I: pbuilder: network access will be disabled during build
I: Current time: Tue Feb 18 18:27:57 +14 2025
I: pbuilder-time-stamp: 1739852877
I: Building the build Environment
I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz]
I: copying local configuration
W: --override-config is not set; not updating apt.conf Read the manpage for details.
I: mounting /proc filesystem
I: mounting /sys filesystem
I: creating /{dev,run}/shm
I: mounting /dev/pts filesystem
I: redirecting /dev/ptmx to /dev/pts/ptmx
I: policy-rc.d already exists
I: Copying source file
I: copying [pkcs11-provider_1.0-1.dsc]
I: copying [./pkcs11-provider_1.0.orig.tar.gz]
I: copying [./pkcs11-provider_1.0-1.debian.tar.xz]
I: Extracting source
dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand
dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0
dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz
dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz
I: Not using root during the build.
I: Installing the build-deps
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/D01_modify_environment starting
debug: Running on codethink04-arm64.
I: Changing host+domainname to test build reproducibility
I: Adding a custom variable just for the fun of it...
I: Changing /bin/sh to bash
'/bin/sh' -> '/bin/bash'
lrwxrwxrwx 1 root root 9 Feb 18 04:28 /bin/sh -> /bin/bash
I: Setting pbuilder2's login shell to /bin/bash
I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/D01_modify_environment finished
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/D02_print_environment starting
I: set
BASH=/bin/sh
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="12" [1]="0")
BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:.
BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment")
BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="aarch64-unknown-linux-gnu")
BASH_VERSION='5.2.37(1)-release'
BUILDDIR=/build/reproducible-path
BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other'
BUILDUSERNAME=pbuilder2
BUILD_ARCH=arm64
DEBIAN_FRONTEND=noninteractive
DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=12 '
DIRSTACK=()
DISTRIBUTION=trixie
EUID=0
FUNCNAME=([0]="Echo" [1]="main")
GROUPS=()
HOME=/root
HOSTNAME=i-capture-the-hostname
HOSTTYPE=aarch64
HOST_ARCH=arm64
IFS='
'
INVOCATION_ID=81572dad614e4fcbaeeaa4b3c3f273a7
LANG=C
LANGUAGE=nl_BE:nl
LC_ALL=C
MACHTYPE=aarch64-unknown-linux-gnu
MAIL=/var/mail/root
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path
PBCURRENTCOMMANDLINEOPERATION=build
PBUILDER_OPERATION=build
PBUILDER_PKGDATADIR=/usr/share/pbuilder
PBUILDER_PKGLIBDIR=/usr/lib/pbuilder
PBUILDER_SYSCONFDIR=/etc
PIPESTATUS=([0]="0")
POSIXLY_CORRECT=y
PPID=2357949
PS4='+ '
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix
SHLVL=3
SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.ZUJ1KV65/pbuilderrc_TbUM --distribution trixie --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.ZUJ1KV65/b2 --logfile b2/build.log pkcs11-provider_1.0-1.dsc'
SUDO_GID=109
SUDO_UID=104
SUDO_USER=jenkins
TERM=unknown
TZ=/usr/share/zoneinfo/Etc/GMT-14
UID=0
USER=root
_='I: set'
http_proxy=http://192.168.101.4:3128
I: uname -a
Linux i-capture-the-hostname 6.1.0-31-cloud-arm64 #1 SMP Debian 6.1.128-1 (2025-02-07) aarch64 GNU/Linux
I: ls -l /bin
lrwxrwxrwx 1 root root 7 Nov 22 14:40 /bin -> usr/bin
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/D02_print_environment finished
-> Attempting to satisfy build-dependencies
-> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: arm64
Maintainer: Debian Pbuilder Team <pbuilder-maint@lists.alioth.debian.org>
Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder
This package was created automatically by pbuilder to satisfy the
build-dependencies of the package being currently built.
Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2
dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
Selecting previously unselected package pbuilder-satisfydepends-dummy.
(Reading database ... 19923 files and directories currently installed.)
Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ...
Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ...
dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested:
pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however:
Package debhelper-compat is not installed.
pbuilder-satisfydepends-dummy depends on dh-package-notes; however:
Package dh-package-notes is not installed.
pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however:
Package libssl-dev is not installed.
pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however:
Package meson is not installed.
pbuilder-satisfydepends-dummy depends on pkgconf; however:
Package pkgconf is not installed.
pbuilder-satisfydepends-dummy depends on expect; however:
Package expect is not installed.
pbuilder-satisfydepends-dummy depends on gnutls-bin; however:
Package gnutls-bin is not installed.
pbuilder-satisfydepends-dummy depends on libnss3-dev; however:
Package libnss3-dev is not installed.
pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however:
Package libp11-kit-dev is not installed.
pbuilder-satisfydepends-dummy depends on libstoken-dev; however:
Package libstoken-dev is not installed.
pbuilder-satisfydepends-dummy depends on opensc; however:
Package opensc is not installed.
pbuilder-satisfydepends-dummy depends on openssl; however:
Package openssl is not installed.
pbuilder-satisfydepends-dummy depends on p11-kit; however:
Package p11-kit is not installed.
pbuilder-satisfydepends-dummy depends on p11-kit-modules; however:
Package p11-kit-modules is not installed.
pbuilder-satisfydepends-dummy depends on softhsm2; however:
Package softhsm2 is not installed.
Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ...
Reading package lists...
Building dependency tree...
Reading state information...
Initializing package states...
Writing extended state information...
Building tag database...
pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0)
pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0)
The following NEW packages will be installed:
autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a}
The following packages are RECOMMENDED but will NOT be installed:
ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs
0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded.
Need to get 46.7 MB of archives. After unpacking 184 MB will be used.
Writing extended state information...
Get: 1 http://deb.debian.org/debian trixie/main arm64 libpython3.13-minimal arm64 3.13.2-1 [853 kB]
Get: 2 http://deb.debian.org/debian trixie/main arm64 libexpat1 arm64 2.6.4-1 [90.7 kB]
Get: 3 http://deb.debian.org/debian trixie/main arm64 python3.13-minimal arm64 3.13.2-1 [1997 kB]
Get: 4 http://deb.debian.org/debian trixie/main arm64 python3-minimal arm64 3.13.1-2 [27.0 kB]
Get: 5 http://deb.debian.org/debian trixie/main arm64 media-types all 10.1.0 [26.9 kB]
Get: 6 http://deb.debian.org/debian trixie/main arm64 netbase all 6.4 [12.8 kB]
Get: 7 http://deb.debian.org/debian trixie/main arm64 tzdata all 2024b-6 [257 kB]
Get: 8 http://deb.debian.org/debian trixie/main arm64 libffi8 arm64 3.4.7-1 [21.2 kB]
Get: 9 http://deb.debian.org/debian trixie/main arm64 readline-common all 8.2-6 [69.4 kB]
Get: 10 http://deb.debian.org/debian trixie/main arm64 libreadline8t64 arm64 8.2-6 [159 kB]
Get: 11 http://deb.debian.org/debian trixie/main arm64 libpython3.13-stdlib arm64 3.13.2-1 [1914 kB]
Get: 12 http://deb.debian.org/debian trixie/main arm64 python3.13 arm64 3.13.2-1 [745 kB]
Get: 13 http://deb.debian.org/debian trixie/main arm64 libpython3-stdlib arm64 3.13.1-2 [9952 B]
Get: 14 http://deb.debian.org/debian trixie/main arm64 python3 arm64 3.13.1-2 [28.0 kB]
Get: 15 http://deb.debian.org/debian trixie/main arm64 libproc2-0 arm64 2:4.0.4-7 [62.4 kB]
Get: 16 http://deb.debian.org/debian trixie/main arm64 procps arm64 2:4.0.4-7 [868 kB]
Get: 17 http://deb.debian.org/debian trixie/main arm64 sensible-utils all 0.0.24 [24.8 kB]
Get: 18 http://deb.debian.org/debian trixie/main arm64 libmagic-mgc arm64 1:5.45-3+b1 [314 kB]
Get: 19 http://deb.debian.org/debian trixie/main arm64 libmagic1t64 arm64 1:5.45-3+b1 [102 kB]
Get: 20 http://deb.debian.org/debian trixie/main arm64 file arm64 1:5.45-3+b1 [43.4 kB]
Get: 21 http://deb.debian.org/debian trixie/main arm64 gettext-base arm64 0.23.1-1 [241 kB]
Get: 22 http://deb.debian.org/debian trixie/main arm64 libuchardet0 arm64 0.0.8-1+b2 [69.2 kB]
Get: 23 http://deb.debian.org/debian trixie/main arm64 groff-base arm64 1.23.0-7 [1129 kB]
Get: 24 http://deb.debian.org/debian trixie/main arm64 bsdextrautils arm64 2.40.4-3 [92.0 kB]
Get: 25 http://deb.debian.org/debian trixie/main arm64 libpipeline1 arm64 1.5.8-1 [40.2 kB]
Get: 26 http://deb.debian.org/debian trixie/main arm64 man-db arm64 2.13.0-1 [1404 kB]
Get: 27 http://deb.debian.org/debian trixie/main arm64 libtext-charwidth-perl arm64 0.04-11+b4 [9652 B]
Get: 28 http://deb.debian.org/debian trixie/main arm64 libtext-wrapi18n-perl all 0.06-10 [8808 B]
Get: 29 http://deb.debian.org/debian trixie/main arm64 ucf all 3.0049 [42.5 kB]
Get: 30 http://deb.debian.org/debian trixie/main arm64 m4 arm64 1.4.19-5 [284 kB]
Get: 31 http://deb.debian.org/debian trixie/main arm64 autoconf all 2.72-3 [493 kB]
Get: 32 http://deb.debian.org/debian trixie/main arm64 autotools-dev all 20220109.1 [51.6 kB]
Get: 33 http://deb.debian.org/debian trixie/main arm64 automake all 1:1.17-3 [862 kB]
Get: 34 http://deb.debian.org/debian trixie/main arm64 autopoint all 0.23.1-1 [770 kB]
Get: 35 http://deb.debian.org/debian trixie/main arm64 libdebhelper-perl all 13.24.1 [90.9 kB]
Get: 36 http://deb.debian.org/debian trixie/main arm64 libtool all 2.5.4-3 [539 kB]
Get: 37 http://deb.debian.org/debian trixie/main arm64 dh-autoreconf all 20 [17.1 kB]
Get: 38 http://deb.debian.org/debian trixie/main arm64 libarchive-zip-perl all 1.68-1 [104 kB]
Get: 39 http://deb.debian.org/debian trixie/main arm64 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB]
Get: 40 http://deb.debian.org/debian trixie/main arm64 dh-strip-nondeterminism all 1.14.1-2 [8620 B]
Get: 41 http://deb.debian.org/debian trixie/main arm64 libelf1t64 arm64 0.192-4 [189 kB]
Get: 42 http://deb.debian.org/debian trixie/main arm64 dwz arm64 0.15-1+b1 [102 kB]
Get: 43 http://deb.debian.org/debian trixie/main arm64 libunistring5 arm64 1.3-1 [449 kB]
Get: 44 http://deb.debian.org/debian trixie/main arm64 libicu72 arm64 72.1-6 [9239 kB]
Get: 45 http://deb.debian.org/debian trixie/main arm64 libxml2 arm64 2.12.7+dfsg+really2.9.14-0.2+b1 [630 kB]
Get: 46 http://deb.debian.org/debian trixie/main arm64 gettext arm64 0.23.1-1 [1610 kB]
Get: 47 http://deb.debian.org/debian trixie/main arm64 intltool-debian all 0.35.0+20060710.6 [22.9 kB]
Get: 48 http://deb.debian.org/debian trixie/main arm64 po-debconf all 1.0.21+nmu1 [248 kB]
Get: 49 http://deb.debian.org/debian trixie/main arm64 debhelper all 13.24.1 [920 kB]
Get: 50 http://deb.debian.org/debian trixie/main arm64 dh-package-notes all 0.15 [6692 B]
Get: 51 http://deb.debian.org/debian trixie/main arm64 libtcl8.6 arm64 8.6.16+dfsg-1 [984 kB]
Get: 52 http://deb.debian.org/debian trixie/main arm64 tcl8.6 arm64 8.6.16+dfsg-1 [121 kB]
Get: 53 http://deb.debian.org/debian trixie/main arm64 tcl-expect arm64 5.45.4-3+b1 [123 kB]
Get: 54 http://deb.debian.org/debian trixie/main arm64 expect arm64 5.45.4-3+b1 [159 kB]
Get: 55 http://deb.debian.org/debian trixie/main arm64 libidn2-0 arm64 2.3.7-2+b1 [127 kB]
Get: 56 http://deb.debian.org/debian trixie/main arm64 libp11-kit0 arm64 0.25.5-3 [409 kB]
Get: 57 http://deb.debian.org/debian trixie/main arm64 libtasn1-6 arm64 4.20.0-2 [47.3 kB]
Get: 58 http://deb.debian.org/debian trixie/main arm64 libgnutls30t64 arm64 3.8.9-2 [1374 kB]
Get: 59 http://deb.debian.org/debian trixie/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10+b1 [170 kB]
Get: 60 http://deb.debian.org/debian trixie/main arm64 libunbound8 arm64 1.22.0-1+b1 [553 kB]
Get: 61 http://deb.debian.org/debian trixie/main arm64 libgnutls-dane0t64 arm64 3.8.9-2 [452 kB]
Get: 62 http://deb.debian.org/debian trixie/main arm64 gnutls-bin arm64 3.8.9-2 [673 kB]
Get: 63 http://deb.debian.org/debian trixie/main arm64 libeac3 arm64 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [48.1 kB]
Get: 64 http://deb.debian.org/debian trixie/main arm64 libglib2.0-0t64 arm64 2.83.3-2 [1421 kB]
Get: 65 http://deb.debian.org/debian trixie/main arm64 libnspr4 arm64 2:4.36-1 [102 kB]
Get: 66 http://deb.debian.org/debian trixie/main arm64 libnspr4-dev arm64 2:4.36-1 [203 kB]
Get: 67 http://deb.debian.org/debian trixie/main arm64 libnss3 arm64 2:3.107-1 [1289 kB]
Get: 68 http://deb.debian.org/debian trixie/main arm64 libnss3-dev arm64 2:3.107-1 [250 kB]
Get: 69 http://deb.debian.org/debian trixie/main arm64 libp11-kit-dev arm64 0.25.5-3 [208 kB]
Get: 70 http://deb.debian.org/debian trixie/main arm64 libpkgconf3 arm64 1.8.1-4 [35.3 kB]
Get: 71 http://deb.debian.org/debian trixie/main arm64 softhsm2-common arm64 2.6.1-2.2+b3 [12.4 kB]
Get: 72 http://deb.debian.org/debian trixie/main arm64 libsofthsm2 arm64 2.6.1-2.2+b3 [218 kB]
Get: 73 http://deb.debian.org/debian trixie/main arm64 libssl-dev arm64 3.4.0-2 [3234 kB]
Get: 74 http://deb.debian.org/debian trixie/main arm64 libtommath1 arm64 1.3.0-1 [64.5 kB]
Get: 75 http://deb.debian.org/debian trixie/main arm64 libtomcrypt1 arm64 1.18.2+dfsg-7+b2 [410 kB]
Get: 76 http://deb.debian.org/debian trixie/main arm64 libstoken1t64 arm64 0.92-1.1+b2 [28.1 kB]
Get: 77 http://deb.debian.org/debian trixie/main arm64 libtomcrypt-dev arm64 1.18.2+dfsg-7+b2 [1277 kB]
Get: 78 http://deb.debian.org/debian trixie/main arm64 libstoken-dev arm64 0.92-1.1+b2 [8196 B]
Get: 79 http://deb.debian.org/debian trixie/main arm64 ninja-build arm64 1.12.1-1+b1 [130 kB]
Get: 80 http://deb.debian.org/debian trixie/main arm64 python3-autocommand all 2.2.2-3 [13.6 kB]
Get: 81 http://deb.debian.org/debian trixie/main arm64 python3-more-itertools all 10.6.0-1 [65.3 kB]
Get: 82 http://deb.debian.org/debian trixie/main arm64 python3-typing-extensions all 4.12.2-2 [73.0 kB]
Get: 83 http://deb.debian.org/debian trixie/main arm64 python3-typeguard all 4.4.1-1 [37.0 kB]
Get: 84 http://deb.debian.org/debian trixie/main arm64 python3-inflect all 7.3.1-2 [32.4 kB]
Get: 85 http://deb.debian.org/debian trixie/main arm64 python3-jaraco.context all 6.0.0-1 [7984 B]
Get: 86 http://deb.debian.org/debian trixie/main arm64 python3-jaraco.functools all 4.1.0-1 [12.0 kB]
Get: 87 http://deb.debian.org/debian trixie/main arm64 python3-pkg-resources all 75.6.0-1 [222 kB]
Get: 88 http://deb.debian.org/debian trixie/main arm64 python3-jaraco.text all 4.0.0-1 [11.4 kB]
Get: 89 http://deb.debian.org/debian trixie/main arm64 python3-zipp all 3.21.0-1 [10.6 kB]
Get: 90 http://deb.debian.org/debian trixie/main arm64 python3-setuptools all 75.6.0-1 [720 kB]
Get: 91 http://deb.debian.org/debian trixie/main arm64 meson all 1.7.0-1 [639 kB]
Get: 92 http://deb.debian.org/debian trixie/main arm64 opensc-pkcs11 arm64 0.26.0-1 [799 kB]
Get: 93 http://deb.debian.org/debian trixie/main arm64 opensc arm64 0.26.0-1 [394 kB]
Get: 94 http://deb.debian.org/debian trixie/main arm64 openssl arm64 3.4.0-2 [1385 kB]
Get: 95 http://deb.debian.org/debian trixie/main arm64 p11-kit-modules arm64 0.25.5-3 [253 kB]
Get: 96 http://deb.debian.org/debian trixie/main arm64 p11-kit arm64 0.25.5-3 [400 kB]
Get: 97 http://deb.debian.org/debian trixie/main arm64 pkgconf-bin arm64 1.8.1-4 [29.6 kB]
Get: 98 http://deb.debian.org/debian trixie/main arm64 pkgconf arm64 1.8.1-4 [26.1 kB]
Get: 99 http://deb.debian.org/debian trixie/main arm64 softhsm2 arm64 2.6.1-2.2+b3 [152 kB]
Fetched 46.7 MB in 0s (184 MB/s)
Preconfiguring packages ...
Selecting previously unselected package libpython3.13-minimal:arm64.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 19923 files and directories currently installed.)
Preparing to unpack .../libpython3.13-minimal_3.13.2-1_arm64.deb ...
Unpacking libpython3.13-minimal:arm64 (3.13.2-1) ...
Selecting previously unselected package libexpat1:arm64.
Preparing to unpack .../libexpat1_2.6.4-1_arm64.deb ...
Unpacking libexpat1:arm64 (2.6.4-1) ...
Selecting previously unselected package python3.13-minimal.
Preparing to unpack .../python3.13-minimal_3.13.2-1_arm64.deb ...
Unpacking python3.13-minimal (3.13.2-1) ...
Setting up libpython3.13-minimal:arm64 (3.13.2-1) ...
Setting up libexpat1:arm64 (2.6.4-1) ...
Setting up python3.13-minimal (3.13.2-1) ...
Selecting previously unselected package python3-minimal.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 20257 files and directories currently installed.)
Preparing to unpack .../0-python3-minimal_3.13.1-2_arm64.deb ...
Unpacking python3-minimal (3.13.1-2) ...
Selecting previously unselected package media-types.
Preparing to unpack .../1-media-types_10.1.0_all.deb ...
Unpacking media-types (10.1.0) ...
Selecting previously unselected package netbase.
Preparing to unpack .../2-netbase_6.4_all.deb ...
Unpacking netbase (6.4) ...
Selecting previously unselected package tzdata.
Preparing to unpack .../3-tzdata_2024b-6_all.deb ...
Unpacking tzdata (2024b-6) ...
Selecting previously unselected package libffi8:arm64.
Preparing to unpack .../4-libffi8_3.4.7-1_arm64.deb ...
Unpacking libffi8:arm64 (3.4.7-1) ...
Selecting previously unselected package readline-common.
Preparing to unpack .../5-readline-common_8.2-6_all.deb ...
Unpacking readline-common (8.2-6) ...
Selecting previously unselected package libreadline8t64:arm64.
Preparing to unpack .../6-libreadline8t64_8.2-6_arm64.deb ...
