9mJmEc+vEAVzzVapS77GOIgkO1V +BDAJ4iYsgJ8E4nKzEdj4mYJI26FXizYh+aSGRA8Fa0tQ7enOyW1AL/YSTS4AO/yW +is6hBgIEZ0d3h6IEAgIcIKQGBAQBAAAArgYCBDoCbS6zAwIBHQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL +Q + +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run sanity test with default values (EdDSA) +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My ED25519 Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My ED25519 Cert + i:CN=Issuer + a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:24 2024 GMT; NotAfter: Nov 27 19:47:24 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzI0WhcNMjUxMTI3MTk0NzI0WjA0MRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl +cAMhAHwXGNquYL3/EgRHfNoUbsyhcO0y9XHi8AI4/D47I8XZo4GBMH8wDAYDVR0T +AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B +Af8EBAMCB4AwHQYDVR0OBBYEFHPBqLiPEfsIAzJluWVYVwZOFDnHMB8GA1UdIwQY +MBaAFKvWpG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQBS0B1O +/JY4dX5vGfUjuC1MVJoWlhmW5h6+XwmyLZDdUCU1EFnN/28IlbGX8tksYstoFZx8 +kuu9tkygrIlZwkXT2GuXEioSBmZh1mqbv1STxo2sLxaaVqELSPYhvl7nuwBtI6AH +aBnmtD55jOq4MVcz5sSCS58dzailSpyq218vAXir/GALazd7wlpWw7n5DYqPffPj +aCCG+mWTpvk4LU0O48CGu+Fu34KxM7XGnZ4HrqJvyW8cAiMKFwiGDu8AlTS5woQY +9Xog1XflLb14WR5N/CEZxxxQCp5eRjdyDVA/EYGdOS8t/zq7Jf5yrDE6ZqHpJMBn +esDYCVY+SYIV6KCK +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My ED25519 Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signature type: Ed25519 +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 952 bytes and written 388 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 22CE3404BD0D5AC9B6FF95664E6B4F963713FC252C7EB03558B6FE182C5E0E1F + Session-ID-ctx: + Resumption PSK: F2E0D7E474177DF64147CB5B84C1EEC3E59DC77B7AB1F23423C558B70B9FEDA0761CA01F0061FB5365AC0204E188E490 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 63 84 0c 82 16 71 2c 94-41 fe e1 86 12 85 7b 12 c....q,.A.....{. + 0010 - 73 a0 8e c4 82 94 f5 ea-86 8d 3e 8c 61 13 bd 66 s.........>.a..f + 0020 - a4 a5 46 cc 0a 56 81 d6-48 c4 09 55 ba e6 37 96 ..F..V..H..U..7. + 0030 - 3a b9 18 73 5c f3 0e 23-28 a4 ce d7 6e e5 d8 53 :..s\..#(...n..S + 0040 - 90 eb 61 13 9d d8 d6 df-77 9c a5 ac c2 cf 21 88 ..a.....w.....!. + 0050 - 46 08 fd c6 2d cb f5 46-c2 12 83 db 87 50 a5 34 F...-..F.....P.4 + 0060 - 03 da 0b 7d 84 cc 02 12-31 60 c6 d8 ed 37 ec a2 ...}....1`...7.. + 0070 - 1e 04 58 8a 98 29 b9 14-0c 7f 3c bf ab ca db 17 ..X..)....<..... + 0080 - 73 d1 b9 1b 96 cb 00 d2-08 7c 0c f1 4d c6 29 68 s........|..M.)h + 0090 - f8 57 b0 cc 92 9f c1 54-c3 41 59 fe ac 2e e8 a5 .W.....T.AY..... + 00a0 - d1 62 4d 9c 20 3f 52 1d-c8 60 bd 5d d1 45 98 83 .bM. ?R..`.].E.. + 00b0 - 9a cb cb dd c4 a7 5e 28-d5 35 8e 03 60 68 53 3b ......^(.5..`hS; + 00c0 - ef ad 4f bb 1c 05 a5 bc-2f e1 c0 17 0c 37 ca 38 ..O...../....7.8 + + Start Time: 1732736904 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 0F4F350E5B255CBE817CB87ECBDCBC7E962D041E433F720DCA647235220CA77D + Session-ID-ctx: + Resumption PSK: B7BB4840655815C2C92CAC93EB7176E5A59F05E36D4C4446E1828C82A3AD16D5A24B59AF4BB665F392283C413E3A9FE5 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 63 84 0c 82 16 71 2c 94-41 fe e1 86 12 85 7b 12 c....q,.A.....{. + 0010 - 40 50 f3 36 12 dd 0d 48-70 bb 57 50 dc 66 f0 ab @P.6...Hp.WP.f.. + 0020 - 9e 52 dc d5 ac e0 f7 c8-c1 36 7e 93 8e 38 3c c7 .R.......6~..8<. + 0030 - 88 43 0e f8 73 99 70 4d-b3 5f 5d 7d d9 18 cd 44 .C..s.pM._]}...D + 0040 - dc 3b 1d ed 6a dd 6d b6-7e 9d 6e 1f 05 0d a2 3b .;..j.m.~.n....; + 0050 - 91 d3 62 73 75 92 af fb-37 b8 a5 a7 50 82 c5 53 ..bsu...7...P..S + 0060 - f8 73 04 cb e5 41 c4 20-66 10 bf a1 9e e8 0d e4 .s...A. f....... + 0070 - 15 04 fa ca e0 7b f9 1c-b0 3d 0c ee ba ae b2 6b .....{...=.....k + 0080 - e2 6d da d1 ad 98 92 94-bc 3f b9 d4 83 7c e9 1a .m.......?...|.. + 0090 - c7 ca f1 9f cd 66 dc 02-6b 63 6f 3d c2 33 5f 33 .....f..kco=.3_3 + 00a0 - 50 70 61 39 6a 12 6d ba-f8 7f 5f a5 ed b8 db a8 Ppa9j.m..._..... + 00b0 - 9e bb bc 76 64 7c db 1f-36 bc 2c ac 56 50 8c a1 ...vd|..6.,.VP.. + 00c0 - a1 8f f8 11 5d d0 54 ad-43 0d 35 71 35 e9 c5 1e ....].T.C.5q5... + + Start Time: 1732736904 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20F05BF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEIKXfF5wN0/kBj5WCVaMmtYOmhL3jfejli8sXihkjeySj +BDC3u0hAZVgVwsksrJPrcXblpZ8F421MREbhgoyCo60W1aJLWa9LtmXzkig8QT46 +n+WhBgIEZ0d3iKIEAgIcIKQGBAQBAAAArgYCBAnut56zAwIBHQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1476 bytes and written 287 bytes +Verification: OK +--- +New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 +Server public key is 2048 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-RSA-AES256-GCM-SHA384 + Session-ID: 4F767E81713BC86C70FC8A8C6A4E8E82A62F531E7886B05C3D1D17A2D4061FF4 + Session-ID-ctx: + Master-Key: 6B3FE6A4D2772724887D2FFB359CABF7502937108C14B91B429B5D6B51BCF25D4238211090DCD525F64C716A71F75C48 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 32 fb 22 ac bb cd fc ed-fe e7 bf bf 4e 88 18 dd 2.".........N... + 0010 - 4a c3 17 d7 30 f5 1f 5e-b3 fa 44 40 f7 f7 55 14 J...0..^..D@..U. + 0020 - b5 75 13 51 62 1f ec 1b-19 ca d8 29 df f4 57 4e .u.Qb......)..WN + 0030 - 49 04 75 83 ff e2 cf d2-6d 7a f4 9d d2 58 4a 4c I.u.....mz...XJL + 0040 - 60 a3 23 80 17 af e8 bf-5c cb 11 8a e8 a8 1e dc `.#.....\....... + 0050 - e7 c7 79 49 94 ec e0 66-8c 93 8a c0 9d fd 92 56 ..yI...f.......V + 0060 - 11 de a5 04 c7 8f 0c 4a-50 76 52 f6 82 0b c1 5f .......JPvR...._ + 0070 - 83 a4 6a 8f 75 de 8c 96-ae 33 cb 44 60 54 4c 59 ..j.u....3.D`TLY + 0080 - be 66 f1 74 b2 10 9a c2-7d 1b ee 4a c2 62 c6 1d .f.t....}..J.b.. + 0090 - fb 0d c6 a3 1a 06 38 d2-7d e6 3d 08 50 80 31 c9 ......8.}.=.P.1. + 00a0 - d7 4d 6d 23 54 37 d3 21-03 df 22 1d bb a1 2f e4 .Mm#T7.!..".../. + + Start Time: 1732736904 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: yes +--- + TLS SUCCESSFUL +20F098F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALAMAQABDBrP+ak0ncnJIh9L/s1nKv3UCk3EIwUuRtCm11rUbzy +XUI4IRCQ3NUl9kxxanH3XEihBgIEZ0d3iKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +HQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 +CIPHER is ECDHE-RSA-AES256-GCM-SHA384 +Secure Renegotiation IS supported + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with explicit TLS 1.3 +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_3 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1391 bytes and written 318 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 2048 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 028E80FAB3F6F2134F536AAC0EC1E89D1BE9EA02E32E08AE3882E5AC7CAF4FC3 + Session-ID-ctx: + Resumption PSK: 39635944832D9A6FA19E887EF9473A69F4676CBB79D34F6930F1472986D9B3C10CD835523BAAD442AA9E11F768C1EB69 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - a6 f4 92 16 7f 0d 8f a5-c7 f3 6a b6 81 67 c2 51 ..........j..g.Q + 0010 - 64 57 08 4a 6c a9 c1 ca-06 ca 16 31 08 33 dc f4 dW.Jl......1.3.. + 0020 - d3 53 49 c0 54 f7 e8 12-43 0f d0 91 6d 75 25 6b .SI.T...C...mu%k + 0030 - 3e f5 c3 16 d8 92 e3 c4-e8 f8 11 ed 0d 54 ff ea >............T.. + 0040 - 39 e4 94 4f 66 9a ef 01-39 78 9e 4e 8e ec d5 9e 9..Of...9x.N.... + 0050 - 64 b4 46 3a 7d 0a 0d 8c-8a d5 81 12 9c e5 2f 67 d.F:}........./g + 0060 - 1b 00 aa 6c 47 c2 a3 f7-f1 bc 08 0d 1c 62 28 9d ...lG........b(. + 0070 - b4 36 fd db cd 94 21 06-d7 e0 3a 2c b0 96 ac 52 .6....!...:,...R + 0080 - 28 8f 1a 17 5d 00 4d 92-1c b1 c2 fe b8 87 10 62 (...].M........b + 0090 - e1 98 a6 94 7c b9 f0 dd-74 14 b0 97 6f 6e 86 d0 ....