Adding 'diversion of /lib/aarch64-linux-gnu/libhistory.so.8 to /lib/aarch64-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64'
Adding 'diversion of /lib/aarch64-linux-gnu/libhistory.so.8.2 to /lib/aarch64-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64'
Adding 'diversion of /lib/aarch64-linux-gnu/libreadline.so.8 to /lib/aarch64-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64'
Adding 'diversion of /lib/aarch64-linux-gnu/libreadline.so.8.2 to /lib/aarch64-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64'
Unpacking libreadline8t64:arm64 (8.2-6) ...
Selecting previously unselected package libpython3.13-stdlib:arm64.
Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_arm64.deb ...
Unpacking libpython3.13-stdlib:arm64 (3.13.2-1) ...
Selecting previously unselected package python3.13.
Preparing to unpack .../8-python3.13_3.13.2-1_arm64.deb ...
Unpacking python3.13 (3.13.2-1) ...
Selecting previously unselected package libpython3-stdlib:arm64.
Preparing to unpack .../9-libpython3-stdlib_3.13.1-2_arm64.deb ...
Unpacking libpython3-stdlib:arm64 (3.13.1-2) ...
Setting up python3-minimal (3.13.1-2) ...
Selecting previously unselected package python3.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 21267 files and directories currently installed.)
Preparing to unpack .../00-python3_3.13.1-2_arm64.deb ...
Unpacking python3 (3.13.1-2) ...
Selecting previously unselected package libproc2-0:arm64.
Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_arm64.deb ...
Unpacking libproc2-0:arm64 (2:4.0.4-7) ...
Selecting previously unselected package procps.
Preparing to unpack .../02-procps_2%3a4.0.4-7_arm64.deb ...
Unpacking procps (2:4.0.4-7) ...
Selecting previously unselected package sensible-utils.
Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ...
Unpacking sensible-utils (0.0.24) ...
Selecting previously unselected package libmagic-mgc.
Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_arm64.deb ...
Unpacking libmagic-mgc (1:5.45-3+b1) ...
Selecting previously unselected package libmagic1t64:arm64.
Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_arm64.deb ...
Unpacking libmagic1t64:arm64 (1:5.45-3+b1) ...
Selecting previously unselected package file.
Preparing to unpack .../06-file_1%3a5.45-3+b1_arm64.deb ...
Unpacking file (1:5.45-3+b1) ...
Selecting previously unselected package gettext-base.
Preparing to unpack .../07-gettext-base_0.23.1-1_arm64.deb ...
Unpacking gettext-base (0.23.1-1) ...
Selecting previously unselected package libuchardet0:arm64.
Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_arm64.deb ...
Unpacking libuchardet0:arm64 (0.0.8-1+b2) ...
Selecting previously unselected package groff-base.
Preparing to unpack .../09-groff-base_1.23.0-7_arm64.deb ...
Unpacking groff-base (1.23.0-7) ...
Selecting previously unselected package bsdextrautils.
Preparing to unpack .../10-bsdextrautils_2.40.4-3_arm64.deb ...
Unpacking bsdextrautils (2.40.4-3) ...
Selecting previously unselected package libpipeline1:arm64.
Preparing to unpack .../11-libpipeline1_1.5.8-1_arm64.deb ...
Unpacking libpipeline1:arm64 (1.5.8-1) ...
Selecting previously unselected package man-db.
Preparing to unpack .../12-man-db_2.13.0-1_arm64.deb ...
Unpacking man-db (2.13.0-1) ...
Selecting previously unselected package libtext-charwidth-perl:arm64.
Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_arm64.deb ...
Unpacking libtext-charwidth-perl:arm64 (0.04-11+b4) ...
Selecting previously unselected package libtext-wrapi18n-perl.
Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ...
Unpacking libtext-wrapi18n-perl (0.06-10) ...
Selecting previously unselected package ucf.
Preparing to unpack .../15-ucf_3.0049_all.deb ...
Moving old data out of the way
Unpacking ucf (3.0049) ...
Selecting previously unselected package m4.
Preparing to unpack .../16-m4_1.4.19-5_arm64.deb ...
Unpacking m4 (1.4.19-5) ...
Selecting previously unselected package autoconf.
Preparing to unpack .../17-autoconf_2.72-3_all.deb ...
Unpacking autoconf (2.72-3) ...
Selecting previously unselected package autotools-dev.
Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ...
Unpacking autotools-dev (20220109.1) ...
Selecting previously unselected package automake.
Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ...
Unpacking automake (1:1.17-3) ...
Selecting previously unselected package autopoint.
Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ...
Unpacking autopoint (0.23.1-1) ...
Selecting previously unselected package libdebhelper-perl.
Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ...
Unpacking libdebhelper-perl (13.24.1) ...
Selecting previously unselected package libtool.
Preparing to unpack .../22-libtool_2.5.4-3_all.deb ...
Unpacking libtool (2.5.4-3) ...
Selecting previously unselected package dh-autoreconf.
Preparing to unpack .../23-dh-autoreconf_20_all.deb ...
Unpacking dh-autoreconf (20) ...
Selecting previously unselected package libarchive-zip-perl.
Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ...
Unpacking libarchive-zip-perl (1.68-1) ...
Selecting previously unselected package libfile-stripnondeterminism-perl.
Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ...
Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ...
Selecting previously unselected package dh-strip-nondeterminism.
Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ...
Unpacking dh-strip-nondeterminism (1.14.1-2) ...
Selecting previously unselected package libelf1t64:arm64.
Preparing to unpack .../27-libelf1t64_0.192-4_arm64.deb ...
Unpacking libelf1t64:arm64 (0.192-4) ...
Selecting previously unselected package dwz.
Preparing to unpack .../28-dwz_0.15-1+b1_arm64.deb ...
Unpacking dwz (0.15-1+b1) ...
Selecting previously unselected package libunistring5:arm64.
Preparing to unpack .../29-libunistring5_1.3-1_arm64.deb ...
Unpacking libunistring5:arm64 (1.3-1) ...
Selecting previously unselected package libicu72:arm64.
Preparing to unpack .../30-libicu72_72.1-6_arm64.deb ...
Unpacking libicu72:arm64 (72.1-6) ...
Selecting previously unselected package libxml2:arm64.
Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_arm64.deb ...
Unpacking libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) ...
Selecting previously unselected package gettext.
Preparing to unpack .../32-gettext_0.23.1-1_arm64.deb ...
Unpacking gettext (0.23.1-1) ...
Selecting previously unselected package intltool-debian.
Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ...
Unpacking intltool-debian (0.35.0+20060710.6) ...
Selecting previously unselected package po-debconf.
Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ...
Unpacking po-debconf (1.0.21+nmu1) ...
Selecting previously unselected package debhelper.
Preparing to unpack .../35-debhelper_13.24.1_all.deb ...
Unpacking debhelper (13.24.1) ...
Selecting previously unselected package dh-package-notes.
Preparing to unpack .../36-dh-package-notes_0.15_all.deb ...
Unpacking dh-package-notes (0.15) ...
Selecting previously unselected package libtcl8.6:arm64.
Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_arm64.deb ...
Unpacking libtcl8.6:arm64 (8.6.16+dfsg-1) ...
Selecting previously unselected package tcl8.6.
Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_arm64.deb ...
Unpacking tcl8.6 (8.6.16+dfsg-1) ...
Selecting previously unselected package tcl-expect:arm64.
Preparing to unpack .../39-tcl-expect_5.45.4-3+b1_arm64.deb ...
Unpacking tcl-expect:arm64 (5.45.4-3+b1) ...
Selecting previously unselected package expect.
Preparing to unpack .../40-expect_5.45.4-3+b1_arm64.deb ...
Unpacking expect (5.45.4-3+b1) ...
Selecting previously unselected package libidn2-0:arm64.
Preparing to unpack .../41-libidn2-0_2.3.7-2+b1_arm64.deb ...
Unpacking libidn2-0:arm64 (2.3.7-2+b1) ...
Selecting previously unselected package libp11-kit0:arm64.
Preparing to unpack .../42-libp11-kit0_0.25.5-3_arm64.deb ...
Unpacking libp11-kit0:arm64 (0.25.5-3) ...
Selecting previously unselected package libtasn1-6:arm64.
Preparing to unpack .../43-libtasn1-6_4.20.0-2_arm64.deb ...
Unpacking libtasn1-6:arm64 (4.20.0-2) ...
Selecting previously unselected package libgnutls30t64:arm64.
Preparing to unpack .../44-libgnutls30t64_3.8.9-2_arm64.deb ...
Unpacking libgnutls30t64:arm64 (3.8.9-2) ...
Selecting previously unselected package libevent-2.1-7t64:arm64.
Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_arm64.deb ...
Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10+b1) ...
Selecting previously unselected package libunbound8:arm64.
Preparing to unpack .../46-libunbound8_1.22.0-1+b1_arm64.deb ...
Unpacking libunbound8:arm64 (1.22.0-1+b1) ...
Selecting previously unselected package libgnutls-dane0t64:arm64.
Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_arm64.deb ...
Unpacking libgnutls-dane0t64:arm64 (3.8.9-2) ...
Selecting previously unselected package gnutls-bin.
Preparing to unpack .../48-gnutls-bin_3.8.9-2_arm64.deb ...
Unpacking gnutls-bin (3.8.9-2) ...
Selecting previously unselected package libeac3:arm64.
Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_arm64.deb ...
Unpacking libeac3:arm64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ...
Selecting previously unselected package libglib2.0-0t64:arm64.
Preparing to unpack .../50-libglib2.0-0t64_2.83.3-2_arm64.deb ...
Unpacking libglib2.0-0t64:arm64 (2.83.3-2) ...
Selecting previously unselected package libnspr4:arm64.
Preparing to unpack .../51-libnspr4_2%3a4.36-1_arm64.deb ...
Unpacking libnspr4:arm64 (2:4.36-1) ...
Selecting previously unselected package libnspr4-dev.
Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_arm64.deb ...
Unpacking libnspr4-dev (2:4.36-1) ...
Selecting previously unselected package libnss3:arm64.
Preparing to unpack .../53-libnss3_2%3a3.107-1_arm64.deb ...
Unpacking libnss3:arm64 (2:3.107-1) ...
Selecting previously unselected package libnss3-dev:arm64.
Preparing to unpack .../54-libnss3-dev_2%3a3.107-1_arm64.deb ...
Unpacking libnss3-dev:arm64 (2:3.107-1) ...
Selecting previously unselected package libp11-kit-dev:arm64.
Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_arm64.deb ...
Unpacking libp11-kit-dev:arm64 (0.25.5-3) ...
Selecting previously unselected package libpkgconf3:arm64.
Preparing to unpack .../56-libpkgconf3_1.8.1-4_arm64.deb ...
Unpacking libpkgconf3:arm64 (1.8.1-4) ...
Selecting previously unselected package softhsm2-common.
Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b3_arm64.deb ...
Unpacking softhsm2-common (2.6.1-2.2+b3) ...
Selecting previously unselected package libsofthsm2.
Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b3_arm64.deb ...
Unpacking libsofthsm2 (2.6.1-2.2+b3) ...
Selecting previously unselected package libssl-dev:arm64.
Preparing to unpack .../59-libssl-dev_3.4.0-2_arm64.deb ...
Unpacking libssl-dev:arm64 (3.4.0-2) ...
Selecting previously unselected package libtommath1:arm64.
Preparing to unpack .../60-libtommath1_1.3.0-1_arm64.deb ...
Unpacking libtommath1:arm64 (1.3.0-1) ...
Selecting previously unselected package libtomcrypt1:arm64.
Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_arm64.deb ...
Unpacking libtomcrypt1:arm64 (1.18.2+dfsg-7+b2) ...
Selecting previously unselected package libstoken1t64:arm64.
Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_arm64.deb ...
Unpacking libstoken1t64:arm64 (0.92-1.1+b2) ...
Selecting previously unselected package libtomcrypt-dev.
Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_arm64.deb ...
Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ...
Selecting previously unselected package libstoken-dev:arm64.
Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_arm64.deb ...
Unpacking libstoken-dev:arm64 (0.92-1.1+b2) ...
Selecting previously unselected package ninja-build.
Preparing to unpack .../65-ninja-build_1.12.1-1+b1_arm64.deb ...
Unpacking ninja-build (1.12.1-1+b1) ...
Selecting previously unselected package python3-autocommand.
Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ...
Unpacking python3-autocommand (2.2.2-3) ...
Selecting previously unselected package python3-more-itertools.
Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ...
Unpacking python3-more-itertools (10.6.0-1) ...
Selecting previously unselected package python3-typing-extensions.
Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ...
Unpacking python3-typing-extensions (4.12.2-2) ...
Selecting previously unselected package python3-typeguard.
Preparing to unpack .../69-python3-typeguard_4.4.1-1_all.deb ...
Unpacking python3-typeguard (4.4.1-1) ...
Selecting previously unselected package python3-inflect.
Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ...
Unpacking python3-inflect (7.3.1-2) ...
Selecting previously unselected package python3-jaraco.context.
Preparing to unpack .../71-python3-jaraco.context_6.0.0-1_all.deb ...
Unpacking python3-jaraco.context (6.0.0-1) ...
Selecting previously unselected package python3-jaraco.functools.
Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ...
Unpacking python3-jaraco.functools (4.1.0-1) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../73-python3-pkg-resources_75.6.0-1_all.deb ...
Unpacking python3-pkg-resources (75.6.0-1) ...
Selecting previously unselected package python3-jaraco.text.
Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ...
Unpacking python3-jaraco.text (4.0.0-1) ...
Selecting previously unselected package python3-zipp.
Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ...
Unpacking python3-zipp (3.21.0-1) ...
Selecting previously unselected package python3-setuptools.
Preparing to unpack .../76-python3-setuptools_75.6.0-1_all.deb ...
Unpacking python3-setuptools (75.6.0-1) ...
Selecting previously unselected package meson.
Preparing to unpack .../77-meson_1.7.0-1_all.deb ...
Unpacking meson (1.7.0-1) ...
Selecting previously unselected package opensc-pkcs11:arm64.
Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_arm64.deb ...
Unpacking opensc-pkcs11:arm64 (0.26.0-1) ...
Selecting previously unselected package opensc.
Preparing to unpack .../79-opensc_0.26.0-1_arm64.deb ...
Unpacking opensc (0.26.0-1) ...
Selecting previously unselected package openssl.
Preparing to unpack .../80-openssl_3.4.0-2_arm64.deb ...
Unpacking openssl (3.4.0-2) ...
Selecting previously unselected package p11-kit-modules:arm64.
Preparing to unpack .../81-p11-kit-modules_0.25.5-3_arm64.deb ...
Unpacking p11-kit-modules:arm64 (0.25.5-3) ...
Selecting previously unselected package p11-kit.
Preparing to unpack .../82-p11-kit_0.25.5-3_arm64.deb ...
Unpacking p11-kit (0.25.5-3) ...
Selecting previously unselected package pkgconf-bin.
Preparing to unpack .../83-pkgconf-bin_1.8.1-4_arm64.deb ...
Unpacking pkgconf-bin (1.8.1-4) ...
Selecting previously unselected package pkgconf:arm64.
Preparing to unpack .../84-pkgconf_1.8.1-4_arm64.deb ...
Unpacking pkgconf:arm64 (1.8.1-4) ...
Selecting previously unselected package softhsm2.
Preparing to unpack .../85-softhsm2_2.6.1-2.2+b3_arm64.deb ...
Unpacking softhsm2 (2.6.1-2.2+b3) ...
Setting up media-types (10.1.0) ...
Setting up libpipeline1:arm64 (1.5.8-1) ...
Setting up libtext-charwidth-perl:arm64 (0.04-11+b4) ...
Setting up libicu72:arm64 (72.1-6) ...
Setting up bsdextrautils (2.40.4-3) ...
Setting up libmagic-mgc (1:5.45-3+b1) ...
Setting up libarchive-zip-perl (1.68-1) ...
Setting up libtommath1:arm64 (1.3.0-1) ...
Setting up libdebhelper-perl (13.24.1) ...
Setting up libmagic1t64:arm64 (1:5.45-3+b1) ...
Setting up gettext-base (0.23.1-1) ...
Setting up m4 (1.4.19-5) ...
Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10+b1) ...
Setting up file (1:5.45-3+b1) ...
Setting up libtext-wrapi18n-perl (0.06-10) ...
Setting up ninja-build (1.12.1-1+b1) ...
Setting up libelf1t64:arm64 (0.192-4) ...
Setting up libeac3:arm64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ...
Setting up tzdata (2024b-6) ...
Current default time zone: 'Etc/UTC'
Local time is now: Tue Feb 18 04:28:17 UTC 2025.
Universal Time is now: Tue Feb 18 04:28:17 UTC 2025.
Run 'dpkg-reconfigure tzdata' if you wish to change it.
Setting up autotools-dev (20220109.1) ...
Setting up libunbound8:arm64 (1.22.0-1+b1) ...
Setting up libpkgconf3:arm64 (1.8.1-4) ...
Setting up libnspr4:arm64 (2:4.36-1) ...
Setting up libproc2-0:arm64 (2:4.0.4-7) ...
Setting up libunistring5:arm64 (1.3-1) ...
Setting up libssl-dev:arm64 (3.4.0-2) ...
Setting up libtcl8.6:arm64 (8.6.16+dfsg-1) ...
Setting up autopoint (0.23.1-1) ...
Setting up pkgconf-bin (1.8.1-4) ...
Setting up autoconf (2.72-3) ...
Setting up libffi8:arm64 (3.4.7-1) ...
Setting up dwz (0.15-1+b1) ...
Setting up sensible-utils (0.0.24) ...
Setting up libuchardet0:arm64 (0.0.8-1+b2) ...
Setting up procps (2:4.0.4-7) ...
Setting up libtasn1-6:arm64 (4.20.0-2) ...
Setting up netbase (6.4) ...
Setting up openssl (3.4.0-2) ...
Setting up readline-common (8.2-6) ...
Setting up libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) ...
Setting up libtomcrypt1:arm64 (1.18.2+dfsg-7+b2) ...
Setting up automake (1:1.17-3) ...
update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode
Setting up libfile-stripnondeterminism-perl (1.14.1-2) ...
Setting up libnspr4-dev (2:4.36-1) ...
Setting up tcl8.6 (8.6.16+dfsg-1) ...
Setting up gettext (0.23.1-1) ...
Setting up libtool (2.5.4-3) ...
Setting up tcl-expect:arm64 (5.45.4-3+b1) ...
Setting up libidn2-0:arm64 (2.3.7-2+b1) ...
Setting up libnss3:arm64 (2:3.107-1) ...
Setting up pkgconf:arm64 (1.8.1-4) ...
Setting up intltool-debian (0.35.0+20060710.6) ...
Setting up libstoken1t64:arm64 (0.92-1.1+b2) ...
Setting up dh-autoreconf (20) ...
Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ...
Setting up libglib2.0-0t64:arm64 (2.83.3-2) ...
No schema files found: doing nothing.
Setting up libstoken-dev:arm64 (0.92-1.1+b2) ...
Setting up libp11-kit0:arm64 (0.25.5-3) ...
Setting up ucf (3.0049) ...
Setting up libreadline8t64:arm64 (8.2-6) ...
Setting up dh-strip-nondeterminism (1.14.1-2) ...
Setting up libnss3-dev:arm64 (2:3.107-1) ...
Setting up groff-base (1.23.0-7) ...
Setting up libpython3.13-stdlib:arm64 (3.13.2-1) ...
Setting up libp11-kit-dev:arm64 (0.25.5-3) ...
Setting up libpython3-stdlib:arm64 (3.13.1-2) ...
Setting up libgnutls30t64:arm64 (3.8.9-2) ...
Setting up softhsm2-common (2.6.1-2.2+b3) ...
Creating config file /etc/softhsm/softhsm2.conf with new version
Setting up python3.13 (3.13.2-1) ...
Setting up po-debconf (1.0.21+nmu1) ...
Setting up expect (5.45.4-3+b1) ...
Setting up python3 (3.13.1-2) ...
Setting up python3-zipp (3.21.0-1) ...
Setting up python3-autocommand (2.2.2-3) ...
Setting up man-db (2.13.0-1) ...
Not building database; man-db/auto-update is not 'true'.
Setting up opensc-pkcs11:arm64 (0.26.0-1) ...
Setting up p11-kit-modules:arm64 (0.25.5-3) ...
Setting up libgnutls-dane0t64:arm64 (3.8.9-2) ...
Setting up python3-typing-extensions (4.12.2-2) ...
Setting up p11-kit (0.25.5-3) ...
Setting up gnutls-bin (3.8.9-2) ...
Setting up python3-more-itertools (10.6.0-1) ...