|...t...on.. + 00a0 - 3f b4 da 39 42 70 3b 91-44 6d 64 1b 5a 29 c0 5b ?..9Bp;.Dmd.Z).[ + 00b0 - 95 04 26 e8 bf 44 f0 f1-9a df c9 21 db 43 69 3e ..&..D.....!.Ci> + 00c0 - 6d 64 f8 65 3f c6 bf 58-92 da 17 e3 6b 29 07 e1 md.e?..X....k).. + + Start Time: 1732736905 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 0EF6A239E477CA32100A87D0B0BF12062BB1BCDB757BAC8593AEC2A7B1669B88 + Session-ID-ctx: + Resumption PSK: 7331DEE5ACFA55B15AAE9C5C8EB7DAEBCEB7C0DADAD6AC1F4B1CE075E02332A9BF72722886AF7795C10CAEF90BFA8BEA + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - a6 f4 92 16 7f 0d 8f a5-c7 f3 6a b6 81 67 c2 51 ..........j..g.Q + 0010 - 39 22 59 37 ce 29 38 2b-4b d7 1b 11 83 b8 40 84 9"Y7.)8+K.....@. + 0020 - 99 d7 4b 99 d1 f2 98 99-01 4d 3f 83 51 dc 68 63 ..K......M?.Q.hc + 0030 - 10 56 7d 7d 2b f7 68 8a-83 8c 25 a5 77 e6 43 43 .V}}+.h...%.w.CC + 0040 - 77 e2 d7 47 d4 21 77 02-30 de 65 61 48 41 dc 06 w..G.!w.0.eaHA.. + 0050 - f7 29 09 d7 63 87 f6 4c-fc 29 7c 14 d1 d6 c9 cd .)..c..L.)|..... + 0060 - 42 e6 71 24 fb bb 52 b1-f5 e7 21 20 9f 0d 0c 96 B.q$..R...! .... + 0070 - 94 33 0d 2b 71 a1 9b cd-f7 d9 68 11 11 65 b8 7d .3.+q.....h..e.} + 0080 - e1 07 e2 82 a2 66 89 81-ac 7d 8d f0 00 59 91 6b .....f...}...Y.k + 0090 - 55 9d 97 4f 33 70 c5 f1-f5 ee 16 fe 0b f2 2e 02 U..O3p.......... + 00a0 - 64 1a 38 37 e9 f2 98 a2-2e 82 15 02 7e 38 cf 41 d.87........~8.A + 00b0 - 76 7c 3a 54 47 8b 2e 7e-c1 d2 3d d0 82 43 37 8c v|:TG..~..=..C7. + 00c0 - 13 36 e4 ed 5d cf df 05-75 33 85 4b da 28 33 1f .6..]...u3.K.(3. + + Start Time: 1732736905 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20B090F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEIDrdhlnVAXf7iDsglO63atUg+ER646npmMwmzCm925pT +BDBzMd7lrPpVsVqunFyOt9rrzrfA2trWrB9LHOB14CMyqb9yciiGr3eVwQyu+Qv6 +i+qhBgIEZ0d3iaIEAgIcIKQGBAQBAAAArgYCBDcvRU+zAwIBHQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 (ECDSA) +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1087 bytes and written 287 bytes +Verification: OK +--- +New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 +Server public key is 256 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 + Session-ID: C10E93744F00366D5D863F1B5DEB78D2D418D10B7890045572767ECE41818744 + Session-ID-ctx: + Master-Key: DECD3512921430C0092A726D9CA673C62108F1D173C77282242CC9E366ED8D9728F000CCDE05CE5657BA016901BC1BF5 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 8c 00 07 08 54 60 7f 74-40 2a c1 62 6f 78 6c e5 ....T`.t@*.boxl. + 0010 - 4a 1e 60 39 00 42 2d 1c-63 a0 e0 1f bd b5 4a 6e J.`9.B-.c.....Jn + 0020 - b8 2c ca 30 e2 e1 68 4a-e8 35 c7 f1 74 aa 50 7e .,.0..hJ.5..t.P~ + 0030 - 3a 44 24 6a d1 2e ce 25-8e 62 c0 f3 8a 34 08 31 :D$j...%.b...4.1 + 0040 - 88 2d 05 63 43 fa 0b 66-ae cb 42 7d ef 06 36 07 .-.cC..f..B}..6. + 0050 - da d7 ca cd f4 79 f0 88-2a 51 1c 69 2d a6 e0 7f .....y..*Q.i-... + 0060 - 13 c5 a7 10 8a ef f6 47-1f 32 71 8b 6a 36 be ab .......G.2q.j6.. + 0070 - f8 36 8c 7d c8 cd 47 b9-28 7b f9 8a 76 6b b5 37 .6.}..G.({..vk.7 + 0080 - 3c 88 f9 81 15 6f 78 e3-47 b8 2a c7 0b 02 c7 98 <....ox.G.*..... + 0090 - ab 11 f1 ff 5b d6 97 b6-b9 ad 2b 04 65 30 e7 82 ....[.....+.e0.. + 00a0 - 0f 32 a7 d5 e7 07 60 6a-e1 71 c2 9a 27 cb 19 a2 .2....`j.q..'... + + Start Time: 1732736905 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: yes +--- + TLS SUCCESSFUL +20C062F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALALAQABDDezTUSkhQwwAkqcm2cpnPGIQjx0XPHcoIkLMnjZu2N +lyjwAMzeBc5WV7oBaQG8G/WhBgIEZ0d3iaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +HQ== +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 +CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 +Secure Renegotiation IS supported +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 and ECDH +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: ECDH, prime256v1, 256 bits +--- +SSL handshake has read 1120 bytes and written 260 bytes +Verification: OK +--- +New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 +Server public key is 256 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 + Session-ID: FB32AC6242AEC5C8D90FDA2F62F151B35FA101E4480C4EAD6E77A7167DE6C7BC + Session-ID-ctx: + Master-Key: 199481CEA6906E3440B5CED5EA0857BB31661049D7EBD937FE4E7D6F76EDB6A819BD97897007049DE0E7F47564EF91C7 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - ae 16 b1 95 ad a2 13 f9-b9 50 8b ff 58 b4 f2 fd .........P..X... + 0010 - ac f0 fe 4d 4f 50 02 80-30 d4 8f ba 53 68 43 7d ...MOP..0...ShC} + 0020 - 9d 68 70 82 f2 f7 3c 38-0f 36 79 cd f4 73 a6 b1 .hp...<8.6y..s.. + 0030 - da 7b e4 84 d0 1f 2d 9e-86 05 06 e5 a1 fb 98 5c .{....-........\ + 0040 - 89 6a 8b 81 ce f6 2d a3-49 33 9d 65 85 0c 65 8e .j....-.I3.e..e. + 0050 - fb 82 dd ce ec 7a f4 1a-8a f4 ea d5 5e a1 2d 84 .....z......^.-. + 0060 - 25 4d 31 75 94 b2 e1 67-e4 af 6a e3 67 88 28 cb %M1u...g..j.g.(. + 0070 - 5f 9a 6e db 45 37 fd 45-64 f9 74 dc b2 7f ea d6 _.n.E7.Ed.t..... + 0080 - 49 6e 52 d4 09 c3 2a df-0f af 48 7f a9 41 1e e9 InR...*...H..A.. + 0090 - 11 8a e1 69 ee 78 59 4f-8b b4 96 5c c7 43 0d 2c ...i.xYO...\.C., + 00a0 - c2 5f 81 cf 7c 02 e6 23-95 48 31 88 a4 1a 48 b5 ._..|..#.H1...H. + + Start Time: 1732736905 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: yes +--- + TLS SUCCESSFUL +20A058F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALAKwQABDAZlIHOppBuNEC1ztXqCFe7MWYQSdfr2Tf+Tn1vdu22 +qBm9l4lwBwSd4Of0dWTvkcehBgIEZ0d3iaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +Fw== +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: secp256r1 +Shared groups: secp256r1 +CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 +Secure Renegotiation IS supported +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.3 and specific suite +spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: ECDH, prime256v1, 256 bits +--- +SSL handshake has read 1061 bytes and written 329 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 8EAE4BAF209AE81D0B3E114967FE3DF92AF61BAD0F0CE785A01E1E85CE8BFF3F + Session-ID-ctx: + Resumption PSK: 3D6E5A613A4BF4237A17C443C6F19C9CEFF0C8E45C69FCBCC0F040237368F55E4740B492C8D43183F61043FCC9C650CD + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 98 46 2d 87 e5 4f 7d 9f-f8 b4 5f a1 9b f2 c7 32 .F-..O}..._....2 + 0010 - fa 6f 4e 84 0c be 57 ea-ca 4c 30 7d f5 58 5f 37 .oN...W..L0}.X_7 + 0020 - ce 40 0a 87 96 e3 91 df-40 7c f2 82 77 dc 9f 3e .@......@|..w..> + 0030 - 30 1a df 88 b5 2e dd bf-cf 18 2a e8 19 26 b6 bd 0.........*..