Setting up libsofthsm2 (2.6.1-2.2+b3) ...
Setting up softhsm2 (2.6.1-2.2+b3) ...
Setting up python3-jaraco.functools (4.1.0-1) ...
Setting up python3-jaraco.context (6.0.0-1) ...
Setting up opensc (0.26.0-1) ...
Setting up python3-typeguard (4.4.1-1) ...
Setting up debhelper (13.24.1) ...
Setting up python3-inflect (7.3.1-2) ...
Setting up python3-jaraco.text (4.0.0-1) ...
Setting up python3-pkg-resources (75.6.0-1) ...
Setting up dh-package-notes (0.15) ...
Setting up python3-setuptools (75.6.0-1) ...
Setting up meson (1.7.0-1) ...
Processing triggers for libc-bin (2.40-6) ...
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Writing extended state information...
Building tag database...
-> Finished parsing the build-deps
I: Building the package
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/A99_set_merged_usr starting
Not re-configuring usrmerge for trixie
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/A99_set_merged_usr finished
hostname: Name or service not known
I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes
dpkg-buildpackage: info: source package pkcs11-provider
dpkg-buildpackage: info: source version 1.0-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Luca Boccassi <bluca@debian.org>
dpkg-source --before-build .
dpkg-buildpackage: info: host architecture arm64
debian/rules clean
dh clean --buildsystem=meson
dh_auto_clean -O--buildsystem=meson
dh_autoreconf_clean -O--buildsystem=meson
dh_clean -O--buildsystem=meson
debian/rules binary
dh binary --buildsystem=meson
dh_update_autotools_config -O--buildsystem=meson
dh_autoreconf -O--buildsystem=meson
dh_auto_configure -O--buildsystem=meson
cd obj-aarch64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/aarch64-linux-gnu -Dpython.bytecompile=-1
The Meson build system
Version: 1.7.0
Source dir: /build/reproducible-path/pkcs11-provider-1.0
Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu
Build type: native build
Project name: pkcs11-provider
Project version: 1.0
C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-16) 14.2.0")
C linker for the host machine: cc ld.bfd 2.44
Host machine cpu family: aarch64
Host machine cpu: aarch64
Compiler for C supports arguments -Wwrite-strings: YES
Compiler for C supports arguments -Wpointer-arith: YES
Compiler for C supports arguments -Wno-missing-field-initializers: YES
Compiler for C supports arguments -Wformat: YES
Compiler for C supports arguments -Wshadow: YES
Compiler for C supports arguments -Wno-unused-parameter: YES
Compiler for C supports arguments -Werror=implicit-function-declaration: YES
Compiler for C supports arguments -Werror=missing-prototypes: YES
Compiler for C supports arguments -Werror=format-security: YES
Compiler for C supports arguments -Werror=parentheses: YES
Compiler for C supports arguments -Werror=implicit: YES
Compiler for C supports arguments -Werror=strict-prototypes: YES
Compiler for C supports arguments -fno-strict-aliasing: YES
Compiler for C supports arguments -fno-delete-null-pointer-checks: YES
Compiler for C supports arguments -fdiagnostics-show-option: YES
Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1
Run-time dependency libcrypto found: YES 3.4.0
Run-time dependency libssl found: YES 3.4.0
Run-time dependency p11-kit-1 found: YES 0.25.5
Has header "dlfcn.h" : YES
Configuring config.h using configuration
Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES
Did not find CMake 'cmake'
Found CMake: NO
Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake)
Run-time dependency nss found: YES 3.107
Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh)
Program valgrind found: NO
Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper)
Build targets in project: 12
pkcs11-provider 1.0
User defined options
buildtype : plain
libdir : lib/aarch64-linux-gnu
localstatedir : /var
prefix : /usr
python.bytecompile: -1
sysconfdir : /etc
wrap_mode : nodownload
Found ninja-1.12.1 at /usr/bin/ninja
dh_auto_build -O--buildsystem=meson
cd obj-aarch64-linux-gnu && LC_ALL=C.UTF-8 ninja -j12 -v
[1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c
[2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c
[3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c
[4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c
[5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c
[6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c
[7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c
[8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c
[9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c
[10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c
[11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c
[12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c
[13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c
[14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c
[15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c
[16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c
[17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c
[18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c
[19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c
[20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/aarch64-linux-gnu/libcrypto.so
dh_auto_test -O--buildsystem=meson
cd obj-aarch64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=12 meson test --verbose
ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu'
[1/29] Compiling C object tests/tdigests.p/tdigests.c.o
[2/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o
[3/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o
[4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o
[5/29] Compiling C object tests/tlsctx.p/tlsctx.c.o
[6/29] Compiling C object tests/tsession.p/tsession.c.o
[7/29] Compiling C object tests/tgenkey.p/util.c.o
[8/29] Compiling C object tests/tlsctx.p/util.c.o
[9/29] Compiling C object tests/tpkey.p/tpkey.c.o
[10/29] Compiling C object tests/tcmpkeys.p/util.c.o
[11/29] Compiling C object tests/tfork.p/util.c.o
[12/29] Compiling C object tests/ccerts.p/ccerts.c.o
[13/29] Linking target tests/tsession
[14/29] Linking target tests/tdigests
[15/29] Linking target tests/treadkeys
[16/29] Compiling C object tests/tpkey.p/util.c.o
[17/29] Compiling C object tests/tfork.p/tfork.c.o
[18/29] Linking target tests/tlsctx
[19/29] Compiling C object tests/tlssetkey.p/util.c.o
[20/29] Compiling C object tests/pincache.p/pincache.c.o
[21/29] Compiling C object tests/tgenkey.p/tgenkey.c.o
[22/29] Compiling C object tests/ccerts.p/util.c.o
[23/29] Linking target tests/tcmpkeys
[24/29] Linking target tests/tpkey
[25/29] Linking target tests/tfork
[26/29] Linking target tests/tlssetkey
[27/29] Linking target tests/pincache
[28/29] Linking target tests/tgenkey
[29/29] Linking target tests/ccerts
1/92 pkcs11-provider:softokn / setup RUNNING
>>> SOFTOKNPATH=/usr/lib/aarch64-linux-gnu P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so MALLOC_PERTURB_=123 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests
++ helper_emit=1
++ grep -q 'GNU sed'
++ sed --version
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=softokn
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
++ grep OpenSC
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' softokn == softhsm ']'
+ '[' softokn == softokn ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh
++ title SECTION 'Setup NSS Softokn'
++ case "$1" in
++ shift 1
++ echo '########################################'
++ echo '## Setup NSS Softokn'
++ echo ''
########################################
## Setup NSS Softokn
++ command -v certutil
++ echo 'NSS'\''s certutil command is required'
++ exit 0
NSS's certutil command is required
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
1/92 pkcs11-provider:softokn / setup OK 0.04s
2/92 pkcs11-provider:softhsm / setup RUNNING
>>> SOFTOKNPATH=/usr/lib/aarch64-linux-gnu P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so MESON_TEST_ITERATION=1 MALLOC_PERTURB_=167 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests
++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=softhsm
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' softhsm == softhsm ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh
++ title SECTION 'Searching for SoftHSM PKCS#11 library'
++ case "$1" in
++ shift 1
++ echo '########################################'
++ echo '## Searching for SoftHSM PKCS#11 library'
++ echo ''
++ command -v softhsm2-util
########################################
## Searching for SoftHSM PKCS#11 library
+++++ type -p softhsm2-util
++++ dirname /usr/bin/softhsm2-util
+++ dirname /usr/bin
++ softhsm_prefix=/usr
++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
++ for _lib in "$@"
++ test -f /usr/lib64/softhsm/libsofthsm2.so
++ for _lib in "$@"
++ test -f /usr/lib/softhsm/libsofthsm2.so
++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so'
Using softhsm path /usr/lib/softhsm/libsofthsm2.so
++ P11LIB=/usr/lib/softhsm/libsofthsm2.so
++ return
++ export P11LIB
++ title SECTION 'Set up testing system'
++ case "$1" in
++ shift 1
++ echo '########################################'
########################################
## Set up testing system
++ echo '## Set up testing system'
++ echo ''
++ cat
++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf
++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf
++ export 'TOKENLABEL=SoftHSM Token'
++ TOKENLABEL='SoftHSM Token'
++ export TOKENLABELURI=SoftHSM%20Token
++ TOKENLABELURI=SoftHSM%20Token
++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678
Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 452100771
++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state'
++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state'
++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf'
++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf'
++ export TESTPORT=32000
++ TESTPORT=32000
++ export SUPPORT_ALLOWED_MECHANISMS=1
++ SUPPORT_ALLOWED_MECHANISMS=1
+ SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/noisefile.bin
+ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1
+ RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/64krandom.bin
+ dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32
++ uname
+ '[' Linux == Darwin ']'
++ type -p certtool
+ certtool=/usr/bin/certtool
+ '[' -z /usr/bin/certtool ']'
+ P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}")
+ cat
+ SERIAL=1
+ title LINE 'Creating new Self Sign CA'
+ case "$1" in
+ shift 1
+ echo 'Creating new Self Sign CA'
+ KEYID=0000
+ URIKEYID=%00%00
+ CACRTN=caCert
Creating new Self Sign CA
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000
Key pair generated:
Private Key Object; RSA
label: caCert
ID: 0000
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=private
Public Key Object; RSA 2048 bits
label: caCert
ID: 0000
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=public
+ crt_selfsign caCert Issuer 0000
+ LABEL=caCert
+ CN=Issuer
+ KEYID=0000
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg
+ /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 02
Validity:
Not Before: Tue Feb 18 04:28:41 UTC 2025
Not After: Wed Feb 18 04:28:41 UTC 2026
Subject: CN=Issuer
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:d0:f5:02:fb:a9:68:70:e8:25:4a:cf:77:67:0c:11
30:64:49:9e:31:6a:32:17:00:fe:e7:5e:4b:5f:62:34
03:7c:22:5f:84:6e:8b:29:fb:77:e9:0e:7f:65:11:95
0c:ea:db:80:b6:be:13:74:ac:2e:a3:fc:4a:76:f5:1c
3e:65:6b:76:e7:39:e3:19:96:6b:e1:2c:8d:35:29:1a
8f:2a:99:06:3f:65:ad:69:a8:cf:9c:02:ba:55:b2:7c
21:18:69:bd:57:6c:74:9b:3e:58:24:32:8e:78:7f:0a
ae:f4:55:89:e3:d3:29:b8:12:c3:2b:95:26:e4:d9:a1
0e:86:b9:24:56:a4:7d:5e:49:46:2e:e9:2c:42:db:f3
42:49:ed:2d:2b:11:5a:f8:56:af:4a:d0:bc:cf:5a:e5
1a:f2:cc:c7:8c:20:77:2e:00:d1:d4:31:38:92:fb:f0
59:be:7e:d9:0f:c0:7f:6b:a0:41:cd:95:5e:fb:47:85
0c:eb:b9:61:ca:da:e7:b2:8d:0f:17:47:aa:c4:bb:07
28:9f:53:4c:79:ab:92:ab:87:c4:3a:00:44:14:aa:6f
cb:70:df:e0:39:0a:f8:67:22:53:c5:10:73:74:5d:1d
32:d7:19:8a:ab:4a:49:d2:34:5d:ae:17:e8:6b:8a:52
d1
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Certificate signing.
Subject Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:ae980b24570c15483b0f2742cdabc57d0789a639
sha256:f10f75dc31fdb5af1da7f18bb771f98a9199ddba53d862d2ebd807fd1c9f52c1
Public Key PIN:
pin-sha256:8Q913DH9ta8dp/GLt3H5ipGZ3bpT2GLS69gH/RyfUsE=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert
Created certificate:
Certificate Object; type = X.509 cert
label: caCert
subject: DN: CN=Issuer
serial: 02
ID: 0000
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert
+ CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
+ CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt
+ openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
+ CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678'
+ CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ CABASEURI=pkcs11:id=%00%00
+ CAPUBURI='pkcs11:type=public;id=%00%00'
+ CAPRIURI='pkcs11:type=private;id=%00%00'
+ CACRTURI='pkcs11:type=cert;object=caCert'
+ title LINE 'RSA PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA PKCS11 URIS'
RSA PKCS11 URIS
+ echo 'pkcs11:id=%00%00?pin-value=12345678'
+ echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%00
+ echo 'pkcs11:type=public;id=%00%00'
+ echo 'pkcs11:type=private;id=%00%00'
+ echo 'pkcs11:type=cert;object=caCert'
pkcs11:id=%00%00?pin-value=12345678
pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%00
pkcs11:type=public;id=%00%00
pkcs11:type=private;id=%00%00
pkcs11:type=cert;object=caCert
+ echo ''
+ cat /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg
+ echo 'organization = "PKCS11 Provider"'
+ sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ KEYID=0001
+ URIKEYID=%00%01
+ TSTCRTN=testCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001
Key pair generated:
Private Key Object; RSA
label: testCert
ID: 0001
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=private
Public Key Object; RSA 2048 bits
label: testCert
ID: 0001
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=public
+ ca_sign testCert 'My Test Cert' 0001
+ LABEL=testCert
+ CN='My Test Cert'
+ KEYID=0001
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:42 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 03
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My Test Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:ba:99:2c:c0:10:db:26:8a:71:57:22:69:ca:f2:c3
b7:cb:e3:dc:8f:b2:36:aa:f1:07:e9:fc:9d:da:bd:99
b1:32:88:33:cd:29:5f:e2:49:24:7b:ab:d4:c3:d7:a9
d8:8a:8b:23:0a:ed:f0:75:64:7f:f4:ae:7b:6f:17:d1
f2:b6:9e:b7:e8:11:72:15:a8:af:b8:24:33:24:31:9b
cc:a7:1b:3f:eb:65:2a:3a:9a:2b:a7:e6:09:a6:bb:e5
b0:c2:42:66:a1:43:cf:b8:c9:8f:6d:48:62:4a:db:2a
23:3a:99:98:ba:83:99:6d:91:79:69:82:ce:2a:ea:9d
b7:fa:aa:32:96:4f:9f:03:e3:78:77:f4:9c:b6:2a:4d
77:6e:07:d0:ea:c5:37:fd:89:f9:1f:3c:5e:50:16:d3
e4:7a:dc:28:b2:9d:48:d0:c3:8e:e5:a7:0e:28:57:cd
49:9a:8a:6a:03:82:d5:f0:e1:26:bc:93:7e:c3:fa:b7
6f:04:c0:52:a9:d2:e1:0e:56:ec:c7:7c:85:bb:ff:d9
23:02:db:ee:53:3f:69:b5:f3:21:12:67:08:c1:72:33
4a:06:2f:32:78:12:4b:52:bf:85:aa:d3:e8:30:cc:63
4c:1e:81:47:a6:9a:ff:d3:62:ca:d5:c8:d0:d1:a8:4f
b7
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
42a1f9148fe5752085fa43a795c9f28ea22fbc30
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:42a1f9148fe5752085fa43a795c9f28ea22fbc30
sha256:161691abc0d9ce19beabe29e7d447c0fb7baff0ca9aa909e7554f06fa73c88cf
Public Key PIN:
pin-sha256:FhaRq8DZzhm+q+KefUR8D7e6/wypqpCedVTwb6c8iM8=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert
Created certificate:
Certificate Object; type = X.509 cert
label: testCert
subject: DN: O=PKCS11 Provider, CN=My Test Cert
serial: 03
ID: 0001
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert
+ BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678'
+ BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ BASEURI=pkcs11:id=%00%01
+ PUBURI='pkcs11:type=public;id=%00%01'
+ PRIURI='pkcs11:type=private;id=%00%01'
+ CRTURI='pkcs11:type=cert;object=testCert'
+ title LINE 'RSA PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA PKCS11 URIS'
RSA PKCS11 URIS
pkcs11:id=%00%01?pin-value=12345678
pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%01
pkcs11:type=public;id=%00%01
pkcs11:type=private;id=%00%01
pkcs11:type=cert;object=testCert
+ echo 'pkcs11:id=%00%01?pin-value=12345678'
+ echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%01
+ echo 'pkcs11:type=public;id=%00%01'
+ echo 'pkcs11:type=private;id=%00%01'
+ echo 'pkcs11:type=cert;object=testCert'
+ echo ''
+ KEYID=0002
+ URIKEYID=%00%02
+ ECCRTN=ecCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002
Key pair generated:
Private Key Object; EC
label: ecCert
ID: 0002
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410444aba8b3619585354435321c04963cd8f021dd4510de43bb80bb6e9784e74920504698ba5d28c2f5ccabbb5223da40c6bf33a4820ddeb526c713fd966bd96631
EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
label: ecCert
ID: 0002
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public
+ ca_sign ecCert 'My EC Cert' 0002
+ LABEL=ecCert
+ CN='My EC Cert'
+ KEYID=0002
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:42 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 04
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My EC Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: High (256 bits)
Curve: SECP256R1
X:
44:ab:a8:b3:61:95:85:35:44:35:32:1c:04:96:3c:d8
f0:21:dd:45:10:de:43:bb:80:bb:6e:97:84:e7:49:20
Y:
50:46:98:ba:5d:28:c2:f5:cc:ab:bb:52:23:da:40:c6
bf:33:a4:82:0d:de:b5:26:c7:13:fd:96:6b:d9:66:31
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
a8b9e522eed708a14309c5dbc3674e0921c9695e
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:a8b9e522eed708a14309c5dbc3674e0921c9695e
sha256:0ffb6e199c09497c915781403b2c3d56652520f439b7341b744ab4e46b8a9712
Public Key PIN:
pin-sha256:D/tuGZwJSXyRV4FAOyw9VmUlIPQ5tzQbdEq05GuKlxI=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert
Created certificate:
Certificate Object; type = X.509 cert
label: ecCert
subject: DN: O=PKCS11 Provider, CN=My EC Cert
serial: 04
ID: 0002
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert
+ ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678'
+ ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASEURI=pkcs11:id=%00%02
+ ECPUBURI='pkcs11:type=public;id=%00%02'
+ ECPRIURI='pkcs11:type=private;id=%00%02'
+ ECCRTURI='pkcs11:type=cert;object=ecCert'
+ KEYID=0003
+ URIKEYID=%00%03
+ ECPEERCRTN=ecPeerCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003
Key pair generated:
Private Key Object; EC
label: ecPeerCert
ID: 0003
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104dc0f8348cae4d8cbe046e8204eb10bb158f9115367e70f4d5ec85f12a46f7fa6eea739852ee0523131d1bfe7ba4a6c1cd4c3ea9c205249e032fa46420d7f7fa9
EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
label: ecPeerCert
ID: 0003
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public
+ crt_selfsign ecPeerCert 'My Peer EC Cert' 0003
+ LABEL=ecPeerCert
+ CN='My Peer EC Cert'
+ KEYID=0003
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg
+ /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 05
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My Peer EC Cert
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: High (256 bits)
Curve: SECP256R1
X:
00:dc:0f:83:48:ca:e4:d8:cb:e0:46:e8:20:4e:b1:0b
b1:58:f9:11:53:67:e7:0f:4d:5e:c8:5f:12:a4:6f:7f
a6
Y:
00:ee:a7:39:85:2e:e0:52:31:31:d1:bf:e7:ba:4a:6c
1c:d4:c3:ea:9c:20:52:49:e0:32:fa:46:42:0d:7f:7f
a9
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Certificate signing.