&.. + 0040 - ce 35 5e 4e 54 b3 38 5f-89 c6 d4 f2 43 c2 4d e4 .5^NT.8_....C.M. + 0050 - aa a0 f5 7b c6 d2 7f 4d-46 a0 3d 58 d4 e9 10 2d ...{...MF.=X...- + 0060 - 3b 42 42 01 63 8d 49 29-4e d7 67 96 54 a8 1e 96 ;BB.c.I)N.g.T... + 0070 - 79 ae 34 68 56 d2 73 6e-ec 9a 56 ba c5 9e 4f 66 y.4hV.sn..V...Of + 0080 - ff ba 56 8c 3a fc 1d 86-20 31 2a 53 ed 8a 85 7f ..V.:... 1*S.... + 0090 - d4 71 41 ca 8e 69 87 3c-9a ef 99 f3 62 f1 54 c1 .qA..i.<....b.T. + 00a0 - c2 40 89 19 19 02 61 e0-a2 06 c2 d4 51 5e 4e 94 .@....a.....Q^N. + 00b0 - f1 74 e9 a2 f7 25 c6 97-3a 4c d3 5a 67 fb 2a 78 .t...%..:L.Zg.*x + 00c0 - f7 f0 a6 8e 59 f7 d2 d6-99 61 87 34 b6 1a 7b 25 ....Y....a.4..{% + + Start Time: 1732736906 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 2EE8054AEED4F79D59EBE1A8B23AC5ED99A9C0508E7735EB0483ED78CE3401A1 + Session-ID-ctx: + Resumption PSK: DF61AB05CBE606E9888DC8A9082DED526F1AF881C3047BEE802C376402561D8807F01B4DE253CDAA6CB2340D01D5AA4A + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 98 46 2d 87 e5 4f 7d 9f-f8 b4 5f a1 9b f2 c7 32 .F-..O}..._....2 + 0010 - 2f 75 67 9b a9 30 52 b1-fa 4b b5 ff 64 19 2c ff /ug..0R..K..d.,. + 0020 - 32 3d 2f 2d 3e 3f 39 41-94 e6 de e1 2a 39 40 77 2=/->?9A....*9@w + 0030 - a4 ca 72 5a 64 b2 cc 35-ec aa 61 5b 34 41 8b 42 ..rZd..5..a[4A.B + 0040 - 2a bb cf 15 21 9d 60 18-c8 70 4f 75 75 e2 65 55 *...!.`..pOuu.eU + 0050 - f8 f7 3a 1f d4 c7 7d 64-c2 eb d8 9d db 74 87 9f ..:...}d.....t.. + 0060 - 78 46 7d a7 1f d7 8b 9a-81 7a 1b 3a 80 61 45 f3 xF}......z.:.aE. + 0070 - 7c 2c 54 58 af c2 3c f8-fa e7 d9 52 53 a8 11 45 |,TX..<....RS..E + 0080 - bc 65 8a 9c 1d fb 04 9e-5a 75 29 b0 86 b0 41 36 .e......Zu)...A6 + 0090 - 2c 81 e6 b7 18 60 b4 6b-5a 8e 38 2a 1f b0 84 87 ,....`.kZ.8*.... + 00a0 - f1 96 e1 8a c3 34 d3 16-25 ec c9 ae 2e d7 f7 29 .....4..%......) + 00b0 - a3 db 45 ac 8a 47 f3 46-81 c2 8d 24 b7 49 89 2b ..E..G.F...$.I.+ + 00c0 - 34 da 41 c4 67 74 d9 49-bd 99 d2 f8 db 57 50 e6 4.A.gt.I.....WP. + + Start Time: 1732736906 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20409CF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEIDbvbe0orQIl1vyZ5Xaz5t79GYQohYF5tHffDuYPHoVk +BDDfYasFy+YG6YiNyKkILe1Sbxr4gcMEe+6ALDdkAlYdiAfwG03iU82qbLI0DQHV +qkqhBgIEZ0d3iqIEAgIcIKQGBAQBAAAArgYCBGhUiJazAwIBFw== +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:TLS_AES_256_GCM_SHA384 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Supported groups: secp256r1 +Shared groups: secp256r1 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + + ## +######################################## + +######################################## +## Forcing the provider for all server operations + + +## Run sanity test with default values (RSA) +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1391 bytes and written 388 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 2048 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: DD2F6B78FD8E09F235F5BA7447C5A4817EF409DBB3A39C2AEE722093EDDD1D88 + Session-ID-ctx: + Resumption PSK: 28D728AE6032510FE797F26157AF2963D4810FC189EC08A647CDAA810190586164F19077309EC288E55979C9C3E4B582 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 7a 4f 88 67 29 12 2a ed-08 45 38 8f 5a a5 c5 7a zO.g).*..E8.Z..z + 0010 - 73 aa ce 15 75 b1 c9 53-30 1f 96 66 99 c3 81 3e s...u..S0..f...> + 0020 - d3 2f 02 1e 7f 7a 95 9d-de 8a 87 a2 a2 0f 68 dd ./...z........h. + 0030 - 8e 42 d0 ee c8 90 d5 ac-7a 26 07 fc b9 16 7a 3f .B......z&....z? + 0040 - e5 60 e7 22 e0 0a 95 68-9f 58 e6 8d 8e 75 32 8b .`."...h.X...u2. + 0050 - c2 a0 2d 7f 89 c2 09 f9-5a 57 99 14 eb c0 bd d4 ..-.....ZW...... + 0060 - 72 5e e8 55 4d 20 6e 16-90 72 48 bc 00 02 3b 7c r^.UM n..rH...;| + 0070 - d5 4d b6 58 97 d8 d1 8b-47 02 af 86 50 13 f2 6c .M.X....G...P..l + 0080 - 7c 7c 9a 79 38 0e c8 cd-cc b9 cc 7f 79 60 40 3c ||.y8.......y`@< + 0090 - 18 d7 4a da bb ba b7 90-8f 2f e3 7d 0f 65 72 b3 ..J....../.}.er. + 00a0 - 7e 1d 12 2e 17 d5 8e 55-74 9c 59 9c de 62 63 66 ~......Ut.Y..bcf + 00b0 - 11 2a 6a 51 61 48 f5 3d-78 43 1f 41 25 83 4f 39 .*jQaH.=xC.A%.O9 + 00c0 - 3e b6 eb b3 e8 bb 70 23-53 cc 55 f4 a6 a1 e6 92 >.....p#S.U..... + + Start Time: 1732736906 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 90414F1470E727224D639499D99EBDF109388D69460BD18436C40959EB39499D + Session-ID-ctx: + Resumption PSK: A986CE9C77D6F0ACDBB49EEFD0BBF744C938DFA89EF939B89A823487591AF6CFA0D4C5E6C4E75058D6605EE3D911EC6B + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 7a 4f 88 67 29 12 2a ed-08 45 38 8f 5a a5 c5 7a zO.g).*..E8.Z..z + 0010 - db 9c 64 f2 17 d4 54 8e-1a 02 74 93 7a ea 5d 74 ..d...T...t.z.]t + 0020 - c1 5d fc d2 23 7d 25 53-04 73 bd fe 5e 70 ac cc .]..#}%S.s..^p.. + 0030 - c3 5d 4a d2 bf f6 ab 83-cf 18 a9 82 31 b7 a1 fd .]J.........1... + 0040 - f7 0f 3a aa a4 d7 62 18-ba c1 1a c4 fc 8a 7a fd ..:...b.......z. + 0050 - f0 7c 8e f2 8c 02 07 df-1a c0 46 a2 9a 81 45 26 .|........F...E& + 0060 - dd 61 f8 07 2a 67 1c 61-e8 ef 42 2c 38 72 b0 dd .a..*g.a..B,8r.. + 0070 - 35 0c 98 33 f9 e8 8f e7-75 9c a8 72 07 bb 5c 52 5..3....u..r..\R + 0080 - dd eb d4 53 de 09 7d 28-c3 d1 06 48 12 e9 eb c9 ...S..}(...H.... + 0090 - 66 cf 0f bb d4 7f 80 38-58 be e6 e7 35 52 27 b4 f......8X...5R'. + 00a0 - e7 94 cd d6 c1 4c 8d d5-6c 5b 37 a8 05 28 5c b7 .....L..l[7..(\. + 00b0 - bf c0 76 5a 7d 86 6f 27-fc ad 46 51 3e 33 95 b0 ..vZ}.o'..FQ>3.. + 00c0 - 00 5a 04 c3 24 e3 8e 39-59 1e 65 d0 38 c7 b2 95 .Z..$..9Y.e.8... + + Start Time: 1732736906 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20C02BF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEIBk9d82zXG4uz/OAelcoFKB1ubBjLujwMo4H0hibffhL +BDCphs6cd9bwrNu0nu/Qu/dEyTjfqJ75ObiagjSHWRr2z6DUxebE51BY1mBe49kR +7GuhBgIEZ0d3iqIEAgIcIKQGBAQBAAAArgYCBFHRnxazAwIBHQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 TLS SUCCESSFUL +Q + +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run sanity test with default values (ECDSA) +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify error:num=1:unspecified certificate verification error +verify return:1 +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1000 bytes and written 388 bytes +Verification error: unspecified certificate verification error +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 1 (unspecified certificate verification error) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 6143ACEE12183F7483A92598AB7E4C904D8E4EF10F24912DB5A2F0305BA6E1BB + Session-ID-ctx: + Resumption PSK: A599434719D4A44A0B8E47F1D6F1A39C0C5E47741B26E68FB8E979EBA213AA15BF86921EDB06220A7C302DB3AAB04C4E + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 6c 2c 7d b7 f4 71 9e 77-10 3f a9 c7 02 19 9e bc l,}..q.w.?...... + 0010 - f2 47 0c 11 d7 6d c7 16-ec eb 74 64 94 92 6f 37 .G...m....td..o7 + 0020 - 8c 3b 75 77 50 07 e2 b2-04 64 72 b5 c3 ce 61 e2 .;uwP....dr...a. + 0030 - 91 9a 34 41 0c 6b 18 0b-af 78 2c 90 2f 94 0b 64 ..4A.k...x,./..d + 0040 - a3 b7 29 27 bd f4 52 46-95 16 fd 95 68 92 a2 f9 ..)'..RF....h... + 0050 - c4 7e da dc 79 ad da f2-26 b1 49 be d7 7a 7f 54 .~..y...&.I..z.T + 0060 - 50 58 15 7d cb b2 47 6f-3d 94 84 6d 7b 30 66 62 PX.}..Go=..m{0fb + 0070 - c8 76 a5 81 ab e4 d9 cc-1d bf 79 80 33 0f 3a f9 .v........y.3.:. + 0080 - 27 f9 8c 7a 99 88 e8 99-c2 de 00 59 ea 4f 3d 25 '..z.......Y.O=% + 0090 - 3b fe de 96 82 d6 1f c2-4d f7 56 51 f3 f3 e2 ca ;.......M.VQ.... + 00a0 - 80 98 7e 11 cc 82 04 c3-0e df a7 29 c9 0e 81 d9 ..~........).... + 00b0 - 54 5b 5d 5a 48 cb 67 a1-12 0d 53 97 06 26 97 c7 T[]ZH.g...S..&.. + 00c0 - 0c 93 c4 cf ee e8 90 b2-93 ef 6c 50 8a dc 28 76 ..........lP..(v + + Start Time: 1732736907 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: A356C3FE9F975D321E959537FD281EC08EEFB915E647F8E756C2987D50DBBBC8 + Session-ID-ctx: + Resumption PSK: 7C8025A557959A42E56F0F16047742D76B98D455009936D78496EAED5F7B1D50239F9D788B9FF46A208ADA3A0A92F639 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 6c 2c 7d b7 f4 71 9e 77-10 3f a9 c7 02 19 9e bc l,}..q.w.?...... + 0010 - e3 e0 98 44 cd bb 08 f5-ea 86 bc b1 40 7e ab 9d ...D........@~.. + 0020 - 7a cc d0 6f 4e 1a 3a b2-c0 93 3f c9 49 b0 20 12 z..oN.:...?.I. . + 0030 - ea e7 f9 bb b8 27 27 d6-f4 36 50 79 f8 6f 1e b3 .....''..6Py.o.. + 0040 - c0 42 d5 a6 53 93 5c 4c-8a 5c a2 99 fd bc 9b a3 .B..S.\L.\...... + 0050 - bd 11 65 76 70 ff fc e9-87 42 e2 0e e3 e4 4c 7e ..evp....B....L~ + 0060 - 80 b0 1f c2 61 79 67 99-5a d3 eb ca 49 c4 28 71 ....ayg.Z...I.(q + 0070 - 94 06 0d 02 de b9 6b d2-cc 84 9f c0 15 ff 64 f9 ......k.......d. + 0080 - fa ae c3 95 6b df 7b 59-fb 43 28 14 f4 59 e7 cd ....k.{Y.C(..Y.. + 0090 - f4 c4 22 d7 d8 9c ce 13-43 8b 2e dc 2e 83 cb 56 ..".....C......V + 00a0 - e5 ab 4c 9c 0c a2 bb 6a-5f 59 f7 de 0d 85 b7 20 ..L....j_Y..... + 00b0 - df 32 bb f0 03 e3 64 84-1e 12 60 08 69 53 5c 69 .2....d...`.iS\i + 00c0 - 30 a2 8f 74 52 5e fe b9-2c 3c 40 73 76 7c 4c d2 0..tR^..,<@sv|L. + + Start Time: 1732736907 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20403FF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGDAgEBAgIDBAQCEwIEIOYxkZbcUj4Mkodc3gjXkr+8GQOzJnvC2ToBOSPq7NSh +BDB8gCWlV5WaQuVvDxYEd0LXa5jUVQCZNteElurtX3sdUCOfnXiLn/RqIIraOgqS +9jmhBgIEZ0d3i6IEAgIcIKQGBAQBAAAArgcCBQCuN9kNswMCAR0= +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run sanity test with default values (EdDSA) +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My ED25519 Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My ED25519 Cert + i:CN=Issuer + a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:24 2024 GMT; NotAfter: Nov 27 19:47:24 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzI0WhcNMjUxMTI3MTk0NzI0WjA0MRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl +cAMhAHwXGNquYL3/EgRHfNoUbsyhcO0y9XHi8AI4/D47I8XZo4GBMH8wDAYDVR0T +AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B +Af8EBAMCB4AwHQYDVR0OBBYEFHPBqLiPEfsIAzJluWVYVwZOFDnHMB8GA1UdIwQY +MBaAFKvWpG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQBS0B1O +/JY4dX5vGfUjuC1MVJoWlhmW5h6+XwmyLZDdUCU1EFnN/28IlbGX8tksYstoFZx8 +kuu9tkygrIlZwkXT2GuXEioSBmZh1mqbv1STxo2sLxaaVqELSPYhvl7nuwBtI6AH +aBnmtD55jOq4MVcz5sSCS58dzailSpyq218vAXir/GALazd7wlpWw7n5DYqPffPj +aCCG+mWTpvk4LU0O48CGu+Fu34KxM7XGnZ4HrqJvyW8cAiMKFwiGDu8AlTS5woQY +9Xog1XflLb14WR5N/CEZxxxQCp5eRjdyDVA/EYGdOS8t/zq7Jf5yrDE6ZqHpJMBn +esDYCVY+SYIV6KCK +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My ED25519 Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signature type: Ed25519 +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 952 bytes and written 388 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 809A256C06EFFAAB44E715C6DCF3EDA29C3996372B054F02E3D97F0DAE249D02 + Session-ID-ctx: + Resumption PSK: 283ED0B9E5CF8FF69229FE51D50A84768251C717A8F177D4F37A8ACC37DA0AFE72999805AF04757BB23FA98EFD9B23A2 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - d7 c2 b6 bf 9d 8e da 0e-69 0f 0a bb 8a fc 9c 5d ........i......] + 0010 - 44 ca 13 1e 46 a7 6c bc-f1 54 ef f4 78 a0 14 f0 D...F.l..T..x... + 0020 - 5c 55 b8 4f 7f 32 64 55-c2 d2 02 27 e2 96 60 30 \U.O.2dU...'..`0 + 0030 - af 90 41 c0 28 8d c6 70-06 66 e2 16 33 ee e7 68 ..A.(..p.f..3..h + 0040 - c3 30 b0 63 19 18 fb c7-e0 a9 3d 6d ef b8 96 72 .0.c......=m...r + 0050 - 00 c2 6a 50 e9 e6 79 d8-b6 57 4f 3a 9b 78 c5 9f ..jP..y..WO:.x.. + 0060 - b9 12 78 a4 06 a9 09 6d-2c 67 13 fc 89 08 6b 08 ..x....m,g....k. + 0070 - 2e 8d 57 90 d7 59 ac e2-6a dd 27 35 71 25 ea 11 ..W..Y..j.'5q%.. + 0080 - 60 63 b8 f7 33 9a b0 5d-fc 46 20 d8 95 72 14 d1 `c..3..].F ..r.. + 0090 - 98 ea 07 a0 cd 8a da a1-7b ad 03 f0 f2 4b 4b 09 ........{....KK. + 00a0 - 29 43 c6 0e c5 46 7f 44-fd c9 39 0d 2f 76 ca c8 )C...F.D..9./v.. + 00b0 - 0a 47 8f b5 21 85 d1 49-bf a3 0a 47 a2 46 8f 29 .G..!..I...G.F.) + 00c0 - 63 bf 7a ab 06 3a 8b ac-17 ad b3 c6 90 71 2f 1b c.z..:.......q/. + + Start Time: 1732736908 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 1089EDABA7191472E91BBE8913DB17003E50C4120187766023FB43F3534086E5 + Session-ID-ctx: + Resumption PSK: 84A48D253A2768AD55EDF76F6B0F18FA865B2F7D5A2BAB453EEB929F10F34EC26515DA5125FB34E331CAC998DBADF91E + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - d7 c2 b6 bf 9d 8e da 0e-69 0f 0a bb 8a fc 9c 5d ........i......] + 0010 - 4d 90 e6 32 85 e8 f0 d0-9f 63 0b 41 ee 28 75 dd M..2.....c.A.(u. + 0020 - d1 fa 1d a3 14 b3 67 03-93 82 8a 82 a8 36 b9 1a ......g......6.. + 0030 - df 37 2b 87 20 f1 e1 88-b7 68 4f c7 f7 89 ee 80 .7+. ....hO..... + 0040 - 24 d4 10 40 26 99 8d 11-8a cd 4d 54 56 11 9b f8 $..@&.....MTV... + 0050 - f3 8e d6 90 d2 c8 ea 26-6e f3 6d 1e ea 4e 47 60 .......&n.m..NG` + 0060 - b9 84 b5 75 f7 48 6d 29-e3 d5 1f 0e 39 cb 04 02 ...u.Hm)....9... + 0070 - 5a a3 c6 3c 9b 80 ee 9b-ba 3a 0f 30 9e 2c 78 bd Z..<.....:.0.,x. + 0080 - 66 4f 2c c0 58 15 c9 55-00 91 b4 97 e7 a7 58 86 fO,.X..U......X. + 0090 - c5 54 44 ed bf 66 bd 50-b6 a4 4a 08 8d d9 02 f6 .TD..f.P..J..... + 00a0 - 5e 68 b1 2b cb d6 9f 4a-a4 f0 60 88 7e e7 58 4e ^h.+...J..`.~.XN + 00b0 - 6f bc 61 b9 bd 4b f0 d1-a4 7e d3 b1 fd 90 66 c0 o.a..K...~....f. + 00c0 - ab e2 cf c3 61 01 cb 84-50 5b c1 0f d3 7c 76 5d ....a...P[...|v] + + Start Time: 1732736908 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +208079F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGDAgEBAgIDBAQCEwIEICUpP3GnlDiepSB7Na8gg5oku1wd13NQgazdlkg+wxP8 +BDCEpI0lOidorVXt929rDxj6hlsvfVorq0U+65KfEPNOwmUV2lEl+zTjMcrJmNut ++R6hBgIEZ0d3jKIEAgIcIKQGBAQBAAAArgcCBQCVaSmeswMCAR0= +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1476 bytes and written 287 bytes +Verification: OK +--- +New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 +Server public key is 2048 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-RSA-AES256-GCM-SHA384 + Session-ID: FEAA03FC3B53C69C36F627FC8C5DBD9F5915BC2333B1F3377B0E4FFEAC40E6FE + Session-ID-ctx: + Master-Key: A1C68E58AEE11E6769E9B8092DBEBB8B0E38C90BB66437EA6539A9788E1C3CC874608BD3BFCDA6542989F9CA76065946 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 71 1c b0 f8 8b 8f c3 cd-fc fd 8c d3 d8 10 21 a6 q.............!. + 0010 - 1c 21 7b 3c d9 b9 55 ea-3b f3 53 6c e6 82 75 12 .!