Subject Key Identifier (not critical):
8b4ff19ad5bac78a33612cf623089ef26fdbde69
Other Information:
Public Key ID:
sha1:8b4ff19ad5bac78a33612cf623089ef26fdbde69
sha256:355744e1d01bcce0cb86cd062747c51cde67031f8c835de81d4c9a023fa925fb
Public Key PIN:
pin-sha256:NVdE4dAbzODLhs0GJ0fFHN5nAx+Mg13oHUyaAj+pJfs=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert
Created certificate:
Certificate Object; type = X.509 cert
label: ecPeerCert
subject: DN: CN=My Peer EC Cert
serial: 05
ID: 0003
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert
+ ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678'
+ ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECPEERBASEURI=pkcs11:id=%00%03
+ ECPEERPUBURI='pkcs11:type=public;id=%00%03'
+ ECPEERPRIURI='pkcs11:type=private;id=%00%03'
+ ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert'
+ title LINE 'EC PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC PKCS11 URIS'
+ echo 'pkcs11:id=%00%02?pin-value=12345678'
EC PKCS11 URIS
pkcs11:id=%00%02?pin-value=12345678
+ echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%02
pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%02
+ echo 'pkcs11:type=public;id=%00%02'
+ echo 'pkcs11:type=private;id=%00%02'
+ echo 'pkcs11:type=cert;object=ecCert'
+ echo 'pkcs11:id=%00%03?pin-value=12345678'
+ echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%03
pkcs11:type=public;id=%00%02
pkcs11:type=private;id=%00%02
pkcs11:type=cert;object=ecCert
pkcs11:id=%00%03?pin-value=12345678
pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%03
pkcs11:type=public;id=%00%03
+ echo 'pkcs11:type=public;id=%00%03'
+ echo 'pkcs11:type=private;id=%00%03'
+ echo 'pkcs11:type=cert;object=ecPeerCert'
+ echo ''
pkcs11:type=private;id=%00%03
pkcs11:type=cert;object=ecPeerCert
+ '[' 1 -eq 1 ']'
+ KEYID=0004
+ URIKEYID=%00%04
+ EDCRTN=edCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004
Key pair generated:
Private Key Object; EC_EDWARDS
label: edCert
ID: 0004
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=private
Public Key Object; EC_EDWARDS EC_POINT 272 bits
EC_POINT: 0420422f76ec8b59d6382f833cf11e2e20125084dd34299c5d9de58c12b85bbe2c8f
EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519)
label: edCert
ID: 0004
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=public
+ ca_sign edCert 'My ED25519 Cert' 0004
+ LABEL=edCert
+ CN='My ED25519 Cert'
+ KEYID=0004
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:42 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 06
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My ED25519 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EdDSA (Ed25519)
Algorithm Security Level: High (256 bits)
Curve: Ed25519
X:
42:2f:76:ec:8b:59:d6:38:2f:83:3c:f1:1e:2e:20:12
50:84:dd:34:29:9c:5d:9d:e5:8c:12:b8:5b:be:2c:8f
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
359cb5dd1bcf44c06bee39037810363a50e9d8bb
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:359cb5dd1bcf44c06bee39037810363a50e9d8bb
sha256:15cd7a59295e69cc1de3f7c5fa8f01c83f0cd077467aa2d048edf3955d73623a
Public Key PIN:
pin-sha256:Fc16WSleacwd4/fF+o8ByD8M0HdGeqLQSO3zlV1zYjo=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert
Created certificate:
Certificate Object; type = X.509 cert
label: edCert
subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert
serial: 06
ID: 0004
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert
+ EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678'
+ EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ EDBASEURI=pkcs11:id=%00%04
+ EDPUBURI='pkcs11:type=public;id=%00%04'
+ EDPRIURI='pkcs11:type=private;id=%00%04'
+ EDCRTURI='pkcs11:type=cert;object=edCert'
+ title LINE 'ED25519 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'ED25519 PKCS11 URIS'
+ echo 'pkcs11:id=%00%04;pin-value=12345678'
+ echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
ED25519 PKCS11 URIS
pkcs11:id=%00%04;pin-value=12345678
pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%04
+ echo pkcs11:id=%00%04
+ echo 'pkcs11:type=public;id=%00%04'
+ echo 'pkcs11:type=private;id=%00%04'
+ echo 'pkcs11:type=cert;object=edCert'
pkcs11:type=public;id=%00%04
pkcs11:type=private;id=%00%04
pkcs11:type=cert;object=edCert
+ '[' 1 -eq 1 ']'
+ KEYID=0009
+ URIKEYID=%00%09
+ ED2CRTN=ed2Cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009
Key pair generated:
Private Key Object; EC_EDWARDS
label: ed2Cert
ID: 0009
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private
Public Key Object; EC_EDWARDS EC_POINT 472 bits
EC_POINT: 0439ace2dde15d7bf5dc470990aef97dea45f3fa2d8487a0279ee734074277201a8b3bb9f71f4513af1706fc93d4861f219b06a6d26628f282aa00
EC_PARAMS: 06032b6571 (OID 1.3.101.113)
label: ed2Cert
ID: 0009
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public
+ ca_sign ed2Cert 'My ED448 Cert' 0009
+ LABEL=ed2Cert
+ CN='My ED448 Cert'
+ KEYID=0009
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:42 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 07
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My ED448 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: EdDSA (Ed448)
Algorithm Security Level: Ultra (456 bits)
Curve: Ed448
X:
ac:e2:dd:e1:5d:7b:f5:dc:47:09:90:ae:f9:7d:ea:45
f3:fa:2d:84:87:a0:27:9e:e7:34:07:42:77:20:1a:8b
3b:b9:f7:1f:45:13:af:17:06:fc:93:d4:86:1f:21:9b
06:a6:d2:66:28:f2:82:aa:00
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
b2e643e9601254d6e70f91e1586ac2185c13f7d5
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:b2e643e9601254d6e70f91e1586ac2185c13f7d5
sha256:6b2bbc9fa5d4f4e3196fb57da2e4700a1262ff5b80d6975d704467744d90c50f
Public Key PIN:
pin-sha256:ayu8n6XU9OMZb7V9ouRwChJi/1uA1pddcERndE2QxQ8=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert
Created certificate:
Certificate Object; type = X.509 cert
label: ed2Cert
subject: DN: O=PKCS11 Provider, CN=My ED448 Cert
serial: 07
ID: 0009
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert
+ ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678'
+ ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ ED2BASEURI=pkcs11:id=%00%09
+ ED2PUBURI='pkcs11:type=public;id=%00%09'
+ ED2PRIURI='pkcs11:type=private;id=%00%09'
+ ED2CRTURI='pkcs11:type=cert;object=ed2Cert'
+ title LINE 'ED448 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'ED448 PKCS11 URIS'
ED448 PKCS11 URIS
pkcs11:id=%00%09;pin-value=12345678
pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%09
pkcs11:type=public;id=%00%09
pkcs11:type=private;id=%00%09
pkcs11:type=cert;object=ed2Cert
+ echo 'pkcs11:id=%00%09;pin-value=12345678'
+ echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%09
+ echo 'pkcs11:type=public;id=%00%09'
+ echo 'pkcs11:type=private;id=%00%09'
+ echo 'pkcs11:type=cert;object=ed2Cert'
+ title PARA 'generate RSA key pair, self-signed certificate, remove public key'
+ case "$1" in
+ shift 1
## generate RSA key pair, self-signed certificate, remove public key
+ echo ''
+ echo '## generate RSA key pair, self-signed certificate, remove public key'
+ '[' -f '' ']'
+ KEYID=0005
+ URIKEYID=%00%05
+ TSTCRTN=testCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005
Key pair generated:
Private Key Object; RSA
label: testCert2
ID: 0005
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private
Public Key Object; RSA 2048 bits
label: testCert2
ID: 0005
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public
+ ca_sign testCert2 'My Test Cert 2' 0005
+ LABEL=testCert2
+ CN='My Test Cert 2'
+ KEYID=0005
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:42 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 08
Validity:
Not Before: Tue Feb 18 04:28:42 UTC 2025
Not After: Wed Feb 18 04:28:42 UTC 2026
Subject: CN=My Test Cert 2,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:bd:05:03:1a:98:82:76:2d:f1:49:3d:23:42:7f:54
71:22:c0:7f:cd:55:33:b8:79:d2:3e:d1:90:10:3e:f7
19:c5:7a:bb:14:7e:05:b7:eb:29:ef:1a:69:db:75:1d
35:b2:75:4c:ec:70:f1:ba:66:93:9b:85:31:a7:02:5a
d4:28:78:2a:ac:33:a7:04:61:f2:ee:19:9d:1a:3a:95
fb:c2:f2:be:df:d9:93:9a:54:8d:66:f4:1e:22:53:09
a9:76:08:40:16:87:fa:6a:9b:37:33:ac:bd:6e:95:e0
c4:f5:09:4e:ea:f1:83:8f:36:03:cc:b3:05:97:46:c0
a6:fa:43:5a:79:7e:85:2b:7e:a3:9a:b9:9c:6a:f1:40
0d:c9:7d:ff:9d:79:8d:f2:ce:05:fa:b3:cb:cb:4b:e7
f4:22:16:3d:76:af:a1:7d:e0:cd:9f:7d:dc:55:67:6a
16:47:5a:f3:8c:71:1f:36:f5:8b:03:1c:63:60:77:39
06:6f:fe:9b:5e:c1:f2:c8:b2:66:ad:52:50:91:84:29
df:ee:08:e7:89:4b:f4:1c:c1:e3:ca:d5:86:3b:63:89
1c:70:b9:6a:88:3b:01:04:63:c0:76:28:4b:a2:13:b1
d7:f7:2d:e7:88:dd:31:4b:83:c9:d1:4d:31:02:fd:de
51
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
2749ed9b0d63c9812364af9af2888a28fe551671
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:2749ed9b0d63c9812364af9af2888a28fe551671
sha256:fd3a59e368e0ccbf2e020b1f570ca1368494020650c7cff89443077bff4224dc
Public Key PIN:
pin-sha256:/TpZ42jgzL8uAgsfVwyhNoSUAgZQx8/4lEMHe/9CJNw=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2
Created certificate:
Certificate Object; type = X.509 cert
label: testCert2
subject: DN: O=PKCS11 Provider, CN=My Test Cert 2
serial: 08
ID: 0005
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005
+ BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678'
+ BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ BASE2URI=pkcs11:id=%00%05
+ PRI2URI='pkcs11:type=private;id=%00%05'
+ CRT2URI='pkcs11:type=cert;object=testCert2'
+ title LINE 'RSA2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA2 PKCS11 URIS'
+ echo 'pkcs11:id=%00%05?pin-value=12345678'
+ echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%05
+ echo 'pkcs11:type=private;id=%00%05'
+ echo 'pkcs11:type=cert;object=testCert2'
+ echo ''
+ title PARA 'generate EC key pair, self-signed certificate, remove public key'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## generate EC key pair, self-signed certificate, remove public key'
+ '[' -f '' ']'
+ KEYID=0006
+ URIKEYID=%00%06
+ TSTCRTN=ecCert2
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006
RSA2 PKCS11 URIS
pkcs11:id=%00%05?pin-value=12345678
pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%05
pkcs11:type=private;id=%00%05
pkcs11:type=cert;object=testCert2
## generate EC key pair, self-signed certificate, remove public key
Key pair generated:
Private Key Object; EC
label: ecCert2
ID: 0006
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private
Public Key Object; EC EC_POINT 384 bits
EC_POINT: 0461040b2860f279f1403156f0186cdf10f05aae868199b71cdc99f1abc5476aa3ed70a01272a7173517654af2f0a1d28168f5885cf50abd8e3db07b6eefb4166f703714cbac6bb9349fff4a4979fd041c0b70a37014c4a79572992005a78bae4de484
EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34)
label: ecCert2
ID: 0006
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public
+ ca_sign ecCert2 'My EC Cert 2' 0006
+ LABEL=ecCert2
+ CN='My EC Cert 2'
+ KEYID=0006
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:43 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 09
Validity:
Not Before: Tue Feb 18 04:28:43 UTC 2025
Not After: Wed Feb 18 04:28:43 UTC 2026
Subject: CN=My EC Cert 2,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Ultra (384 bits)
Curve: SECP384R1
X:
0b:28:60:f2:79:f1:40:31:56:f0:18:6c:df:10:f0:5a
ae:86:81:99:b7:1c:dc:99:f1:ab:c5:47:6a:a3:ed:70
a0:12:72:a7:17:35:17:65:4a:f2:f0:a1:d2:81:68:f5
Y:
00:88:5c:f5:0a:bd:8e:3d:b0:7b:6e:ef:b4:16:6f:70
37:14:cb:ac:6b:b9:34:9f:ff:4a:49:79:fd:04:1c:0b
70:a3:70:14:c4:a7:95:72:99:20:05:a7:8b:ae:4d:e4
84
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
23aadada9d98d07c531a5034a447518862504ff5
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:23aadada9d98d07c531a5034a447518862504ff5
sha256:a791db08f1c7aba1bc094d63cc2a91886ec4c121342f4828fbfa3ec6f4ccd9e1
Public Key PIN:
pin-sha256:p5HbCPHHq6G8CU1jzCqRiG7EwSE0L0go+/o+xvTM2eE=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2
Created certificate:
Certificate Object; type = X.509 cert
label: ecCert2
subject: DN: O=PKCS11 Provider, CN=My EC Cert 2
serial: 09
ID: 0006
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006
+ ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678'
+ ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASE2URI=pkcs11:id=%00%06
+ ECPRI2URI='pkcs11:type=private;id=%00%06'
+ ECCRT2URI='pkcs11:type=cert;object=ecCert2'
+ title LINE 'EC2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC2 PKCS11 URIS'
EC2 PKCS11 URIS
+ echo 'pkcs11:id=%00%06?pin-value=12345678'
+ echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%06
+ echo 'pkcs11:type=private;id=%00%06'
+ echo 'pkcs11:type=cert;object=ecCert2'
+ echo ''
pkcs11:id=%00%06?pin-value=12345678
pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%06
pkcs11:type=private;id=%00%06
pkcs11:type=cert;object=ecCert2
+ '[' -z '' ']'
+ title PARA 'explicit EC unsupported'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## explicit EC unsupported'
+ '[' -f '' ']'
## explicit EC unsupported
+ title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate'
## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate
+ '[' -f '' ']'
+ KEYID=0008
+ URIKEYID=%00%08
+ TSTCRTN=ecCert3
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth
Key pair generated:
Private Key Object; EC
label: ecCert3
ID: 0008
Usage: decrypt, sign, signRecover, unwrap, derive
Access: always authenticate, sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private
Public Key Object; EC EC_POINT 528 bits
EC_POINT: 0481850401ff8e0bc71b6452fb28803024b1710338a7103c2fa323984b2b6dd86d768aea2f51bb5e36c7800aab83d592773471c5e88f6975f2ce81e587cbf0120b52ada0114c00f309eae3da4747ec4c0c1e236965702b866b6a008d29245cac038ea4828cc401aed62bd694fa8d4f04505afd4b39785bf23437a8c6c9f259b3e4ed6a29b739392f
EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35)
label: ecCert3
ID: 0008
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public
+ ca_sign ecCert3 'My EC Cert 3' 0008
+ LABEL=ecCert3
+ CN='My EC Cert 3'
+ KEYID=0008
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private'
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:43 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0a
Validity:
Not Before: Tue Feb 18 04:28:43 UTC 2025
Not After: Wed Feb 18 04:28:43 UTC 2026
Subject: CN=My EC Cert 3,O=PKCS11 Provider
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Future (528 bits)
Curve: SECP521R1
X:
01:ff:8e:0b:c7:1b:64:52:fb:28:80:30:24:b1:71:03
38:a7:10:3c:2f:a3:23:98:4b:2b:6d:d8:6d:76:8a:ea
2f:51:bb:5e:36:c7:80:0a:ab:83:d5:92:77:34:71:c5
e8:8f:69:75:f2:ce:81:e5:87:cb:f0:12:0b:52:ad:a0
11:4c
Y:
00:f3:09:ea:e3:da:47:47:ec:4c:0c:1e:23:69:65:70
2b:86:6b:6a:00:8d:29:24:5c:ac:03:8e:a4:82:8c:c4
01:ae:d6:2b:d6:94:fa:8d:4f:04:50:5a:fd:4b:39:78
5b:f2:34:37:a8:c6:c9:f2:59:b3:e4:ed:6a:29:b7:39
39:2f
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Subject Key Identifier (not critical):
4e3fe7eb63ed8dc48d88a44e28ea2ebfd8c840a1
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:4e3fe7eb63ed8dc48d88a44e28ea2ebfd8c840a1
sha256:8695dcbdbf303a2cd800ba5f525094373edde87dee4116eee94b8f24295e64be
Public Key PIN:
pin-sha256:hpXcvb8wOizYALpfUlCUNz7d6H3uQRbu6UuPJCleZL4=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3
Created certificate:
Certificate Object; type = X.509 cert
label: ecCert3
subject: DN: O=PKCS11 Provider, CN=My EC Cert 3
serial: 0A
ID: 0008
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert
+ ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678'
+ ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ ECBASE3URI=pkcs11:id=%00%08
+ ECPUB3URI='pkcs11:type=public;id=%00%08'
+ ECPRI3URI='pkcs11:type=private;id=%00%08'
+ ECCRT3URI='pkcs11:type=cert;object=ecCert3'
+ title LINE 'EC3 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'EC3 PKCS11 URIS'
+ echo 'pkcs11:id=%00%08?pin-value=12345678'
+ echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%08
+ echo 'pkcs11:type=public;id=%00%08'
+ echo 'pkcs11:type=private;id=%00%08'
+ echo 'pkcs11:type=cert;object=ecCert3'
+ echo ''
EC3 PKCS11 URIS
pkcs11:id=%00%08?pin-value=12345678
pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%08
pkcs11:type=public;id=%00%08
pkcs11:type=private;id=%00%08
pkcs11:type=cert;object=ecCert3
+ '[' 1 -eq 1 ']'
+ KEYID=0010
+ URIKEYID=%00%10
+ TSTCRTN=testRsaPssCert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS
Key pair generated:
Private Key Object; RSA
label: testRsaPssCert
ID: 0010
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private
Public Key Object; RSA 2048 bits
label: testRsaPssCert
ID: 0010
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public
+ ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS
+ LABEL=testRsaPssCert
+ CN='My RsaPss Cert'
+ KEYID=0010
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:43 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0b
Validity:
Not Before: Tue Feb 18 04:28:43 UTC 2025
Not After: Wed Feb 18 04:28:43 UTC 2026
Subject: CN=My RsaPss Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:cd:fa:ba:38:bd:5f:8f:3e:d0:47:d9:81:46:09:87
cc:4b:33:6c:b4:70:5f:a8:2b:6f:a4:bd:85:0d:61:08
bc:cf:06:92:1f:cc:47:70:a7:0b:f7:d4:0b:77:36:6f
b5:25:c3:3f:5a:b4:67:81:55:eb:a6:28:be:23:aa:7b
b9:89:ef:3c:94:75:41:82:3c:0a:46:7e:4c:f9:7e:83
32:6a:79:0e:c4:3b:f3:ac:00:f1:9d:be:71:cd:b9:95
15:01:81:e0:e9:ad:cf:7e:9e:9e:1a:1f:f7:9b:f9:c9
b5:2f:87:d7:4c:ee:ee:20:8a:1f:15:05:00:63:e3:81
72:b3:c8:e9:f7:48:7a:34:f4:74:7a:db:02:63:bf:14
66:e5:30:9c:95:1c:0f:cf:85:da:ef:17:74:43:93:70
91:c1:99:65:49:3e:2c:3d:cd:1a:32:fb:bb:54:8b:53
0c:9d:71:91:f4:91:14:49:e6:8e:a0:a5:17:69:4d:3f
48:5f:1c:43:25:32:21:f3:17:f3:09:09:4d:db:f2:40
7f:59:f9:da:28:01:12:15:3b:8d:82:24:b8:db:94:d4
f8:b7:f7:61:48:23:1c:99:ed:42:02:22:29:fe:7b:03
31:e1:ae:9f:d3:3a:f9:db:7a:d6:82:05:12:bc:05:34
33
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
2775376a6fb0aa98287a0ed15d8544cd277bb9f0
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:2775376a6fb0aa98287a0ed15d8544cd277bb9f0
sha256:337f9ae847c81a97b58a743cb9b798be68d529d14e357748c1878791e2584d32
Public Key PIN:
pin-sha256:M3+a6EfIGpe1inQ8ubeYvmjVKdFONXdIwYeHkeJYTTI=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert
Created certificate:
Certificate Object; type = X.509 cert
label: testRsaPssCert
subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert
serial: 0B
ID: 0010
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert
+ RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678'
+ RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ RSAPSSBASEURI=pkcs11:id=%00%10
+ RSAPSSPUBURI='pkcs11:type=public;id=%00%10'
+ RSAPSSPRIURI='pkcs11:type=private;id=%00%10'
+ RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert'
+ title LINE 'RSA-PSS PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA-PSS PKCS11 URIS'
RSA-PSS PKCS11 URIS
pkcs11:id=%00%10?pin-value=12345678
pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%10
pkcs11:type=public;id=%00%10
pkcs11:type=private;id=%00%10
pkcs11:type=cert;object=testRsaPssCert
+ echo 'pkcs11:id=%00%10?pin-value=12345678'
+ echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%10
+ echo 'pkcs11:type=public;id=%00%10'
+ echo 'pkcs11:type=private;id=%00%10'
+ echo 'pkcs11:type=cert;object=testRsaPssCert'
+ echo ''
+ KEYID=0011
+ URIKEYID=%00%11
+ TSTCRTN=testRsaPss2Cert
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS
Key pair generated:
Private Key Object; RSA
label: testRsaPss2Cert
ID: 0011
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
Allowed mechanisms: SHA256-RSA-PKCS-PSS
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private
Public Key Object; RSA 3092 bits
label: testRsaPss2Cert
ID: 0011
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public
+ ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256
+ LABEL=testRsaPss2Cert
+ CN='My RsaPss2 Cert'
+ KEYID=0011
+ shift 3
+ (( SERIAL+=1 ))
+ sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg
+ /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256
Generating a signed certificate...