{<..U.;.Sl..u. + 0020 - 9b d4 77 b9 6c 5a 8e 3c-69 65 d2 33 d6 d6 e6 04 ..w.lZ....x.. + 0050 - 04 ac 72 88 d5 7b 86 10-d2 5f 3c b1 d6 26 da 1f ..r..{..._<..&.. + 0060 - 09 31 8d 07 31 01 e8 82-ce c8 3d e2 97 23 b0 9d .1..1.....=..#.. + 0070 - 09 e4 ba 3f 56 f8 b8 3f-8f 65 f6 69 f5 bd 34 d7 ...?V..?.e.i..4. + 0080 - 31 2a 7c 50 6d 7f 9f fa-21 5c cb 1c e2 13 f5 53 1*|Pm...!\.....S + 0090 - 7c c8 b3 b9 ed 3f d1 96-43 5f e8 44 0e a0 f0 35 |....?..C_.D...5 + 00a0 - bc 24 88 7b 8f f8 03 4e-e7 12 df b6 0b a8 c7 eb .$.{...N........ + + Start Time: 1732736908 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: yes +--- + TLS SUCCESSFUL +2060A9F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALAMAQABDChxo5YruEeZ2npuAktvruLDjjJC7ZkN+plOal4jhw8 +yHRgi9O/zaZUKYn5ynYGWUahBgIEZ0d3jKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +HQ== +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 +CIPHER is ECDHE-RSA-AES256-GCM-SHA384 +Secure Renegotiation IS supported +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with explicit TLS 1.3 +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_3 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My Test Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My Test Cert + i:CN=Issuer + a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAxMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOBTOSE+M8maIIra3gTDut4tPQ2TliQDB3qK +YhsHBDGW/oXJsDydIUjmLnOwhERwpUHaIX475rHOJFvcQt6K4lclgVaUQjA0Zfda +QxMEg3vv8Ou3RuwQcQTVZRi74iSmkyZZaF6lu6tBclQr+MCQ2CrQiDCPIBDC18gL +DB3GQLxqkmoFYTlYAYTCPyKUNq9PRJYJSQU5xibS7Bkc1KY0GiOxO7S4/ckRi8As +h25kjEHjLPnRItMJ/ZisoDTBJESgv+6xED13ujgYI/2ZERu6RQhS9fn1+UAU3eTe +rNHo1VXQAyoGC1vJUUOJmQ73JUraIeQMtDaPNe28KQPUNoQVY6sCAwEAAaOBgTB/ +MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQfAG2bWnoI8vgY6Ebq0XuEIBGENDAf +BgNVHSMEGDAWgBSr1qRvT1Z2SH1eRQBEjbOt1Ppt+DANBgkqhkiG9w0BAQsFAAOC +AQEAg/2Gjtz0cSyNHWaOttqLBB4bEct48OSIFW4djOZOrEKL9KurXJkWKbXG1pFQ +ycym9Vf/wnmlHJfUe2s78k5E7JiW3L6kZbNjOHJ5PEwnDF2okbcrfin9+sC66k6f +qJWHJSs781yIjd9tkGe2RX/c/LGcJcX8t4yYy2ZfPHd4nODbzJ4wtn35gvb+Jc14 +PtE9zrJS34d9CimhrR7FXO/nmtvzpEbBiQq3BMKBfcEDWX+d4clIejOf7ZddIwo0 +A08vGQ6YekzD8wqN0YjMO2pBveAjlLAVl8aqUTCL2GzZgcEw+vOCQtZUJXr064w3 +z07G7E+Nt6dew+jeXhB+T5f7hw== +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My Test Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: RSA-PSS +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1391 bytes and written 318 bytes +Verification: OK +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 2048 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 0 (ok) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 11A2E4D67C2837234D9699211F6782DDE3EAF643C2F00385CDA3321DCBCB0036 + Session-ID-ctx: + Resumption PSK: BE85B007E887C4779289EB71A78389BEFD968F3C81944F7D80F0C44452976C27EF08DB93D0ECF92AB235A8A3FA4745CE + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 6a 82 57 22 2a 54 5a f1-f7 a5 d2 c2 c4 c6 0b 4e j.W"*TZ........N + 0010 - 81 a5 cf ed 43 7b d7 54-8f 23 30 26 97 df 81 06 ....C{.T.#0&.... + 0020 - 98 16 36 2a c1 d1 83 4a-f4 d0 57 d6 c2 59 51 1d ..6*...J..W..YQ. + 0030 - 45 52 a6 07 0b 2f 5f da-50 15 33 b2 ff ec ce 9e ER.../_.P.3..... + 0040 - 2d 60 e1 c6 0f 72 75 02-29 bb 60 34 de c5 3e 42 -`...ru.).`4..>B + 0050 - 5d 19 a1 3e 32 09 ec 91-29 21 81 e4 2c 7b 0d 49 ]..>2...)!..,{.I + 0060 - f7 12 1f 67 cd 4e ea e1-9d b7 f3 6e 8c 02 68 4f ...g.N.....n..hO + 0070 - e5 8c 5c 53 31 b7 47 61-82 44 8a 0c 32 8a 07 54 ..\S1.Ga.D..2..T + 0080 - a2 21 56 72 d3 e4 43 18-83 f6 70 a9 d0 0e 12 92 .!Vr..C...p..... + 0090 - 1f 3c 01 36 f1 4f fc b5-b9 7c 72 8a 19 36 80 30 .<.6.O...|r..6.0 + 00a0 - b9 5e 0a da a6 74 4c d4-f9 5d 48 bf 1b 03 36 ea .^...tL..]H...6. + 00b0 - 12 e4 d6 3f 32 70 46 2d-f0 24 12 81 24 0e 13 c1 ...?2pF-.$..$... + 00c0 - 17 7d 60 36 89 14 1d ee-33 e2 42 e0 35 39 5d 47 .}`6....3.B.59]G + + Start Time: 1732736909 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: A46779C3431805C78CAD0F14C1DD1FAF3B6F86B3B4378DBA51823A82F85F5DA2 + Session-ID-ctx: + Resumption PSK: E5BE7C1F80EF22B9C68E9CF57A1A1F54B288EBCA9F2DE673AD752ECFFDB109AD8D5DB32046AEB1EF60B57EF699264B26 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 6a 82 57 22 2a 54 5a f1-f7 a5 d2 c2 c4 c6 0b 4e j.W"*TZ........N + 0010 - 4c 8b 6e b9 b9 ff 4f ed-80 08 13 9b e2 cf 1e 92 L.n...O......... + 0020 - 05 e1 11 c4 69 8e 90 ae-a1 0b dc 6c aa b9 d4 cc ....i......l.... + 0030 - d1 0b 36 fe bc 51 38 42-f4 93 63 7e 52 df 00 52 ..6..Q8B..c~R..R + 0040 - 0e 83 0d ff 78 20 3e 48-81 9e a7 b5 e5 b0 5f 65 ....x >H......_e + 0050 - 4f 49 ee c1 2c 32 40 1f-68 93 64 62 fc 4c a8 96 OI..,2@.h.db.L.. + 0060 - 8a 8e 5f 5c cb 52 62 1b-36 4c f6 8b 42 bd cb 79 .._\.Rb.6L..B..y + 0070 - 4d bf be 06 bb 4b 4f cb-d4 b9 8a df 7d b5 53 41 M....KO.....}.SA + 0080 - f2 6c a2 22 c5 4b c1 a8-ac a0 fd 37 87 a0 34 73 .l.".K.....7..4s + 0090 - a7 28 44 26 8d ae 2f a3-0e 72 c5 95 47 c1 48 29 .(D&../..r..G.H) + 00a0 - be 6b f1 47 60 d9 d1 c1-49 0b 53 02 0a f6 8a ed .k.G`...I.S..... + 00b0 - 89 ac 7e 6e ec 10 40 11-c8 a6 a6 29 96 e9 17 a2 ..~n..@....).... + 00c0 - c6 a8 48 ee 4b 06 a6 68-05 03 c0 57 d9 c9 1c 78 ..H.K..h...W...x + + Start Time: 1732736909 + Timeout : 7200 (sec) + Verify return code: 0 (ok) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +20D030F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGDAgEBAgIDBAQCEwIEIDJLtzOYvZztXgkC1omRPFkvMmnPQvmd8namy5fFiiWj +BDDlvnwfgO8iucaOnPV6Gh9Usojryp8t5nOtdS7P/bEJrY1dsyBGrrHvYLV+9pkm +SyahBgIEZ0d3jaIEAgIcIKQGBAQBAAAArgcCBQCo338wswMCAR0= +-----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL +Q + +Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 (ECDSA) +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify error:num=1:unspecified certificate verification error +verify return:1 +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: X25519, 253 bits +--- +SSL handshake has read 1086 bytes and written 287 bytes +Verification error: unspecified certificate verification error +--- +New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 +Server public key is 256 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 + Session-ID: EDB72FF9166038B1D085057913F2993F40B38A5FC009AEC34D44E20B091D8B1F + Session-ID-ctx: + Master-Key: 597272FB9AAB22C225FA2FE2A958656B15F0A650EB5B19C8BF5D313453F1F68B761183B6772442CCFCB6F6A8F0889BE7 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 3e a5 20 6e 5f c0 5c 4e-cb 9a 49 23 57 ad e2 25 >. n_.\N..I#W..% + 0010 - 34 1b 6a 16 33 1b 51 e1-8f 94 50 37 83 16 e4 83 4.j.3.Q...P7.... + 0020 - cc 62 5a 96 9d d6 54 ec-4f 2a e4 7f 71 db 55 c2 .bZ...T.O*..q.U. + 0030 - 13 ae 0e 84 3d b1 e7 87-b8 19 f6 d9 33 22 86 f9 ....=.......3".. + 0040 - a2 71 cc 11 41 81 2f 3e-84 d9 53 8b 5e 42 63 75 .q..A./>..S.^Bcu + 0050 - a2 6e 90 58 ab 21 14 75-4d 72 cf 91 a1 81 c5 1e .n.X.!.uMr...... + 0060 - 39 92 1d 98 da 0b ed 67-51 1b 56 21 59 b6 7a c6 9......gQ.V!Y.z. + 0070 - 71 36 ae c7 56 e8 88 fb-1d 47 08 74 e2 ab c1 48 q6..V....G.t...H + 0080 - fc e1 a0 02 0e 8a 36 3f-67 04 6e 67 1d 64 05 66 ......6?g.ng.d.f + 0090 - 9d 56 96 19 e5 8a e1 8f-c5 0e bc 8b c5 91 f2 93 .V.............. + 00a0 - d8 42 1d dd 1d 2d 6a 1c-7c de 1c 3e f3 e7 43 05 .B...-j.|..>..C. + + Start Time: 1732736909 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: yes +--- + TLS SUCCESSFUL +209050F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALALAQABDBZcnL7mqsiwiX6L+KpWGVrFfCmUOtbGci/XTE0U/H2 +i3YRg7Z3JELM/Lb2qPCIm+ehBgIEZ0d3jaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +HQ== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 +Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 +CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 +Secure Renegotiation IS supported + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.2 and ECDH +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify error:num=1:unspecified certificate verification error +verify return:1 +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: ECDH, prime256v1, 256 bits +--- +SSL handshake has read 1119 bytes and written 260 bytes +Verification error: unspecified certificate verification error +--- +New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 +Server public key is 256 bit +Secure Renegotiation IS supported +Compression: NONE +Expansion: NONE +No ALPN negotiated +SSL-Session: + Protocol : TLSv1.2 + Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 + Session-ID: CC35CE69E40ED6A20F73638741D586E59292A2AEEED5B68B42DDD661D3ABAAE6 + Session-ID-ctx: + Master-Key: 54CC6674D23F2BD6EEF74BF12F05CC9E8C168EDA9E53787D96EBA8A3C052C1F864882CC56F55C8248B48518232E17849 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 00 69 8d 57 ae 9a e6 00-26 1d 9f d6 14 14 0c 77 .i.W....&......w + 0010 - 78 7b f4 be ab a7 72 4e-d6 73 1b 3a dc 7b 36 00 x{....rN.s.:.{6. + 0020 - db 1f ba e4 2f e9 d4 e5-b7 3a 55 ab 56 16 00 cb ..../....:U.V... + 0030 - 1a 3e 6f 8b 3a 00 2f 66-72 81 61 a8 1c f6 73 31 .>o.:./fr.a...s1 + 0040 - 44 df fa be 8b ac 21 09-7b bd b5 26 a3 94 fe 81 D.....!.{..&.... + 0050 - f3 56 74 dc f3 e6 0b df-a5 4d ed 15 47 2c 36 d1 .Vt......M..G,6. + 0060 - 89 0a 86 9e 0a 51 ab 24-e0 db c3 cd 52 b4 ad 07 .....Q.$....R... + 0070 - 26 36 f2 a6 a0 29 5c a8-75 35 bc 56 4c f7 17 5a &6...)\.u5.VL..Z + 0080 - 2a 47 bc 60 65 7e a0 63-4f 57 1c b3 6e d0 67 14 *G.`e~.cOW..n.g. + 0090 - 60 a9 8b 10 56 cd ec 3c-36 76 aa 34 ff 22 05 b0 `...V..<6v.4.".. + 00a0 - 1a 6c f8 f5 da be bd 54-9a c6 10 c5 b4 1b 95 d6 .l.....T........ + + Start Time: 1732736910 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: yes +--- + TLS SUCCESSFUL +20B06EF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MF8CAQECAgMDBALAKwQABDBUzGZ00j8r1u73S/EvBcyejBaO2p5TeH2W66ijwFLB ++GSILMVvVcgki0hRgjLheEmhBgIEZ0d3jqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB +Fw== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 +Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 +Supported groups: secp256r1 +Shared groups: secp256r1 +CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 +Secure Renegotiation IS supported + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + +## Run test with TLS 1.3 and specific suite +spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests/softhsm/CAcert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 +Connecting to 127.0.0.1 +CONNECTED(00000005) +Can't use SSL_get_servername +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify error:num=1:unspecified certificate verification error +verify return:1 +depth=1 CN=Issuer +verify return:1 +depth=0 O=PKCS11 Provider, CN=My EC Cert +verify return:1 +--- +Certificate chain + 0 s:O=PKCS11 Provider, CN=My EC Cert + i:CN=Issuer + a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 + v:NotBefore: Nov 27 19:47:23 2024 GMT; NotAfter: Nov 27 19:47:23 2025 GMT +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 +ZXIwHhcNMjQxMTI3MTk0NzIzWhcNMjUxMTI3MTk0NzIzWjAvMRgwFgYDVQQKEw9Q +S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT0RZEqleAwYt4FGky70w48q6C0O0HJ0E4fr9tEOHh332YD +2FiC7M+IIKVXRiuDrRjzgn/DPf2wqUzxMgUh8aAVo4GBMH8wDAYDVR0TAQH/BAIw +ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC +B4AwHQYDVR0OBBYEFE8ZvwyfDlC3gcPsvksRRytdHkVxMB8GA1UdIwQYMBaAFKvW +pG9PVnZIfV5FAESNs63U+m34MA0GCSqGSIb3DQEBCwUAA4IBAQCtpL798exwF3R0 +J+yM5mOJJnj1jR/uUrDXyz2pmaSv1wWxSNajVDu+7KgxsH+/eTv6FlRMwgDnGn0V +uJ31V/dyuzyvXLk+a7uEImxs+al6yK15HjCLAavr9dwXglhJ4GUN2t1JUMcEIEF4 +RshrLBIp2xVnq+6PBtsY6SYY9YXE0BEBM7GkAK6UVrSWZTxP5+Rcv5e/eDqsVifp +SCakrKehIQeJgxSavpbKzMBT2bA4Xidyit/02qkhG9YPlj7ds3us1jeCd3JxtZKP +p9Itw9bsfEcnhvLUPHaJRnpSFiamFB5fyQQkAFC6Jg++Yo3Vl7Z+h8Q0bJ2u/vgo +Kw6cA79M +-----END CERTIFICATE----- +subject=O=PKCS11 Provider, CN=My EC Cert +issuer=CN=Issuer +--- +No client certificate CA names sent +Peer signing digest: SHA256 +Peer signature type: ECDSA +Server Temp Key: ECDH, prime256v1, 256 bits +--- +SSL handshake has read 1059 bytes and written 329 bytes +Verification error: unspecified certificate verification error +--- +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 +Server public key is 256 bit +This TLS version forbids renegotiation. +Compression: NONE +Expansion: NONE +No ALPN negotiated +Early data was not sent +Verify return code: 1 (unspecified certificate verification error) +--- +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: B22E479CEBEA5EB756801D7014DEF946EDA528951ED633E92507A04C82E52FD1 + Session-ID-ctx: + Resumption PSK: 6BCFF69593B114737F7D470ADE29B71494B00F4FFBEB41A017BEB24A608D470E7069A2EEABDE79BC834FAD2941BC1947 + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 08 be 72 34 1f 39 0d 3a-cb b2 9f 5d 47 2f 4f 38 ..r4.9.:...]G/O8 + 0010 - 9d 3d 9e 7f b0 3f 7a ef-f3 9d 58 cf 7b ab 98 09 .=...?z...X.{... + 0020 - bc 70 ce 9b 80 d2 8f 51-ea 13 f7 c9 87 44 4f 9c .p.....Q.....DO. + 0030 - 55 d9 e9 f1 e7 3e 97 4c-2a 7c 9c 2e 19 dc 6b bc U....>.L*|....k. + 0040 - 2e b3 2a 34 41 da a0 e1-20 0e 98 a2 92 75 f3 b1 ..*4A... ....u.. + 0050 - 8c a4 ad 89 43 b7 be 26-62 79 4f b8 69 4d fd 76 ....C..&byO.iM.v + 0060 - 08 3f 5c 5d 36 31 95 5f-b5 f4 88 51 45 37 24 0a .?\]61._...QE7$. + 0070 - fc 9d 40 b0 87 15 d3 16-58 47 67 a4 7c b2 81 23 ..@.....XGg.|..# + 0080 - f9 74 9f 8d c3 0d a9 a4-13 19 e0 30 9b 44 ad 2f .t.........0.D./ + 0090 - 37 3c d7 1f 31 66 ff c1-4d 40 7e b9 45 cf 16 76 7<..1f..M@~.E..v + 00a0 - 93 e6 d7 bb 05 50 98 0a-ab 2f 93 bf 87 17 49 a6 .....P.../....I. + 00b0 - 75 42 5d 93 47 b8 f1 5f-a7 09 18 32 fa d2 9e b8 uB].G.._...2.... + 00c0 - d5 cd 7e 76 76 08 f7 c9-cb ea ea 9b ff 5c 3e 6a ..~vv........\>j + + Start Time: 1732736911 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK +--- +Post-Handshake New Session Ticket arrived: +SSL-Session: + Protocol : TLSv1.3 + Cipher : TLS_AES_256_GCM_SHA384 + Session-ID: 5487E4AF18D89F922082D02F03B325AB080C789DD9788E16C648E8789C3921F7 + Session-ID-ctx: + Resumption PSK: DA5D49ACB60D5DE63E787E140CE01FD582CC7152C41CB9F399584CD83C5AB4D385DD27A00C20699BD120AAB89AA081DD + PSK identity: None + PSK identity hint: None + SRP username: None + TLS session ticket lifetime hint: 7200 (seconds) + TLS session ticket: + 0000 - 08 be 72 34 1f 39 0d 3a-cb b2 9f 5d 47 2f 4f 38 ..r4.9.:...]G/O8 + 0010 - 67 21 9d e5 95 a1 9e d6-5c 03 38 d0 ee 40 d7 2f g!......