Expiration time: Wed Feb 18 18:28:44 2026
CA expiration time: Wed Feb 18 18:28:41 2026
Warning: The time set exceeds the CA's expiration time
X.509 Certificate Information:
Version: 3
Serial Number (hex): 0c
Validity:
Not Before: Tue Feb 18 04:28:44 UTC 2025
Not After: Wed Feb 18 04:28:44 UTC 2026
Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (3092 bits)
Modulus (bits 3092):
0b:59:1a:39:8a:88:58:7a:64:19:d7:54:df:c8:69:dd
2d:06:d6:ed:9b:b2:ec:3a:7a:38:83:5b:1f:a3:11:58
e4:36:0f:74:9f:64:1b:0d:74:7b:0c:eb:fb:a2:91:bf
b2:a6:bd:7d:61:86:c3:e9:0c:ab:da:e4:23:9b:7f:df
dd:b2:ef:22:73:81:66:3c:ff:5a:3b:d6:2b:e4:f0:4c
18:75:2a:cf:ca:57:e3:d6:20:50:73:06:f9:8c:0b:c6
e7:42:ba:eb:09:18:a9:f7:d6:c3:9d:4f:ca:fb:10:94
41:7a:90:eb:a8:92:eb:c2:a4:95:fb:75:b6:91:b4:d3
6d:97:92:ba:b0:32:7e:54:53:5a:58:2e:c7:85:0c:f0
28:34:8b:df:e7:c1:d2:be:98:3c:ef:f7:6d:2a:31:c9
aa:b5:dc:dd:37:5d:82:5a:c6:79:77:da:83:63:fe:bb
e5:cb:3d:6d:83:2f:72:47:b7:11:d8:7c:34:49:aa:39
71:20:d3:3b:15:3e:df:89:05:35:38:cb:f4:5d:34:92
5d:1d:17:35:40:2f:a3:fb:51:9d:d6:64:8c:24:5e:b2
49:3f:d3:95:44:50:14:25:30:78:c9:63:0d:6b:49:87
24:f5:d9:84:e9:d6:3a:53:ca:5e:ba:70:6d:15:c5:37
6b:06:d9:a1:2d:bd:90:d5:83:68:b7:17:59:80:67:6c
98:69:5b:ff:24:92:92:41:7d:ab:9e:43:f9:32:5d:18
e3:23:42:1a:47:e3:72:6e:9e:19:83:ff:aa:3d:d2:d4
ac:8e:84:51:1a:80:d0:72:32:e3:72:a2:62:b0:4c:de
e4:6a:e6:f7:d0:15:9e:46:91:54:f6:7a:91:11:55:72
06:f1:09:6f:c5:9f:d8:88:54:26:3c:c6:ea:ac:8f:12
98:db:b7:23:7d:a7:8d:55:67:fa:d4:f0:cc:fc:4e:21
f8:be:d6:99:a2:13:0f:3a:51:9f:7a:ef:24:1d:0d:19
11:a4:c3
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Alternative Name (not critical):
RFC822Name: testcert@example.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
db50d935b2774ea551e6d4ed0aeefc6bc3677dc8
Authority Key Identifier (not critical):
ae980b24570c15483b0f2742cdabc57d0789a639
Other Information:
Public Key ID:
sha1:db50d935b2774ea551e6d4ed0aeefc6bc3677dc8
sha256:b239e1fa271d527593a242e1a924f740e5d6afad412c287bf1363ca20f172043
Public Key PIN:
pin-sha256:sjnh+icdUnWTokLhqST3QOXWr61BLCh78TY8og8XIEM=
Signing certificate...
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert
Created certificate:
Certificate Object; type = X.509 cert
label: testRsaPss2Cert
subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert
serial: 0C
ID: 0011
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert
+ RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678'
+ RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ RSAPSS2BASEURI=pkcs11:id=%00%11
+ RSAPSS2PUBURI='pkcs11:type=public;id=%00%11'
+ RSAPSS2PRIURI='pkcs11:type=private;id=%00%11'
+ RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert'
+ title LINE 'RSA-PSS 2 PKCS11 URIS'
+ case "$1" in
+ shift 1
+ echo 'RSA-PSS 2 PKCS11 URIS'
+ echo 'pkcs11:id=%00%11?pin-value=12345678'
+ echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt'
+ echo pkcs11:id=%00%11
+ echo 'pkcs11:type=public;id=%00%11'
+ echo 'pkcs11:type=private;id=%00%11'
RSA-PSS 2 PKCS11 URIS
pkcs11:id=%00%11?pin-value=12345678
pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt
pkcs11:id=%00%11
pkcs11:type=public;id=%00%11
pkcs11:type=private;id=%00%11
+ echo 'pkcs11:type=cert;object=testRsaPss2Cert'
+ echo ''
pkcs11:type=cert;object=testRsaPss2Cert
+ title PARA 'Show contents of softhsm token'
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## Show contents of softhsm token'
+ '[' -f '' ']'
+ echo ' ----------------------------------------------------------------------------------------------------'
+ pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O
## Show contents of softhsm token
----------------------------------------------------------------------------------------------------
Certificate Object; type = X.509 cert
label: ecCert
subject: DN: O=PKCS11 Provider, CN=My EC Cert
serial: 04
ID: 0002
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410444aba8b3619585354435321c04963cd8f021dd4510de43bb80bb6e9784e74920504698ba5d28c2f5ccabbb5223da40c6bf33a4820ddeb526c713fd966bd96631
EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
label: ecCert
ID: 0002
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public
Certificate Object; type = X.509 cert
label: testRsaPssCert
subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert
serial: 0B
ID: 0010
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert
Public Key Object; EC_EDWARDS EC_POINT 272 bits
EC_POINT: 0420422f76ec8b59d6382f833cf11e2e20125084dd34299c5d9de58c12b85bbe2c8f
EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519)
label: edCert
ID: 0004
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=public
Private Key Object; RSA
label: testCert2
ID: 0005
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private
Private Key Object; RSA
label: testRsaPssCert
ID: 0010
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private
Private Key Object; EC_EDWARDS
label: edCert
ID: 0004
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=private
Certificate Object; type = X.509 cert
label: ed2Cert
subject: DN: O=PKCS11 Provider, CN=My ED448 Cert
serial: 07
ID: 0009
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert
Private Key Object; EC
label: ecCert
ID: 0002
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private
Public Key Object; EC_EDWARDS EC_POINT 472 bits
EC_POINT: 0439ace2dde15d7bf5dc470990aef97dea45f3fa2d8487a0279ee734074277201a8b3bb9f71f4513af1706fc93d4861f219b06a6d26628f282aa00
EC_PARAMS: 06032b6571 (OID 1.3.101.113)
label: ed2Cert
ID: 0009
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public
Certificate Object; type = X.509 cert
label: testCert2
subject: DN: O=PKCS11 Provider, CN=My Test Cert 2
serial: 08
ID: 0005
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert
Public Key Object; RSA 2048 bits
label: testRsaPssCert
ID: 0010
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public
Private Key Object; EC
label: ecCert3
ID: 0008
Usage: decrypt, sign, signRecover, unwrap, derive
Access: always authenticate, sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private
Private Key Object; EC_EDWARDS
label: ed2Cert
ID: 0009
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private
Certificate Object; type = X.509 cert
label: edCert
subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert
serial: 06
ID: 0004
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert
Private Key Object; RSA
label: testRsaPss2Cert
ID: 0011
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
Allowed mechanisms: SHA256-RSA-PKCS-PSS
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private
Private Key Object; RSA
label: caCert
ID: 0000
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=private
Public Key Object; RSA 2048 bits
label: caCert
ID: 0000
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=public
Private Key Object; EC
label: ecCert2
ID: 0006
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private
Certificate Object; type = X.509 cert
label: testRsaPss2Cert
subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert
serial: 0C
ID: 0011
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert
Certificate Object; type = X.509 cert
label: caCert
subject: DN: CN=Issuer
serial: 02
ID: 0000
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert
Certificate Object; type = X.509 cert
label: ecCert3
subject: DN: O=PKCS11 Provider, CN=My EC Cert 3
serial: 0A
ID: 0008
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert
Certificate Object; type = X.509 cert
label: testCert
subject: DN: O=PKCS11 Provider, CN=My Test Cert
serial: 03
ID: 0001
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert
Certificate Object; type = X.509 cert
label: ecCert2
subject: DN: O=PKCS11 Provider, CN=My EC Cert 2
serial: 09
ID: 0006
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert
Public Key Object; EC EC_POINT 528 bits
EC_POINT: 0481850401ff8e0bc71b6452fb28803024b1710338a7103c2fa323984b2b6dd86d768aea2f51bb5e36c7800aab83d592773471c5e88f6975f2ce81e587cbf0120b52ada0114c00f309eae3da4747ec4c0c1e236965702b866b6a008d29245cac038ea4828cc401aed62bd694fa8d4f04505afd4b39785bf23437a8c6c9f259b3e4ed6a29b739392f
EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35)
label: ecCert3
ID: 0008
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public
Private Key Object; EC
label: ecPeerCert
ID: 0003
Usage: decrypt, sign, signRecover, unwrap, derive
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104dc0f8348cae4d8cbe046e8204eb10bb158f9115367e70f4d5ec85f12a46f7fa6eea739852ee0523131d1bfe7ba4a6c1cd4c3ea9c205249e032fa46420d7f7fa9
EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
label: ecPeerCert
ID: 0003
Usage: encrypt, verify, verifyRecover, wrap, derive
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public
Private Key Object; RSA
label: testCert
ID: 0001
Usage: decrypt, sign, signRecover, unwrap
Access: sensitive, always sensitive, never extractable, local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=private
Public Key Object; RSA 2048 bits
label: testCert
ID: 0001
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0001;object=testCert;type=public
Certificate Object; type = X.509 cert
label: ecPeerCert
subject: DN: CN=My Peer EC Cert
serial: 05
ID: 0003
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert
Public Key Object; RSA 3092 bits
label: testRsaPss2Cert
ID: 0011
Usage: encrypt, verify, verifyRecover, wrap
Access: local
uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public
+ echo ' ----------------------------------------------------------------------------------------------------'
+ title PARA 'Output configurations'
----------------------------------------------------------------------------------------------------
+ case "$1" in
+ shift 1
+ echo ''
+ echo '## Output configurations'
+ '[' -f '' ']'
## Output configurations
+ OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
+ title LINE 'Generate openssl config file'
+ case "$1" in
+ shift 1
+ echo 'Generate openssl config file'
Generate openssl config file
+ sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in
+ title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars'
+ case "$1" in
+ shift 1
+ echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars'
Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars
+ cat
+ '[' -n pkcs11:id=%00%04 ']'
+ cat
+ '[' -n pkcs11:id=%00%09 ']'
+ cat
+ '[' -n '' ']'
+ '[' -n pkcs11:id=%00%10 ']'
+ cat
+ cat
+ gen_unsetvars
+ grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars
+ sed -e s/export/unset/ -e 's/=.*$//'
+ title ENDSECTION
+ case "$1" in
+ echo ''
+ echo ' ##'
+ echo '########################################'
+ echo ''
##
########################################
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
2/92 pkcs11-provider:softhsm / setup OK 2.86s
3/92 pkcs11-provider:kryoptic / setup RUNNING
>>> SOFTOKNPATH=/usr/lib/aarch64-linux-gnu MALLOC_PERTURB_=52 P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests
++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=kryoptic
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' kryoptic == softhsm ']'
+ '[' kryoptic == softokn ']'
+ '[' kryoptic == kryoptic ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh
++ title SECTION 'Searching for Kryoptic module'
++ case "$1" in
++ shift 1
++ echo '########################################'
########################################
## Searching for Kryoptic module
++ echo '## Searching for Kryoptic module'
++ echo ''
++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /target/debug/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /target/release/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so
++ for _lib in "$@"
++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so
++ for _lib in "$@"
++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
++ echo 'skipped: Unable to find kryoptic PKCS#11 library'
++ exit 0
skipped: Unable to find kryoptic PKCS#11 library
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
3/92 pkcs11-provider:kryoptic / setup OK 0.04s
4/92 pkcs11-provider:kryoptic.nss / setup RUNNING
>>> SOFTOKNPATH=/usr/lib/aarch64-linux-gnu P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so MALLOC_PERTURB_=191 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests
++ helper_emit=1
++ sed --version
++ grep -q 'GNU sed'
++ sed_inplace=('-i')
++ export sed_inplace
+ '[' 1 -ne 1 ']'
+ TOKENTYPE=kryoptic.nss
+ SUPPORT_ED25519=1
+ SUPPORT_ED448=1
+ SUPPORT_RSA_PKCS1_ENCRYPTION=1
+ SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
+ SUPPORT_TLSFUZZER=1
+ SUPPORT_ALLOWED_MECHANISMS=0
++ opensc-tool -i
++ grep OpenSC
++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
Failed to establish context: Unable to load external module
+ OPENSC_VERSION=26
+ [[ 26 -le 25 ]]
+ [[ '' = \1 ]]
++ cat /proc/sys/crypto/fips_enabled
+ [[ 0 = \1 ]]
+ TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss
+ TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/tokens
+ '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss ']'
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss
+ mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/tokens
+ PINVALUE=12345678
+ PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/pinfile.txt
+ echo 12345678
+ export GNUTLS_PIN=12345678
+ GNUTLS_PIN=12345678
+ '[' kryoptic.nss == softhsm ']'
+ '[' kryoptic.nss == softokn ']'
+ '[' kryoptic.nss == kryoptic ']'
+ '[' kryoptic.nss == kryoptic.nss ']'
+ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh
++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/kryoptic.conf
++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/kryoptic.conf
++ cat
++ export 'TOKENLABEL=Kryoptic Soft Token'
++ TOKENLABEL='Kryoptic Soft Token'
++ export TOKENLABELURI=Kryoptic%20Soft%20Token
++ TOKENLABELURI=Kryoptic%20Soft%20Token
++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh
+++ title SECTION 'Searching for Kryoptic module'
+++ case "$1" in
+++ shift 1
+++ echo '########################################'
+++ echo '## Searching for Kryoptic module'
########################################
## Searching for Kryoptic module
+++ echo ''
+++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /target/debug/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /target/release/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so
+++ for _lib in "$@"
+++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so
+++ for _lib in "$@"
+++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
+++ echo 'skipped: Unable to find kryoptic PKCS#11 library'
+++ exit 0
skipped: Unable to find kryoptic PKCS#11 library
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
4/92 pkcs11-provider:kryoptic.nss / setup OK 0.04s
5/92 pkcs11-provider:softokn / basic RUNNING
>>> MALLOC_PERTURB_=206 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
5/92 pkcs11-provider:softokn / basic SKIP 0.02s exit status 77
6/92 pkcs11-provider:softhsm / basic RUNNING
>>> MALLOC_PERTURB_=143 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic
## Raw Sign check error
openssl
pkeyutl -sign -inkey "${BASEURI}"
-pkeyopt pad-mode:none
-in ${TMPPDIR}/64Brandom.bin
-out ${TMPPDIR}/raw-sig.bin
Public Key operation error
40FC1296FFFF0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971:
## Sign and Verify with provided Hash and RSA
openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE}
openssl
pkeyutl -sign -inkey "${PRIURI}"
-in ${TMPPDIR}/sha256.bin
-out ${TMPPDIR}/sha256-sig.bin
openssl
pkeyutl -verify -inkey "${PUBURI}"
-pubin
-in ${TMPPDIR}/sha256.bin
-sigfile ${TMPPDIR}/sha256-sig.bin
Signature Verified Successfully
## Sign and Verify with provided Hash and RSA with DigestInfo struct
openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE}
openssl
pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256
-in ${TMPPDIR}/sha256.bin
-out ${TMPPDIR}/sha256-sig.bin
openssl
pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256
-pubin
-in ${TMPPDIR}/sha256.bin
-sigfile ${TMPPDIR}/sha256-sig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with RSA
openssl
pkeyutl -sign -inkey "${BASEURI}"
-digest sha256
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-dgstsig.bin
openssl
pkeyutl -verify -inkey "${BASEURI}" -pubin
-digest sha256
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-dgstsig.bin
Signature Verified Successfully
openssl
pkeyutl -verify -inkey "${PUBURI}"
-pubin
-digest sha256
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-dgstsig.bin
Signature Verified Successfully
RSA basic encrypt and decrypt
openssl
pkeyutl -encrypt -inkey "${PUBURI}" -pubin
-in ${SECRETFILE}
-out ${SECRETFILE}.enc
openssl
pkeyutl -decrypt -inkey "${PRIURI}"
-in ${SECRETFILE}.enc
-out ${SECRETFILE}.dec
## Test Disallow Public Export
openssl pkey -in $PUBURI -pubin -pubout -text
## Test CSR generation from RSA private keys
openssl
req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem
openssl
req -in ${TMPPDIR}/rsa_csr.pem -verify -noout
Certificate request self-signature verify OK
## Test fetching public keys without PIN in config files
openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem
openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem
openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem
## Test fetching public keys with a PIN in URI
openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem
openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem
openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem
openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem
## Test fetching public keys with a PIN source in URI
openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem
openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem
openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem
openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem
## Test prompting without PIN in config files
## Test EVP_PKEY_eq on public RSA key both on token
## Test EVP_PKEY_eq on public EC key both on token
## Test EVP_PKEY_eq on public RSA key via import
## Match private RSA key against public key
## Match private RSA key against public key (commutativity)
## Test EVP_PKEY_eq on public EC key via import
## Match private EC key against public key
## Match private EC key against public key (commutativity)
## Test EVP_PKEY_eq with key exporting disabled
## Test RSA key
## Test EC key
## Test PIN caching
Prompt: "Enter pass phrase for PKCS#11 Token (Slot 452100771 - SoftHSM slot ID 0x1af282a3):"
Returning: 12345678
Child Done
ALL A-OK!
Prompt: "Enter pass phrase for PKCS#11 Token (Slot 452100771 - SoftHSM slot ID 0x1af282a3):"
Returning: 12345678
Child Done
ALL A-OK!