\.8..@./ + 0020 - cf a5 f2 d3 e7 32 6a db-89 04 56 fa d4 25 fd 8b .....2j...V..%.. + 0030 - 30 36 03 90 5d e1 1f 21-90 61 cf 82 7d 15 47 7a 06..]..!.a..}.Gz + 0040 - c7 15 47 ea 67 63 e6 4b-fa f5 e7 cb 34 7a 0d 53 ..G.gc.K....4z.S + 0050 - 1c 69 02 6e 72 94 18 b1-f3 90 90 34 3b 12 35 0d .i.nr......4;.5. + 0060 - 62 a0 c0 8d 60 9b 25 ed-94 59 c3 30 b6 f7 50 cc b...`.%..Y.0..P. + 0070 - f4 60 c4 d7 82 1f 49 c0-e5 bf 5e 01 b8 19 9e a7 .`....I...^..... + 0080 - e4 45 88 10 fa 03 8b 66-0b 6c 77 af 65 e7 d9 0d .E.....f.lw.e... + 0090 - b5 a2 ec 6b 6e 82 c3 8a-fb 77 3a 1f 50 7b f2 ab ...kn....w:.P{.. + 00a0 - 0d cb c8 f8 55 fb 8d ea-7a 76 aa 21 c6 ef c4 2c ....U...zv.!..., + 00b0 - 97 74 2b c3 3c dc 6a 41-df 61 1a 5d e5 9e db ad .t+.<.jA.a.].... + 00c0 - 07 37 31 3f ea 81 13 d1-01 f8 dc 8f 0d d8 63 e9 .71?..........c. + + Start Time: 1732736911 + Timeout : 7200 (sec) + Verify return code: 1 (unspecified certificate verification error) + Extended master secret: no + Max Early Data: 0 +--- +read R BLOCK + TLS SUCCESSFUL +202079F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:687: +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEILO0oXTnsSeJstHUeKO1JcuyCgb5Puq+3HWr0ABcaXaz +BDDaXUmstg1d5j54fhQM4B/VgsxxUsQcufOZWEzYPFq004XdJ6AMIGmb0SCquJqg +gd2hBgIEZ0d3j6IEAgIcIKQGBAQBAAAArgYCBHdILIuzAwIBFw== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Supported groups: secp256r1 +Shared groups: secp256r1 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) + + ## +######################################## + +Server output: +spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert +Using default temp DH parameters +ACCEPT +-----BEGIN SSL SESSION PARAMETERS----- +MIGCAgEBAgIDBAQCEwIEILO0oXTnsSeJstHUeKO1JcuyCgb5Puq+3HWr0ABcaXaz +BDDaXUmstg1d5j54fhQM4B/VgsxxUsQcufOZWEzYPFq004XdJ6AMIGmb0SCquJqg +gd2hBgIEZ0d3j6IEAgIcIKQGBAQBAAAArgYCBHdILIuzAwIBFw== +-----END SSL SESSION PARAMETERS----- +Shared ciphers:TLS_AES_256_GCM_SHA384 +Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 +Supported groups: secp256r1 +Shared groups: secp256r1 +CIPHER is TLS_AES_256_GCM_SHA384 +This TLS version forbids renegotiation. + TLS SUCCESSFUL +Q +DONE +shutdown accept socket +shutting down SSL +CONNECTION CLOSED + 0 items in the session cache + 0 client connects (SSL_connect()) + 0 client renegotiates (SSL_connect()) + 0 client connects that finished + 1 server accepts (SSL_accept()) + 0 server renegotiates (SSL_accept()) + 1 server accepts that finished + 0 session cache hits + 0 session cache misses + 0 session cache timeouts + 0 callback cache hits + 0 cache full overflows (128 allowed) +============================================================================== + +=================================== 53/64 ==================================== +test: pkcs11-provider:kryoptic / tls +start time: 19:48:31 +duration: 0.07s +result: exit status 77 +command: MALLOC_PERTURB_=76 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tls-kryoptic.t +============================================================================== + +=================================== 54/64 ==================================== +test: pkcs11-provider:softokn / tlsfuzzer +start time: 19:48:31 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests MALLOC_PERTURB_=119 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tlsfuzzer-softokn.t +============================================================================== + +=================================== 55/64 ==================================== +test: pkcs11-provider:softhsm / tlsfuzzer +start time: 19:48:32 +duration: 0.12s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=241 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tlsfuzzer-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/ttlsfuzzer +TLS fuzzer is not available -- skipping +============================================================================== + +=================================== 56/64 ==================================== +test: pkcs11-provider:kryoptic / tlsfuzzer +start time: 19:48:32 +duration: 0.06s +result: exit status 77 +command: MALLOC_PERTURB_=163 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper tlsfuzzer-kryoptic.t +============================================================================== + +=================================== 57/64 ==================================== +test: pkcs11-provider:softokn / uri +start time: 19:48:32 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=195 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper uri-softokn.t +============================================================================== + +=================================== 58/64 ==================================== +test: pkcs11-provider:softhsm / uri +start time: 19:48:32 +duration: 8.01s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=166 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper uri-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/turi + +## Check that storeutl returns URIs + openssl storeutl -text pkcs11: + +## Check returned URIs work to find objects +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%F4%3C%3F%49%76%E3%8E%17%B8%ED%DE%1A%34%7F%1F%C5;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%73%65%FD%7A%C3%4E%A9%5E%72%CA%E2%DC%43%5F%89;object=Test-EC-gen-007365fd;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%E4%3A%D2%1D%F4%5F%27%37%A9%55%67%A7%43%54%C4%3F;object=Test-RSA-PSS-Restrictions;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%4A%03%FC%A4%EE%68%80%88%AB%E2%9C%DB%30%7F%44%8D;object=Test-RSA-PSS-Only;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%69%B7%D4%E3%6E%7F%6A%91%AB%21%6B%DC%9F%D8%51%36;object=Test-RSA-gen-69b7d4e3;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%8E%7D%57%D6%34%84%9C%F2%CA%1D%27%F8%9A%62%3B%9F;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%BD%70%68%A0%62%52%96%6B%80%61%AA%32%63%94%D0%64;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%DE%CE%FE%6E%31%86%DB%BC%9B%12%75%B2%B3%A6%39%72;object=Test-RSA-PSS-gen-decefe6e;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%07;object=ecExplicitCert;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%46%40%3B%04%45%08%6B%11%FB%1C%0D%5C%C7%1E%3C%CD;object=Test-Ed-gen-46403b04;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%23%CA%15%16%F6%B3%35%81%6F%A7%0F%C8%39%A2%5C%7E;object=Fork-Test-23ca1516;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%CC%35%25%7E%CA%A4%0B%49%19%5C%92%14%EB%02%20%C2;object=Test-Ed-gen-cc35257e;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%3B%D7%61%95%E1%E7%78%F9%64%34%C7%C9%0F%60%68%EF;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private + openssl storeutl -text "$uri" +$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e30c164de10aa30b;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private + openssl storeutl -text "$uri" + +## Check each URI component is tested +$cmp=pkcs11:model=SoftHSM%20v2 + openssl storeutl -text "pkcs11:${cmp}" +$cmp=manufacturer=SoftHSM%20project + openssl storeutl -text "pkcs11:${cmp}" +$cmp=serial=e30c164de10aa30b + openssl storeutl -text "pkcs11:${cmp}" +$cmp=token=SoftHSM%20Token + openssl storeutl -text "pkcs11:${cmp}" +$cmp=id=%F4%3C%3F%49%76%E3%8E%17%B8%ED%DE%1A%34%7F%1F%C5 + openssl storeutl -text "pkcs11:${cmp}" +$cmp=type=private + openssl storeutl -text "pkcs11:${cmp}" +============================================================================== + +=================================== 59/64 ==================================== +test: pkcs11-provider:kryoptic / uri +start time: 19:48:40 +duration: 0.03s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=78 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper uri-kryoptic.t +============================================================================== + +=================================== 60/64 ==================================== +test: pkcs11-provider:softhsm / ecxc +start time: 19:48:40 +duration: 1.86s +result: exit status 0 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=166 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecxc-softhsm.t +----------------------------------- stdout ----------------------------------- +Executing /build/reproducible-path/pkcs11-provider-0.6/tests/tecxc + +## Export EC Public key to a file + openssl pkey -in $ECXPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub + +Print EC Public key from private + openssl pkey -in $ECXPRIURI -pubout -text + +## Sign and Verify with provided Hash and EC + openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} + + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -in ${TMPPDIR}/sha256.bin + -out ${TMPPDIR}/sha256-ecsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-ecsig.bin +Signature Verified Successfully + openssl +pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin + -in ${TMPPDIR}/sha256.bin + -sigfile ${TMPPDIR}/sha256-ecsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-256) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha256 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha256-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-384) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha384 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha384-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha384 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA-512) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha512 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha512-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha512 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-256) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha3-256 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-256-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha3-256 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-384) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha3-384 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-384-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha3-384 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin +Signature Verified Successfully + +## DigestSign and DigestVerify with ECC (SHA3-512) + openssl +pkeyutl -sign -inkey "${ECXBASEURI}" + -digest sha3-512 + -in ${RAND64FILE} + -rawin + -out ${TMPPDIR}/sha3-512-ecdgstsig.bin + + openssl +pkeyutl -verify -inkey "${ECXBASEURI}" -pubin + -digest sha3-512 + -in ${RAND64FILE} + -rawin + -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin +Signature Verified Successfully + +## Test CSR generation from private ECC keys + openssl +req -new -batch -key "${ECXPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem + + openssl +req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout +Certificate request self-signature verify OK +============================================================================== + +=================================== 61/64 ==================================== +test: pkcs11-provider:kryoptic / ecxc +start time: 19:48:42 +duration: 0.02s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=27 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper ecxc-kryoptic.t +============================================================================== + +=================================== 62/64 ==================================== +test: pkcs11-provider:softokn / cms +start time: 19:48:42 +duration: 0.02s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=212 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper cms-softokn.t +============================================================================== + +=================================== 63/64 ==================================== +test: pkcs11-provider:kryoptic / cms +start time: 19:48:42 +duration: 0.04s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=199 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper cms-kryoptic.t +============================================================================== + +=================================== 64/64 ==================================== +test: pkcs11-provider:kryoptic / pinlock +start time: 19:48:42 +duration: 0.06s +result: exit status 77 +command: ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-0.6/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-0.6/obj-arm-linux-gnueabihf/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=4 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-0.6/tests/test-wrapper pinlock-kryoptic.t +============================================================================== + + +Summary of Failures: + + 5/64 pkcs11-provider:softhsm / basic TIMEOUT 30.11s killed by signal 15 SIGTERM + +Ok: 19 +Expected Fail: 0 +Fail: 0 +Unexpected Pass: 0 +Skipped: 44 +Timeout: 1 +dh_auto_test: error: cd obj-arm-linux-gnueabihf && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 meson test returned exit code 1 +make: *** [debian/rules:9: binary] Error 25 +dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 I: copying local configuration +E: Failed autobuilding of package +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/C01_cleanup starting +debug output: disk usage on i-capture-the-hostname at Wed Nov 27 19:48:42 UTC 2024 +Filesystem Size Used Avail Use% Mounted on +tmpfs 6.2G 0 6.2G 0% /dev/shm + +I: user script /srv/workspace/pbuilder/30916/tmp/hooks/C01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/20104 and its subdirectories -I: Current time: Wed Nov 27 07:43:45 -12 2024 -I: pbuilder-time-stamp: 1732736625 +I: removing directory /srv/workspace/pbuilder/30916 and its subdirectories