## Test interactive Login on key without ALWAYS AUTHENTICATE
expect: spawn id exp3 not open
while executing
"expect "ALL A-OK""
## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE
expect: spawn id exp3 not open
while executing
"expect "ALL A-OK""
## Test Key generation
Performed tests: 4
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
6/92 pkcs11-provider:softhsm / basic OK 5.76s
7/92 pkcs11-provider:kryoptic / basic RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=192 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
7/92 pkcs11-provider:kryoptic / basic SKIP 0.01s exit status 77
8/92 pkcs11-provider:kryoptic.nss / basic RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=229 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.02s exit status 77
9/92 pkcs11-provider:softokn / pubkey RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=200 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
9/92 pkcs11-provider:softokn / pubkey SKIP 0.02s exit status 77
10/92 pkcs11-provider:softhsm / pubkey RUNNING
>>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=83 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey
## Export RSA Public key to a file
openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub
Export Public key to a file (pub-uri)
openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub
Print Public key from private
openssl pkey -in $PRIURI -pubout -text
## Export Public check error
openssl pkey -in pkcs11:id=%de%ad -pubin
-pubout -out ${TMPPDIR}/pubout-invlid.pub
Could not find private key of Public Key from pkcs11:id=%de%ad
## Export EC Public key to a file
openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub
Export EC Public key to a file (pub-uri)
openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub
Print EC Public key from private
openssl pkey -in $ECPRIURI -pubout -text
## Check we can get RSA public keys from certificate objects
Export Public key to a file (priv-uri)
openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub
Export Public key to a file (base-uri)
openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub
## Check we can get EC public keys from certificate objects
Export Public EC key to a file (priv-uri)
openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub
Export Public key to a file (base-uri)
openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
10/92 pkcs11-provider:softhsm / pubkey OK 0.48s
11/92 pkcs11-provider:kryoptic / pubkey RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=60 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.02s exit status 77
12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING
>>> MALLOC_PERTURB_=115 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.02s exit status 77
13/92 pkcs11-provider:softokn / certs RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=145 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
13/92 pkcs11-provider:softokn / certs SKIP 0.02s exit status 77
14/92 pkcs11-provider:softhsm / certs RUNNING
>>> MALLOC_PERTURB_=90 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts
## Check we can fetch certifiatce objects
openssl
x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt
openssl
x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt
## Use storeutl command to match specific certs via params
openssl
storeutl -certs -subject "${subj}"
-out ${TMPPDIR}/storeutl-crt-subj.txt
pkcs11:type=cert
0: Certificate
openssl
storeutl -certs -subject "${subj}"
-out ${TMPPDIR}/storeutl-crt-subj.txt
pkcs11:type=cert
0: Certificate
openssl
storeutl -certs -subject "${subj}"
-out ${TMPPDIR}/storeutl-crt-subj.txt
pkcs11:type=cert
0: Certificate
openssl
storeutl -certs -subject "${subj}"
-out ${TMPPDIR}/storeutl-crt-subj.txt
pkcs11:type=cert
0: Certificate
## Test fetching certificate without PIN in config files
openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt
## Test fetching certificate via STORE api
Cert load successfully
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
14/92 pkcs11-provider:softhsm / certs OK 0.34s
15/92 pkcs11-provider:kryoptic / certs RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=211 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
15/92 pkcs11-provider:kryoptic / certs SKIP 0.02s exit status 77
16/92 pkcs11-provider:kryoptic.nss / certs RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=207 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.02s exit status 77
17/92 pkcs11-provider:softokn / ecc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=192 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
17/92 pkcs11-provider:softokn / ecc SKIP 0.02s exit status 77
18/92 pkcs11-provider:softhsm / ecc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=18 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc
## Export EC Public key to a file
openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub
Print EC Public key from private
openssl pkey -in $ECPRIURI -pubout -text
## Sign and Verify with provided Hash and EC
openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE}
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-in ${TMPPDIR}/sha256.bin
-out ${TMPPDIR}/sha256-ecsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-in ${TMPPDIR}/sha256.bin
-sigfile ${TMPPDIR}/sha256-ecsig.bin
Signature Verified Successfully
openssl
pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin
-in ${TMPPDIR}/sha256.bin
-sigfile ${TMPPDIR}/sha256-ecsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA-256)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha256
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha256
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-ecdgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA-384)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha384
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha384-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha384
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha384-ecdgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA-512)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha512
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha512-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha512
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha512-ecdgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA3-256)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha3-256
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha3-256-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha3-256
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA3-384)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha3-384
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha3-384-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha3-384
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with ECC (SHA3-512)
openssl
pkeyutl -sign -inkey "${ECBASEURI}"
-digest sha3-512
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha3-512-ecdgstsig.bin
openssl
pkeyutl -verify -inkey "${ECBASEURI}" -pubin
-digest sha3-512
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin
Signature Verified Successfully
## Test CSR generation from private ECC keys
openssl
req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem
openssl
req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout
Certificate request self-signature verify OK
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
18/92 pkcs11-provider:softhsm / ecc OK 0.81s
19/92 pkcs11-provider:kryoptic / ecc RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=2 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
19/92 pkcs11-provider:kryoptic / ecc SKIP 0.02s exit status 77
20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=37 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.02s exit status 77
21/92 pkcs11-provider:softhsm / edwards RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=136 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards
## Export ED25519 Public key to a file
openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub
Print ED25519 Public key from private
openssl pkey -in $EDPRIURI -pubout -text
## DigestSign and DigestVerify with ED25519
openssl
pkeyutl -sign -inkey "${EDBASEURI}"
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-eddgstsig.bin
openssl
pkeyutl -verify -inkey "${EDBASEURI}" -pubin
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-eddgstsig.bin
Signature Verified Successfully
## Test CSR generation from private ED25519 keys
openssl
req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem
openssl
req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout
Certificate request self-signature verify OK
## Test EVP_PKEY_eq on public Edwards key both on token
## Test EVP_PKEY_eq on public ED key via import
## Match private ED key against public key
## Match private ED key against public key (commutativity)
## Test Key generation
Performed tests: 1
## Export ED448 Public key to a file
openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub
Print ED448 Public key from private
openssl pkey -in $ED2PRIURI -pubout -text
## DigestSign and DigestVerify with ED448
openssl
pkeyutl -sign -inkey "${ED2BASEURI}"
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-eddgstsig.bin
openssl
pkeyutl -verify -inkey "${ED2BASEURI}" -pubin
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-eddgstsig.bin
Signature Verified Successfully
## Test CSR generation from private ED448 keys
openssl
req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem
openssl
req -in ${TMPPDIR}/ed448_csr.pem -verify -noout
Certificate request self-signature verify OK
## Test EVP_PKEY_eq on public Edwards key both on token
## Test EVP_PKEY_eq on public ED448 key via import
## Match private ED448 key against public key
## Match private ED448 key against public key (commutativity)
## Test Ed448 Key generation
Performed tests: 1
## Test interactive Login on key without ALWAYS AUTHENTICATE
expect: spawn id exp3 not open
while executing
"expect "ALL A-OK""
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
21/92 pkcs11-provider:softhsm / edwards OK 1.38s
22/92 pkcs11-provider:kryoptic / edwards RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=82 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
22/92 pkcs11-provider:kryoptic / edwards SKIP 0.02s exit status 77
23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=198 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.02s exit status 77
24/92 pkcs11-provider:softokn / ecdh RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=148 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
24/92 pkcs11-provider:softokn / ecdh SKIP 0.02s exit status 77
25/92 pkcs11-provider:kryoptic / ecdh RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=199 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.02s exit status 77
26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=196 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.02s exit status 77
27/92 pkcs11-provider:softokn / democa RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=81 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
27/92 pkcs11-provider:softokn / democa SKIP 0.02s exit status 77
28/92 pkcs11-provider:softhsm / democa RUNNING
>>> MALLOC_PERTURB_=26 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca
## Set up demoCA
## Generating CA cert if needed
openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem
## Generating a new CSR with key in file
openssl
req -batch -noenc -newkey rsa:2048
-subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US"
-keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr
....+.......+......+.....+.+.........+..+...+.+.....+.+........+....+........+...+++++++++++++++++++++++++++++++++++++++*...+....+...+++++++++++++++++++++++++++++++++++++++*..+....+......+........+..........+.........+..+.........+....+.....+......+.......++++++
.....+.+............+..+....+..+...+.+...+......+.........+++++++++++++++++++++++++++++++++++++++*..+......+.+++++++++++++++++++++++++++++++++++++++*.....+.+...+...........+...+......+.+...+.....+.+..+...................+......+.....+...+.+.....+...+..........+......+............+..............+.........+.+........+............+.+...+......+......+.......................+.+......++++++
-----
## Signing the new certificate
openssl
ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-csr-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:53 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Generating a new CSR with existing RSA key in token
openssl
req -batch -noenc -new -key ${PRIURI}
-subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-rsa.csr
## Signing the new RSA key certificate
openssl
ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-rsa-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:53 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Generating a new CSR with existing EC key in token
openssl
req -batch -noenc -new -key ${ECPRIURI}
-subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-ec.csr
## Signing the new EC key certificate
openssl
ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-ec-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Generating a new CSR with existing ED key in token
openssl
req -batch -noenc -new -key ${EDPRIURI}
-subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-ed.csr
## Signing the new ED key certificate
openssl
ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-ed-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Generating a new CSR with existing ED448 key in token
openssl
req -batch -noenc -new -key ${ED2PRIURI}
-subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-ed2.csr
## Signing the new ED448 key certificate
openssl
ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-ed2-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Generating a new CSR with existing RSA-PSS key in token
openssl
req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss
-subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US"
-sigopt rsa_padding_mode:pss
-out ${DEMOCA}/cert-rsa-pss.csr
## Signing the new RSA-PSS key certificate
openssl
ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-rsapss-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
openssl x509 -text -in ${DEMOCA}/cert.pem
## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token
openssl
req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss
-subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-rsa-pss2.csr
-sigopt rsa_padding_mode:pss
-sigopt digest:sha256
## Signing the new SHA256 restricted RSA-PSS key certificate
openssl
ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-rsapss-sha2-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
openssl x509 -text -in ${DEMOCA}/cert.pem
## Generating a new CSR with existing RSA-PSS key in token
openssl
req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss
-subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US"
-out ${DEMOCA}/cert-rsa-pss2.csr
-sigopt rsa_padding_mode:pss
-sigopt digest:sha256
-sigopt rsa_pss_saltlen:-2
## Signing the new RSA-PSS key certificate
openssl
ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'testing-rsapss-signing'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
## Set up OCSP
openssl
req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US"
-key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr
openssl
ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem
-in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem
Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'OCSP'
organizationName :ASN.1 12:'PKCS11 Provider'
countryName :PRINTABLE:'US'
Certificate is to be certified until Feb 18 04:28:54 2026 GMT (365 days)
Write out database with 1 new entries
Database updated
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
28/92 pkcs11-provider:softhsm / democa OK 1.34s
29/92 pkcs11-provider:kryoptic / democa RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=162 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
29/92 pkcs11-provider:kryoptic / democa SKIP 0.02s exit status 77
30/92 pkcs11-provider:kryoptic.nss / democa RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=20 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.02s exit status 77
31/92 pkcs11-provider:softokn / digest RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=182 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
31/92 pkcs11-provider:softokn / digest SKIP 0.02s exit status 77
32/92 pkcs11-provider:softhsm / digest RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=180 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest
## Test Digests support
sha512-224: Unsupported by pkcs11 token
sha512-256: Unsupported by pkcs11 token
sha3-224: Unsupported by pkcs11 token
sha3-256: Unsupported by pkcs11 token
sha3-384: Unsupported by pkcs11 token
sha3-512: Unsupported by pkcs11 token
PASSED
## Test Digests Blocked
No digest available for testing pkcs11 provider
Digest operations failed as expected
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
32/92 pkcs11-provider:softhsm / digest OK 0.10s
33/92 pkcs11-provider:kryoptic / digest RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=197 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
33/92 pkcs11-provider:kryoptic / digest SKIP 0.02s exit status 77
34/92 pkcs11-provider:kryoptic.nss / digest RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=139 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.02s exit status 77
35/92 pkcs11-provider:softokn / fork RUNNING
>>> MALLOC_PERTURB_=143 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
35/92 pkcs11-provider:softokn / fork SKIP 0.02s exit status 77
36/92 pkcs11-provider:softhsm / fork RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=72 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tfork
Child Done
Child Done
ALL A-OK!
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
36/92 pkcs11-provider:softhsm / fork OK 1.31s
37/92 pkcs11-provider:kryoptic / fork RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=166 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
37/92 pkcs11-provider:kryoptic / fork SKIP 0.02s exit status 77
38/92 pkcs11-provider:kryoptic.nss / fork RUNNING
>>> MALLOC_PERTURB_=16 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.02s exit status 77
39/92 pkcs11-provider:softokn / oaepsha2 RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=199 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.02s exit status 77
40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=153 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.02s exit status 77
41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=102 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.02s exit status 77
42/92 pkcs11-provider:softokn / hkdf RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=104 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
42/92 pkcs11-provider:softokn / hkdf SKIP 0.02s exit status 77
43/92 pkcs11-provider:kryoptic / hkdf RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=9 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.02s exit status 77
44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=153 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.02s exit status 77
45/92 pkcs11-provider:softokn / imported RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=11 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
45/92 pkcs11-provider:softokn / imported SKIP 0.02s exit status 77
46/92 pkcs11-provider:kryoptic / imported RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=141 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
46/92 pkcs11-provider:kryoptic / imported SKIP 0.02s exit status 77
47/92 pkcs11-provider:kryoptic.nss / imported RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=176 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.02s exit status 77
48/92 pkcs11-provider:softokn / rsapss RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=219 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
48/92 pkcs11-provider:softokn / rsapss SKIP 0.02s exit status 77
49/92 pkcs11-provider:softhsm / rsapss RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=39 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss
## DigestSign and DigestVerify with RSA PSS
openssl
pkeyutl -sign -inkey "${BASEURI}"
-digest sha256
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha256
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-dgstsig.bin
openssl
pkeyutl -verify -inkey "${BASEURI}" -pubin
-digest sha256
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha256
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-dgstsig.bin
Signature Verified Successfully
Re-verify using OpenSSL default provider
openssl
pkeyutl -verify -inkey "${PUBURI}"
-pubin
-digest sha256
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha256
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-dgstsig.bin
Signature Verified Successfully
## DigestSign and DigestVerify with RSA PSS with default params
openssl
pkeyutl -sign -inkey "${BASEURI}"
-pkeyopt pad-mode:pss
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/def-dgstsig.bin
openssl
pkeyutl -verify -inkey "${BASEURI}" -pubin
-pkeyopt pad-mode:pss
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/def-dgstsig.bin
Signature Verified Successfully
Re-verify using OpenSSL default provider
openssl
pkeyutl -verify -inkey "${PUBURI}"
-pubin
-pkeyopt pad-mode:pss
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/def-dgstsig.bin
Signature Verified Successfully
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
49/92 pkcs11-provider:softhsm / rsapss OK 0.30s
50/92 pkcs11-provider:kryoptic / rsapss RUNNING
>>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=134 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.02s exit status 77
51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=5 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.02s exit status 77
52/92 pkcs11-provider:softhsm / rsapssam RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=29 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam
## DigestSign and DigestVerify with RSA PSS (SHA256 restriction)
openssl
pkeyutl -sign -inkey "${RSAPSS2PRIURI}"
-digest sha256
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha256
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin
openssl
pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin
-digest sha256
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha256
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin
Signature Verified Successfully
## Fail DigestSign with RSA PSS because of restricted Digest
openssl
pkeyutl -sign -inkey "${RSAPSS2PRIURI}"
-digest sha384
-pkeyopt pad-mode:pss
-pkeyopt mgf1-digest:sha384
-pkeyopt saltlen:digest
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1
## Fail Signing with RSA PKCS1 mech and RSA-PSS key
openssl
pkeyutl -sign -inkey "${RSAPSSPRIURI}"
-digest sha256
-pkeyopt rsa_padding_mode:pkcs1
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
52/92 pkcs11-provider:softhsm / rsapssam OK 0.24s
53/92 pkcs11-provider:kryoptic / rsapssam RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=129 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.02s exit status 77
54/92 pkcs11-provider:softokn / genkey RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=112 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
54/92 pkcs11-provider:softokn / genkey SKIP 0.02s exit status 77
55/92 pkcs11-provider:softhsm / genkey RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=152 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tgenkey
Performed tests: 0
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
55/92 pkcs11-provider:softhsm / genkey OK 0.03s
56/92 pkcs11-provider:kryoptic / genkey RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=219 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
56/92 pkcs11-provider:kryoptic / genkey SKIP 0.02s exit status 77
57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING
>>> MALLOC_PERTURB_=16 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.02s exit status 77
58/92 pkcs11-provider:softokn / pkey RUNNING
>>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=41 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
58/92 pkcs11-provider:softokn / pkey SKIP 0.02s exit status 77
59/92 pkcs11-provider:softhsm / pkey RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=255 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tpkey
ALL A-OK!
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
59/92 pkcs11-provider:softhsm / pkey OK 0.19s
60/92 pkcs11-provider:kryoptic / pkey RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=211 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
60/92 pkcs11-provider:kryoptic / pkey SKIP 0.02s exit status 77
61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=213 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.02s exit status 77
62/92 pkcs11-provider:softokn / session RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=5 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
62/92 pkcs11-provider:softokn / session SKIP 0.02s exit status 77
63/92 pkcs11-provider:softhsm / session RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=161 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tsession
ALL A-OK!――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
63/92 pkcs11-provider:softhsm / session OK 0.22s
64/92 pkcs11-provider:kryoptic / session RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=128 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
64/92 pkcs11-provider:kryoptic / session SKIP 0.02s exit status 77
65/92 pkcs11-provider:kryoptic.nss / session RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=96 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.02s exit status 77
66/92 pkcs11-provider:softokn / rand RUNNING
>>> MALLOC_PERTURB_=228 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
66/92 pkcs11-provider:softokn / rand SKIP 0.02s exit status 77
67/92 pkcs11-provider:softhsm / rand RUNNING
>>> MALLOC_PERTURB_=247 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand
## Test PKCS11 RNG
openssl rand 1
400CA7B8FFFF0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties (<null>)
400CA7B8FFFF0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660:
openssl rand 1
¸
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
67/92 pkcs11-provider:softhsm / rand OK 0.08s
68/92 pkcs11-provider:kryoptic / rand RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=150 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
68/92 pkcs11-provider:kryoptic / rand SKIP 0.02s exit status 77
69/92 pkcs11-provider:kryoptic.nss / rand RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=76 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.02s exit status 77
70/92 pkcs11-provider:softokn / readkeys RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=84 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
70/92 pkcs11-provider:softokn / readkeys SKIP 0.02s exit status 77
71/92 pkcs11-provider:softhsm / readkeys RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=191 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/treadkeys
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
71/92 pkcs11-provider:softhsm / readkeys OK 0.06s
72/92 pkcs11-provider:kryoptic / readkeys RUNNING
>>> MALLOC_PERTURB_=193 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.02s exit status 77
73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=168 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.02s exit status 77
74/92 pkcs11-provider:softokn / tls RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=168 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
74/92 pkcs11-provider:softokn / tls SKIP 0.02s exit status 77
75/92 pkcs11-provider:softhsm / tls RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=190 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls
## Test SSL_CTX creation
SSL Context works!
## Test setting cert/keys on TLS Context
Cert and Key successfully set on TLS Context!
## Test setting cert/keys on TLS Context w/o pub key
Cert and Key successfully set on TLS Context!
## Test an actual TLS connection
########################################
## TLS with key in provider
## Run sanity test with default values (RSA)
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1391 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: B953A3277AD06970EE2FC4ADEEF60D0D121DFC0B3BE58F5C652B9EB819234BAA
Session-ID-ctx:
Resumption PSK: 3E17B9636F9AEDA7EE3B82F07BD2E62B35AFBE0FCA494C5861E1FF61DDA70D081FDB0474FABF3E710BEB7AFE233ACC2D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 4b 14 91 c5 e6 26 a1 80-73 9a 0a 60 4e 87 76 ae K....&..s..`N.v.
0010 - 84 83 f4 98 e3 3c 5e 1d-5c b3 e2 d2 65 5e f3 b3 .....<^.\...e^..
0020 - a4 d9 17 55 ee 2c 30 1e-76 c0 7e 13 b6 49 27 22 ...U.,0.v.~..I'"
0030 - 45 70 79 9e b4 4e a0 99-81 f8 2b 4d af 5d 76 81 Epy..N....+M.]v.
0040 - f4 3a a6 dd c5 8c d9 c9-7e 73 2c a7 42 22 3f 14 .:......~s,.B"?.
0050 - 43 b6 6c 31 f7 6d 0b 01-31 f2 96 2b 71 51 7f 6f C.l1.m..1..+qQ.o
0060 - e4 e0 90 14 c4 09 4c 40-72 c2 62 56 75 90 b7 4f ......L@r.bVu..O
0070 - 95 d1 38 c6 8b 0a 8c 60-e3 5c a2 37 cd 1c 33 bc ..8....`.\.7..3.
0080 - 68 d3 63 e1 8a a6 23 c0-a7 2c 26 f1 52 4f 30 65 h.c...#..,&.RO0e
0090 - 68 0a 85 43 2e 62 5e 2c-62 f3 af 60 ce f7 6a c5 h..C.b^,b..`..j.
00a0 - ce 0e 9e 15 6c b9 2c 38-c1 20 6f 60 ce ed 39 f8 ....l.,8. o`..9.
00b0 - 36 09 ff 0b 5c c9 8c 2f-dd cc ca 21 c5 1e 1d 18 6...\../...!....
00c0 - 1a b6 d1 14 17 bb 62 2b-d5 d5 79 63 f3 c6 55 bb ......b+..yc..U.
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6CDA2E9DFB4E5A823E251F4F028F653796F334BA9AD81CA36B42732FB24C5479
Session-ID-ctx:
Resumption PSK: FF409EFA05523F4AA82E3B43A48FAD097E95CDFEC4C238789330C1E8E8BAFF3BB0ABE310B5449602EF7F048C5640B6AA
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 4b 14 91 c5 e6 26 a1 80-73 9a 0a 60 4e 87 76 ae K....&..s..`N.v.
0010 - aa 4c de 43 84 af bf 54-40 82 d8 26 9b d9 31 d4 .L.C...T@..&..1.
0020 - 03 de f6 4d ff 56 46 be-26 d0 0b 07 58 42 a5 2a ...M.VF.&...XB.*
0030 - b3 a6 22 4c 35 fe fb fd-f3 93 aa 04 8a 7f 0d ae .."L5...........
0040 - 12 23 3c f9 88 0b 9d 02-b1 67 80 70 e5 a9 cd 16 .#<......g.p....
0050 - af 6d 4f 9a ae 80 78 bd-a6 df 89 17 c3 53 85 e6 .mO...x......S..
0060 - 3e 72 5d ac ef 11 6a b3-c9 35 ce 4c 5b 90 8c 0a >r]...j..5.L[...
0070 - 41 4d e7 0c 1d 6b 38 45-8d ac a4 32 71 b0 6f 3e AM...k8E...2q.o>
0080 - 61 33 da 37 f6 35 6c 44-c8 71 9b 04 f7 54 4d 94 a3.7.5lD.q...TM.
0090 - 45 c3 d8 43 07 bd 4b d5-30 6d 29 41 8c c2 70 e3 E..C..K.0m)A..p.
00a0 - 6f 64 b6 a9 a0 3e bc 15-45 21 c2 d9 85 ac 9e ed od...>..E!......
00b0 - 40 f5 6d 7c 67 fb ab 29-d6 3f fd 1a b6 6e 5c 61 @.m|g..).?...n\a
00c0 - 2d 22 05 b9 a5 26 2f b7-22 51 33 26 c7 87 ea 19 -"...&/."Q3&....
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
404C80B4FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIO8nVk0N9DbK8XALXFTC24dQVHfz8bp/X0nP+cuebH9T
BDD/QJ76BVI/SqguO0Okj60JfpXN/sTCOHiTMMHo6Lr/O7Cr4xC1RJYC738EjFZA
tqqhBgIEZ7QMiqIEAgIcIKQGBAQBAAAArgcCBQCUwS/4swMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (RSA-PSS)
## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10
openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT}
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify return:1
---
Certificate chain
0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS
v:NotBefore: Feb 18 04:28:58 2025 GMT; NotAfter: Mar 20 04:28:58 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEIzCCAtugAwIBAgIULDSTPIowuUZyAKeE7KKKySxumt8wPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0
aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDQyODU4WhcNMjUwMzIwMDQyODU4WjBnMQsw
CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr
MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy
bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDN+ro4vV+PPtBH2YFG
CYfMSzNstHBfqCtvpL2FDWEIvM8Gkh/MR3CnC/fUC3c2b7Ulwz9atGeBVeumKL4j
qnu5ie88lHVBgjwKRn5M+X6DMmp5DsQ786wA8Z2+cc25lRUBgeDprc9+np4aH/eb
+cm1L4fXTO7uIIofFQUAY+OBcrPI6fdIejT0dHrbAmO/FGblMJyVHA/PhdrvF3RD
k3CRwZllST4sPc0aMvu7VItTDJ1xkfSRFEnmjqClF2lNP0hfHEMlMiHzF/MJCU3b
8kB/WfnaKAESFTuNgiS425TU+Lf3YUgjHJntQgIiKf57AzHhrp/TOvnbetaCBRK8
BTQzAgMBAAGjaTBnMB0GA1UdDgQWBBSdLjd95wlfOD7rob2dNpQLOxa2wzAfBgNV
HSMEGDAWgBSdLjd95wlfOD7rob2dNpQLOxa2wzAPBgNVHRMBAf8EBTADAQH/MAkG
A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC
AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAGF3lhGcm8Trk
cT0Rd0QiQ9DK9Hz8vvVI3ec5sFSgA3MlXNqIFJK92adF6leMMnNlH+zukA25Zejm
e2N69Xgin747oVhB42BAbCLSZ7BIMh7YEOY73qcRPSDuUBEZjfDYuqChJEyKtj1t
Yjq9LenVc/MFRw+GZDXUhAFKlkHHqmcWxtEYndiuyMzZ2cywTLvMvXfz8KBkQlWp
2GPHUWW463rT3MVo/a1cMjewAyBr+aP5TqR2vJPNCe1t5OiOKabf8mmR4FqJLIXR
lcoAumOG26CQ76fxjXRQbYlM1I+CvPNQGAU72N2mc03wmDAxx8w7N15gitPXtKWt
EGoeJkADOA==
-----END CERTIFICATE-----
subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1619 bytes and written 391 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: C9807CA837581AD9A63A8E4364FF67BA3E1B784DE853FA389A7FC09C22E2931D
Session-ID-ctx:
Resumption PSK: BAA562792EEDF7C95537A894A6EEB9C8A33D62F7850AEE202EB96EFEE21B70C3C00835C2577AB14BCE7C54030AC1B612
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 60 50 44 bc f0 10 d5 02-0a ce 85 11 46 6c 15 93 `PD.........Fl..
0010 - a6 89 d9 8c 54 24 c5 b3-81 ff 40 ff 8c 5e 8c b2 ....T$....@..^..
0020 - 33 7f c1 51 5c 08 d2 3c-53 b6 24 24 7f e0 54 84 3..Q\..<S.$$..T.
0030 - 60 f2 6e 05 bd 74 80 d1-06 fa 4a 9e e3 7e 4e 01 `.n..t....J..~N.
0040 - 40 16 09 3b 60 2d c1 9c-88 e5 d4 21 7a de 22 f7 @..;`-.....!z.".
0050 - 95 08 0b 53 96 45 88 7d-0b 5f 67 d2 2c dd 75 45 ...S.E.}._g.,.uE
0060 - 78 c7 78 9a f3 4e 54 62-06 44 58 12 c8 6d 78 6d x.x..NTb.DX..mxm
0070 - 4b fa 70 2e 13 79 fe 75-ca 5c d7 0c 46 73 f4 69 K.p..y.u.\..Fs.i
0080 - 5c 95 82 98 46 a7 55 d9-b2 8d ad 19 bd 0e 88 e1 \...F.U.........
0090 - fa 91 78 5e 15 77 fd e7-58 55 74 85 0d 30 1d 13 ..x^.w..XUt..0..
00a0 - ef d6 87 08 8a b8 6d 5e-d5 89 af 13 41 74 27 49 ......m^....At'I
00b0 - 5d 49 e5 aa 72 5e c5 0f-10 77 cf 13 8b 38 4b 1f ]I..r^...w...8K.
00c0 - 69 e2 be 92 8c c1 b2 fc-aa 87 3b 2a a3 74 8f fc i.........;*.t..
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: FED63ED322A437F4CE5A06D33C3266CEB4E1AAA6952B87F08D8842F51DEE2DCA
Session-ID-ctx:
Resumption PSK: 1821B38382B72B286A7F7131FDE31CE4BC4B75C536E633C09CB9A90716606C676592E018301320101A1387B0ADE2EBF1
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 60 50 44 bc f0 10 d5 02-0a ce 85 11 46 6c 15 93 `PD.........Fl..
0010 - 53 1e 88 c1 a0 24 9b ee-63 be c7 fc 14 e7 26 c0 S....$..c.....&.
0020 - ef 4c 36 62 14 a4 93 57-c1 e1 b3 6d e3 d3 64 b8 .L6b...W...m..d.
0030 - dc 85 cc ff 61 54 9d f5-2d 6c b4 6d 22 fc fb ae ....aT..-l.m"...
0040 - 15 ca c7 95 0f 2a 7f a0-65 d9 12 14 83 35 46 f0 .....*..e....5F.
0050 - da 86 b1 2c 71 d5 d0 09-67 0a aa be 15 e4 fa d0 ...,q...g.......
0060 - 31 f4 51 82 7a 81 eb 22-63 6e b0 b4 2e 7d 52 08 1.Q.z.."cn...}R.
0070 - e5 34 e6 74 26 17 c5 73-a7 e0 dc 14 95 44 86 7e .4.t&..s.....D.~
0080 - 8e c1 33 10 71 8e b0 78-26 82 3d 24 54 86 de af ..3.q..x&.=$T...
0090 - e4 ca 32 75 30 43 5f aa-c6 d2 a4 65 88 1e 44 a8 ..2u0C_....e..D.
00a0 - ed 64 15 6f 5a de 76 a2-f4 a1 ae a8 44 28 85 e7 .d.oZ.v.....D(..
00b0 - 16 18 77 2f c6 6d 4f 75-a5 f8 ad 8c 96 f7 91 33 ..w/.mOu.......3
00c0 - 23 f3 fe af aa e3 34 74-ac 24 40 c0 6f 43 11 6c #.....4t.$@.oC.l
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
40DC199FFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-default.pem
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIG+1tB0I0sllFRcDf9NnShvgZU2aDUUHe+tib6jY8pF9
BDAYIbODgrcrKGp/cTH94xzkvEt1xTbmM8CcuakHFmBsZ2WS4BgwEyAQGhOHsK3i
6/GhBgIEZ7QMiqIEAgIcIKQGBAQBAAAArgcCBQCdLialswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with RSA-PSS and SHA256
## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11
openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT}
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify return:1
---
Certificate chain
0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS
v:NotBefore: Feb 18 04:28:58 2025 GMT; NotAfter: Mar 20 04:28:58 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKDCCA12gAwIBAgIUb7/knXImdHSw3M1sbSIzSs1AgMswPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0
aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDQyODU4WhcNMjUwMzIwMDQyODU4WjBnMQsw
CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr
MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy
bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwtZGjmKiFh6ZBnXVN/I
ad0tBtbtm7LsOno4g1sfoxFY5DYPdJ9kGw10ewzr+6KRv7KmvX1hhsPpDKva5COb
f9/dsu8ic4FmPP9aO9Yr5PBMGHUqz8pX49YgUHMG+YwLxudCuusJGKn31sOdT8r7
EJRBepDrqJLrwqSV+3W2kbTTbZeSurAyflRTWlgux4UM8Cg0i9/nwdK+mDzv920q
McmqtdzdN12CWsZ5d9qDY/675cs9bYMvcke3Edh8NEmqOXEg0zsVPt+JBTU4y/Rd
NJJdHRc1QC+j+1Gd1mSMJF6yST/TlURQFCUweMljDWtJhyT12YTp1jpTyl66cG0V
xTdrBtmhLb2Q1YNotxdZgGdsmGlb/ySSkkF9q55D+TJdGOMjQhpH43JunhmD/6o9
0tSsjoRRGoDQcjLjcqJisEze5Grm99AVnkaRVPZ6kRFVcgbxCW/Fn9iIVCY8xuqs
jxKY27cjfaeNVWf61PDM/E4h+L7WmaITDzpRn3rvJB0NGRGkwwIDAQABo2kwZzAd
BgNVHQ4EFgQUmHW4BDTdQigb45przpGMqwMQcFIwHwYDVR0jBBgwFoAUmHW4BDTd
Qigb45przpGMqwMQcFIwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud
EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
AQgwCwYJYIZIAWUDBAIBogMCASADggGEAApjh7QBWmIBRQE6W3wcpPZ155+U5u/X
Fjp5/f6q2lePoz76g3d7jNcwuDb/3NM0QgcmoQpdrYEYbk4UzrdZOiIFR0won9sM
RrKGZ7+xrygGGdkCL4qJ9bvn9Rr6Gu46GcdlwJhux2EuHRPJBCY6xTXU5818mrhS
4QrtKV+8TpWYXWjwy6+7j+2BvztjccYUuEqyuNn621p+6mSpeQ23Z67hyfcpEhXX
F2tvqVEl9D5EhMGbrHNCugVUtPFitvpLXlTfuu3ztn6ksH1lig6NlodzPFqLST6C
k2Tkh8vTB8y6SkRIQy+KCq9EetrcHhEtEIoxFq2PPY3O+troV9Ucllic9jmPEw2G
+S36pyqgwr/NBgCTonUPESHNaqJ30WGtrEkJGIckK8VAs8PyslrH0Rhfxx/NBJkw
PXcSNH9oeDZZQSg255PudMK0ZYMFlpi80/cKnyyUFSKAuU1UIejP1Wcag7cRNZXB
O2IYoYM6ilrLFElce9b69Mql+gLuBadgm9BtBQ==
-----END CERTIFICATE-----
subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2011 bytes and written 391 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 3092 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 65EFFB210F00F3318A7608FC784EEC93C475635CBCA2ABA8687AB33A74448B05
Session-ID-ctx:
Resumption PSK: 1F25E1241515E511E2182D768D732942C76F48D42C6B7589224ECE9A0C4F4A644902D64507D18D7CD12D938F58F3F472
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - d1 96 a4 b9 a7 b8 38 60-79 e2 7f 2b 32 51 88 fd ......8`y..+2Q..
0010 - 90 1d 07 ff 5b 0a 9d 9f-64 8e 34 8d f2 77 f2 eb ....[...d.4..w..
0020 - d0 7b 0c 83 60 69 e7 8e-34 76 d0 f7 d4 49 96 b3 .{..`i..4v...I..
0030 - d3 0f 70 34 67 38 de eb-37 fc 7f d9 89 a0 68 3c ..p4g8..7.....h<
0040 - 1f 7e e5 ac 7b 11 a0 ec-1e 51 5c dd ae 2d 3c c5 .~..{....Q\..-<.
0050 - 1c 08 e1 24 f6 a1 59 2e-b7 2b c0 76 49 6c 91 1f ...$..Y..+.vIl..
0060 - c3 3c 00 ea 1e 9c 78 70-4d 9c 85 ff 59 79 00 f9 .<....xpM...Yy..
0070 - 8b 40 57 ff e4 02 81 c7-98 76 86 b2 67 46 1c 02 .@W......v..gF..
0080 - 67 e9 18 75 5f 49 6c aa-c6 9b d4 cb 77 8f 37 ef g..u_Il.....w.7.
0090 - 1c 53 49 4f 8f 69 b3 19-95 14 9f 29 8e 0a 52 7e .SIO.i.....)..R~
00a0 - a2 9e 8e 0d 0f be e8 73-64 c8 7e 57 62 d3 0b c3 .......sd.~Wb...
00b0 - 20 c7 20 1d 5d e9 62 2a-c4 b5 38 da 93 de 91 63 . .].b*..8....c
00c0 - 8c e4 c7 7c 4d 96 db fb-a3 5a ff 48 31 ba 11 6f ...|M....Z.H1..o
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 56496E4052B9EA7693E975A067B33B12E9DB22D19E3626F93F7ED78B292A7A98
Session-ID-ctx:
Resumption PSK: C8DFF12B124007BDA25D0B49FAC03CC3985658CF8565F68B63CC1DEE87D1320FDD2C2B5F6CBFDFCCA7C7E0C49BE4C476
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - d1 96 a4 b9 a7 b8 38 60-79 e2 7f 2b 32 51 88 fd ......8`y..+2Q..
0010 - 68 1a 72 d8 72 cb d1 15-2c 2a 58 7b 7d 7d ae 0e h.r.r...,*X{}}..
0020 - 1e 57 4a 9e 8e 25 dd fe-6c aa 35 5a 97 b0 37 00 .WJ..%..l.5Z..7.
0030 - f0 9f b6 ce f5 f7 e1 71-2e ce cc 68 b7 d4 9b b1 .......q...h....
0040 - f9 ea ce 5d 98 58 5d 6f-92 4e c1 3f c2 66 d2 f1 ...].X]o.N.?.f..
0050 - 3c 14 7d b3 ac b0 29 58-48 36 88 36 ba aa ce d8 <.}...)XH6.6....
0060 - c1 6f 47 04 51 19 52 d0-7b 67 1f f8 36 e2 47 f2 .oG.Q.R.{g..6.G.
0070 - 6a c3 9d 0a c7 b6 12 d5-5a 39 4b 79 eb 38 76 6f j.......Z9Ky.8vo
0080 - 03 f0 01 a2 cb 1c c3 ae-e8 dc 80 bb 2c 0b 7a 2a ............,.z*
0090 - f7 82 b1 4a 3f f0 7d 47-3d 3c c1 d9 ff 81 64 11 ...J?.}G=<....d.
00a0 - 73 83 85 55 83 64 80 7f-ed 0b 93 23 29 19 d5 ec s..U.d.....#)...
00b0 - 5e 19 4d 4d 56 7c 1f df-00 d7 82 10 9c 96 09 f9 ^.MMV|..........
00c0 - df b3 15 f5 11 9d 77 bd-2b 33 8d a4 4e 41 61 a3 ......w.+3..NAa.
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
407C43A6FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-sha256.pem
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIBV1W3uhi9tFFq2hWPAyxQJheIBNqo78Cmrz1SAJqqpl
BDDI3/ErEkAHvaJdC0n6wDzDmFZYz4Vl9otjzB3uh9EyD90sK19sv9/Mp8fgxJvk
xHahBgIEZ7QMiqIEAgIcIKQGBAQBAAAArgcCBQDl7lYSswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (ECDSA)
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1000 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 62216524A5EE4FEED4334D53436BE469A6777537F706AF514E8AC3454A0233C7
Session-ID-ctx:
Resumption PSK: C9050F281498A38262DBB54F1396596A28742A4D9EC9E812D7CEC6952FC233079D4E537DBEA9228F7CD0367EB433E1F6
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - bb 4b e7 bb 02 43 df 28-e6 5c df 04 a7 6f b7 54 .K...C.(.\...o.T
0010 - 94 7e 44 63 34 a8 7e ef-c6 3b d0 cf d8 7d c8 2e .~Dc4.~..;...}..
0020 - f2 92 70 ec f3 19 59 ca-b9 2d c0 c9 6d d8 04 c1 ..p...Y..-..m...
0030 - 05 7a 07 6c 5b 5c 89 3a-b8 28 7c 50 b5 a2 c1 63 .z.l[\.:.(|P...c
0040 - 41 d2 72 98 94 39 03 e1-fa 18 d9 87 f8 eb ba a2 A.r..9..........
0050 - 9b d1 86 4d 8c 78 46 5a-1f c1 1d 56 a4 5c c0 21 ...M.xFZ...V.\.!
0060 - 11 b1 bc f1 a7 1f e6 aa-b5 d4 f9 66 07 4e e8 42 ...........f.N.B
0070 - 04 09 b2 89 ba d7 da d7-1a 25 7d f0 65 11 18 9e .........%}.e...
0080 - 45 e0 bd c7 92 6c 25 01-68 7e 70 83 98 27 8e f4 E....l%.h~p..'..
0090 - 48 6d a1 08 49 ed b3 ce-ab db a9 a0 ab e5 62 65 Hm..I.........be
00a0 - 8c a6 13 2f ad a4 a2 31-5c 97 b6 08 87 1c 92 4d .../...1\......M
00b0 - 8e d2 4a 45 9a 4f be dc-49 fd 93 ac de 7b 60 09 ..JE.O..I....{`.
00c0 - ff ce 8e 7a 4f 7a 51 65-55 b1 c5 2c 62 0c e3 f3 ...zOzQeU..,b...
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A08384D36F2EA8F12DF57116ACBE02550370A39FF912BAAB0370E48237CE4378
Session-ID-ctx:
Resumption PSK: BFE67A16786552B56300E484D5E4EB0DE8BD47F400FBAFC582A7AD38778DE45B7F1B5AD4562C5712BE0ED6F3D88CE91E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - bb 4b e7 bb 02 43 df 28-e6 5c df 04 a7 6f b7 54 .K...C.(.\...o.T
0010 - bc 8a c3 bd ae f6 cb d7-94 e2 e2 64 56 47 e5 72 ...........dVG.r
0020 - 3a c7 62 75 b0 fe 25 34-28 d5 3d b7 86 a4 36 22 :.bu..%4(.=...6"
0030 - 17 68 6c 1a 23 56 b8 47-78 3e b1 0f 1c 7f 73 1f .hl.#V.Gx>....s.
0040 - c6 66 49 bd 7a 47 86 93-0a 10 2b 92 fe 6e 65 8e .fI.zG....+..ne.
0050 - ba 0e 95 bf ed 8d 49 6b-b1 99 9d 33 34 60 fe 33 ......Ik...34`.3
0060 - 42 1c 9f 32 8e 26 09 f7-08 ce ee 6c 39 83 e8 f3 B..2.&.....l9...
0070 - a5 35 47 4a 68 5c f1 2a-83 89 ad 0b 12 b1 a5 d2 .5GJh\.*........
0080 - e2 d5 f7 4a 13 36 53 62-27 49 d3 62 45 16 e0 d2 ...J.6Sb'I.bE...
0090 - 60 c1 46 ae ea f7 79 93-fa f2 0d a4 11 c7 e9 ed `.F...y.........
00a0 - 6e 97 83 ce 1e 0c 96 3b-b5 da 94 22 ce 33 ba f4 n......;...".3..
00b0 - 61 1e a8 e6 bd ab 3b 39-29 03 1c 96 6a ee 91 a2 a.....;9)...j...
00c0 - 07 ac d9 65 eb e6 31 ae-da 98 4d 97 59 47 a9 70 ...e..1...M.YG.p
Start Time: 1739852938
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
406C04A2FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIH8edURzgYGdgwShh/00ud9ugESFZAS3bFonANg1GEIt
BDC/5noWeGVStWMA5ITV5OsN6L1H9AD7r8WCp604d43kW38bWtRWLFcSvg7W89iM
6R6hBgIEZ7QMiqIEAgIcIKQGBAQBAAAArgYCBDdZCIGzAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (Ed25519)
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My ED25519 Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My ED25519 Cert
i:CN=Issuer
a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjA0MRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl
cAMhAEIvduyLWdY4L4M88R4uIBJQhN00KZxdneWMErhbviyPo4GBMH8wDAYDVR0T
AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B
Af8EBAMCB4AwHQYDVR0OBBYEFDWctd0bz0TAa+45A3gQNjpQ6di7MB8GA1UdIwQY
MBaAFK6YCyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQARpmk0
y9HTZE2NESZpSF/a1C0jgKMJhzU0aB9ABE5esxYSLtkplf3lOTepI9UGZk6vgUNY
1azX9qZH4DM/VbUB+JlT3jaw9T31wKdMniTWSppcLuxTt8A0iuq7Nkt4HMx/jkBd
ElxnI8JK9R/TX/dQNuZFY0e79LDFqZAz/IMHyZGhIVXm7ZiYvc7+RRIvF4r8K9WC
zPDTyaVEzAhmd8e8cBLTM2eFs4r5FM05wW1Qwy96v5vv6g/RFeKecgCTMQwSmt+B
C8eiV4Iv4m7SO8bvrxQ0JZccCKBqsLKD6nHxeD1lEQ3A51BVstCGjIkHXAyBjSTv
BciLPv/rMJa/5VYm
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My ED25519 Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signature type: Ed25519
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 952 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3196AA3D5C0555927C0D1DACE95BEC2368E66A5E7DCEA65A994D21C5BDFE6DEE
Session-ID-ctx:
Resumption PSK: FEA45DDA274E35444C1E0075CDF36989D184590A289EDC21D497BA8375BB770EEEA064BEF7AA719B6CF9CA6F45D99540
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 30 a9 2b 8b 1c ca 2e 83-39 a1 3d a9 36 5b ad 45 0.+.....9.=.6[.E
0010 - 01 5e 51 f2 c4 68 de a7-a7 f8 a1 ad ad a7 6a 2c .^Q..h........j,
0020 - 3a 95 79 86 ae 5a b4 ac-5e 60 69 9d 42 33 d4 c1 :.y..Z..^`i.B3..
0030 - eb ef 14 91 71 96 eb 6e-b2 5f 84 a7 e0 6a 3e 90 ....q..n._...j>.
0040 - 15 01 9e 46 36 2d f3 15-ab 66 d8 64 87 cc c0 8e ...F6-...f.d....
0050 - 2d 18 3a 62 2e 7b e6 c8-74 40 14 2a 14 03 45 f6 -.:b.{..t@.*..E.
0060 - f6 0b be 1e 86 ff 63 3d-ce 80 a7 ee 0f 68 f1 63 ......c=.....h.c
0070 - 7b f9 f3 0d 81 d5 12 21-2b 05 76 40 bb 25 d9 91 {......!+.v@.%..
0080 - 57 37 bc 94 56 0b dd b2-d8 1f 6a 25 9f c2 dc 2a W7..V.....j%...*
0090 - 94 9e cc 90 13 37 f0 88-aa 54 a7 40 86 e6 31 19 .....7...T.@..1.
00a0 - 8d 1c 00 df 0a 9f 01 3b-02 9f 25 55 c8 63 fd f7 .......;..%U.c..
00b0 - 3b 7f 23 10 60 a8 a3 dd-ff 01 4a 61 5b da f7 e7 ;.#.`.....Ja[...
00c0 - 9e 4f 5a 41 4c b9 ee 67-5a f6 7b 5e 68 38 5c 49 .OZAL..gZ.{^h8\I
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 26081C7BDD61A7AA38EF2D87D9FB797A89EFB9A864DB48FFA89CEF989C09488C
Session-ID-ctx:
Resumption PSK: 407BD19F70C3D07A31DBE310018DD8E39DA5372B6D8DA3F04C182FA8F587C8EEDF1E3036F5A45D386000BA3814D94ECD
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 30 a9 2b 8b 1c ca 2e 83-39 a1 3d a9 36 5b ad 45 0.+.....9.=.6[.E
0010 - 8e d2 14 2e 7b 70 1d 10-f4 43 a5 05 e6 61 e6 80 ....{p...C...a..
0020 - dc 00 3d 2b 99 17 59 b8-ea 97 bb 2f 2b ba 50 cd ..=+..Y..../+.P.
0030 - 80 19 eb 3f e0 69 88 e5-49 4e da 61 62 ce fb 6e ...?.i..IN.ab..n
0040 - 53 e0 d8 22 d7 2b 96 25-48 a7 4a 17 d8 24 2a c0 S..".+.%H.J..$*.
0050 - 3a 75 6e b7 05 a1 61 03-35 31 3a 1b 3c 8c cf a9 :un...a.51:.<...
0060 - fb 71 ba 46 f2 ca ad c0-17 4a 8d fe c2 15 5d 4d .q.F.....J....]M
0070 - fe 17 42 d5 f8 51 57 64-29 a3 c3 3c cc e4 57 5f ..B..QWd)..<..W_
0080 - cf ff a0 3d 7e fc f1 a1-01 a3 e5 22 c7 e2 45 e1 ...=~......"..E.
0090 - a0 32 43 7d cb da 1c d8-3c d3 9b fd 05 34 03 ff .2C}....<....4..
00a0 - 68 1d 7e 3c a8 31 1f 03-37 ca 6b fb 66 a5 25 e9 h.~<.1..7.k.f.%.
00b0 - ec c6 6b 6e 3a 1f 14 5a-80 ff eb 90 7e 67 1a 6d ..kn:..Z....~g.m
00c0 - 06 db 64 62 b1 2e 2f ae-57 e4 15 f1 6f 6b a8 e6 ..db../.W...ok..
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
409C3C8CFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIGkGYsWJRQcuuxvmvO9oDz3S3eqiFK6XajTPQWj4C72u
BDBAe9GfcMPQejHb4xABjdjjnaU3K22No/BMGC+o9YfI7t8eMDb1pF04YAC6OBTZ
Ts2hBgIEZ7QMi6IEAgIcIKQGBAQBAAAArgcCBQD62kaFswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (Ed448)
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My ED448 Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My ED448 Cert
i:CN=Issuer
a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAyMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED
OgCs4t3hXXv13EcJkK75fepF8/othIegJ57nNAdCdyAaizu59x9FE68XBvyT1IYf
IZsGptJmKPKCqgCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj
ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUsuZD6WAS
VNbnD5HhWGrCGFwT99UwHwYDVR0jBBgwFoAUrpgLJFcMFUg7DydCzavFfQeJpjkw
DQYJKoZIhvcNAQELBQADggEBAJr8o6wL1gMytNdikthnlgHxuo58Uy0AZfBnRlRx
cwN/8+7wnx8z8W23f7uIso+z71Bitw8z0lmg74CUniFaNv52QU9MlyrcNmkSiCVf
K6QT62Xw/dZWcfgXyo0mIg9S6gspDVPyTOMQZJAmM19PwMgwadN1fTEnC4Vdz8BH
fLGBS2MnqyLkfUSSbzTLb8C+j0YVzCmFu0Vp7TXaCeGEhKYjg+VXwaP0cU6/FEbQ
Hr9jSORd+eSoPIlfNNLRuZ/EoTfLR9x0Z3TnPLUuh6gsyIKfYHkeacqbo0IfG75s
aJ3Hd3KUdIRo07TNIj0UiFV3m8072Yk2dtM+3H7UH3qvuKU=
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My ED448 Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signature type: Ed448
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1025 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 456 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 524F54D50DD5EE8C36460E034A1A9ED3199AAB3F3E0AA6349C557C42138EC206
Session-ID-ctx:
Resumption PSK: 3ADE9AF570183DC52D9FF8628F6B8E9E6FA172EF1EF0AE20C3EC250238D48BED3EE12C81009CF7CE029251CAEDD134F7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 13 46 e6 3c 66 9e db 04-e9 96 96 f0 88 21 d1 2c .F.<f........!.,
0010 - 3d f9 f0 de 29 d8 f6 c3-99 a6 31 6d 6c 2e 7e 86 =...).....1ml.~.
0020 - 2c 79 79 e7 ef 09 99 33-d7 f2 e1 e3 3d f2 d7 07 ,yy....3....=...
0030 - 83 73 da ea 1b 93 02 ed-13 bb b3 55 60 c7 dd ba .s.........U`...
0040 - 46 e0 52 f5 69 b0 31 ad-ad 63 08 57 fe b4 85 89 F.R.i.1..c.W....
0050 - ad 48 99 99 8b c4 8e 48-9a 38 c4 b8 b0 a4 68 ee .H.....H.8....h.
0060 - df cd 57 e4 8f e1 6e aa-8d 73 ae 40 9f b1 6e 45 ..W...n..s.@..nE
0070 - 6e 93 e6 5b bc 35 28 7e-33 78 ba c4 73 e1 a1 93 n..[.5(~3x..s...
0080 - 7d e1 5a 0a 03 af de a4-8f 7c 41 be 5e 21 02 b4 }.Z......|A.^!..
0090 - fd 77 01 89 83 58 f4 72-96 65 d3 86 04 e7 cc f5 .w...X.r.e......
00a0 - 23 42 b8 61 17 00 81 c4-9a e8 34 8a ab 77 c4 15 #B.a......4..w..
00b0 - 79 8d 7a f6 92 22 93 e0-a7 e9 da 9f 46 41 c1 c1 y.z.."......FA..
00c0 - 9a e0 31 34 37 19 35 a2-46 08 e9 90 de fc a0 8e ..147.5.F.......
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: C8673B96E171650CB871B26AC926EB48AAA8299C65C17CD515AF6A08A5BBE404
Session-ID-ctx:
Resumption PSK: 7354067D8C9E0B72617407B84242ADF9D6DB0F56178EFB462A21A5DCAF8EBE09C7972C80FF53A900E08F6484D909BF21
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 13 46 e6 3c 66 9e db 04-e9 96 96 f0 88 21 d1 2c .F.<f........!.,
0010 - 4c ab bb e0 73 ec 23 23-7e 98 ca 11 c8 1a b4 17 L...s.##~.......
0020 - 0f 0c 4c e4 cc 66 1f 10-cc 99 92 cf 0a db 60 88 ..L..f........`.
0030 - be ec 11 bc 95 1b 1c d6-73 03 00 dd 10 14 d0 c9 ........s.......
0040 - 6a a2 3a 58 b3 d8 4d f6-47 47 97 86 90 91 d7 c2 j.:X..M.GG......
0050 - 61 bb d0 bc 62 b6 48 08-de fb 6c e9 55 d3 d4 7e a...b.H...l.U..~
0060 - 86 ed 06 47 2b 2c b7 1d-ed 8e 2a 84 0e 6b ff f9 ...G+,....*..k..
0070 - 56 8c 20 7a 99 80 a1 c4-54 86 21 5f b7 be bb 09 V. z....T.!_....
0080 - 06 1e cf 80 c3 56 89 df-5f 14 02 5e bd c7 9c 30 .....V.._..^...0
0090 - e6 00 c4 e0 2c 7e e4 15-70 59 13 a8 a5 1b 29 af ....,~..pY....).
00a0 - 3e 54 36 98 8b 78 e1 33-9a 1b fe a9 90 3d c2 7f >T6..x.3.....=..
00b0 - 14 cc c5 81 76 39 91 f1-7c 94 43 7f 22 9a 92 fb ....v9..|.C."...
00c0 - ed 39 22 87 79 3c 4a 6d-c9 48 6a b4 c3 20 d9 fc .9".y<Jm.Hj.. ..
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
40DCB4BDFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEICIh0EyrWstEng99vPmuDM3HFklMIXCt7jbgCJ0sGYAO
BDBzVAZ9jJ4LcmF0B7hCQq351tsPVheO+0YqIaXcr46+CceXLID/U6kA4I9khNkJ
vyGhBgIEZ7QMi6IEAgIcIKQGBAQBAAAArgcCBQClV8wVswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1476 bytes and written 290 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: B3B5533AA198E2AA78BA3720B020E89154BE1FBAE465E05CA193433F7F13C6BA
Session-ID-ctx:
Master-Key: 3090657DD1CE82D3182D9EC9E00B6BC97DFE70CD30C50E1277DACB3BEB91BA4D6E8B80DA7203F5991D5331B4677CA429
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 87 37 91 d7 a7 90 da 0b-c3 ef 5d 2b 44 a0 08 2a .7........]+D..*
0010 - 1d d9 dd 19 90 7e 4f 8c-73 78 a7 d2 1f 0f 3e a5 .....~O.sx....>.
0020 - 46 51 aa 6c 97 46 22 0c-b0 d7 19 fd 5e 88 1c cc FQ.l.F".....^...
0030 - a2 40 e9 cf a6 db a8 61-eb 4c eb 8a 73 36 01 1a .@.....a.L..s6..
0040 - 51 e7 ff 1f 18 73 50 36-c1 f0 f4 18 e5 c1 23 fd Q....sP6......#.
0050 - fe 5a fd 84 af fb 0b bd-73 75 d3 76 e2 bb 14 02 .Z......su.v....
0060 - 4f a8 9e e4 e9 d4 d8 33-5f 6f f9 50 06 a2 17 3d O......3_o.P...=
0070 - ba a9 7c 5f 9c 95 4a f6-76 c5 be d5 f4 20 93 da ..|_..J.v.... ..
0080 - 07 fb f2 65 09 14 b3 94-a9 b4 f2 52 46 a9 48 27 ...e.......RF.H'
0090 - 93 88 5b 62 6f bf e7 76-60 95 a3 3b bc d9 79 61 ..[bo..v`..;..ya
00a0 - 0a a8 cd f2 23 84 0b d3-0e 4b 7c 5d 30 ea cc 9b ....#....K|]0...
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
TLS SUCCESSFUL
40AC4E82FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALAMAQABDAwkGV90c6C0xgtnsngC2vJff5wzTDFDhJ32ss765G6
TW6LgNpyA/WZHVMxtGd8pCmhBgIEZ7QMi6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB
HQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with explicit TLS 1.3
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1391 bytes and written 318 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 0CCA22FEDE7EDE711D2A04D2FCD3BCAB1EF33ADDC482ADE96939C43EBBF40201
Session-ID-ctx:
Resumption PSK: 249754FBBC3A44B0E0BD0694577380E984993A5BEB06BA8B2683B393AFC9F65643223EBB57AB8D979C0E772A9B5893CF
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7f 20 44 0b 59 a7 c9 28-eb b4 40 a4 39 03 89 c9 . D.Y..(..@.9...
0010 - 2e 94 3e 12 2a 7d d0 e7-58 6a c1 4b 1c 04 3e 57 ..>.*}..Xj.K..>W
0020 - 3e ae 29 d7 18 d8 1c 83-c9 ee d3 7b 3e 97 c8 36 >.)........{>..6
0030 - bd 81 89 03 4b cf 91 41-7d dd d1 5c bc ce e8 a6 ....K..A}..\....
0040 - 6d cd 14 fd 4d 9a 49 8d-26 22 ca a1 2d d7 6b 1a m...M.I.&"..-.k.
0050 - 25 f8 b1 d2 2a df 93 01-c8 79 d0 aa bc cb b1 f3 %...*....y......
0060 - ec c3 db 3b c4 76 c7 15-b0 8f f6 08 6e 40 73 f5 ...;.v......n@s.
0070 - 22 0e 1d 55 f8 ea bd bb-c3 89 76 9c 4b 21 9f 1a "..U......v.K!..
0080 - b7 20 89 75 d5 5a 7e 73-cb b9 7c c8 37 8e f8 d1 . .u.Z~s..|.7...
0090 - 38 a2 5b 2f 09 92 c0 af-24 f1 12 63 0c 6a 93 da 8.[/....$..c.j..
00a0 - cf b4 b9 76 2f 27 4c 81-44 d3 5a 54 0a 0b 4e 8c ...v/'L.D.ZT..N.
00b0 - 08 af ec 7b 6b 90 6c 22-c5 16 a9 e1 2d 21 0b bc ...{k.l"....-!..
00c0 - 81 4d e7 42 be 51 65 41-1f c7 aa f6 2b 51 ae 04 .M.B.QeA....+Q..
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: ACD84590A1B266FC871A723C0E20CE05D9D0CBF8CA584181AD918C65FF86666B
Session-ID-ctx:
Resumption PSK: E88EF5F4880EAF723C4E81179951C8A9DEA0C6C7A23F885838654147102BEB001CAD8DC795D3E724EAB78F24949E088C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7f 20 44 0b 59 a7 c9 28-eb b4 40 a4 39 03 89 c9 . D.Y..(..@.9...
0010 - aa fe 86 fe 03 a1 91 42-bd d9 17 4e 07 1a fa d4 .......B...N....
0020 - 54 8e a5 3e 38 5e 7e 6d-a7 36 8b 1d 0e 81 39 31 T..>8^~m.6....91
0030 - 11 74 96 2e 9d 67 06 67-d8 91 79 74 dc 93 d5 c1 .t...g.g..yt....
0040 - 35 91 a7 71 df cf 6f b5-22 a8 d7 ef f9 21 c4 b1 5..q..o."....!..
0050 - 54 68 49 f5 24 93 bc 8c-3b 23 46 73 86 78 4d 56 ThI.$...;#Fs.xMV
0060 - c1 26 45 39 91 1f ab a1-db 45 90 a9 06 e6 c8 93 .&E9.....E......
0070 - 7a 08 b7 93 9f 5d 11 e8-70 fe c8 41 ec 94 2b 0b z....]..p..A..+.
0080 - 51 13 2e 8a 37 08 d7 78-4d 69 8f f6 25 4a 3f 97 Q...7..xMi..%J?.
0090 - c3 db 80 89 92 70 04 e7-07 63 aa 5d c9 c6 75 d4 .....p...c.]..u.
00a0 - 52 ea 1e 7b f9 8a 1d 0a-14 7a c0 2d ee 19 90 5d R..{.....z.-...]
00b0 - 65 2e c5 de 65 06 b3 1a-87 13 e4 35 9f 26 e8 b6 e...e......5.&..
00c0 - 19 2b 3a f4 c1 70 aa e5-55 ca 8a 8b 72 0f f4 34 .+:..p..U...r..4
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
406C1493FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIETzSjQfKBVvOWbQ0ptSntj8tX+chCck3FOfJkzZn1nC
BDDojvX0iA6vcjxOgReZUcip3qDGx6I/iFg4ZUFHECvrABytjceV0+ck6rePJJSe
CIyhBgIEZ7QMi6IEAgIcIKQGBAQBAAAArgYCBAT0j0CzAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2 (ECDSA)
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1085 bytes and written 290 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 6F2B74C3C112208F6CD6BACEA4DF1F4A5BABB8FD2A108BCEA5FB4FB5AD7FA52A
Session-ID-ctx:
Master-Key: 1B9B4EDE2CCEFFADF86CD9F00EE904C36BC2C4F6B09C84417A15FC6D501562138F1C8559F1E258BEB12D1B3E4C1AB83F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 37 b0 4a 42 13 a0 ad 40-1c c9 0c a2 99 d0 b0 b8 7.JB...@........
0010 - 8a 01 0e e8 5f 27 25 65-e1 97 13 95 d6 66 61 d6 ...._'%e.....fa.
0020 - d7 38 24 4c cb a6 06 7f-d4 54 e8 2c 1c 49 d1 f9 .8$L.....T.,.I..
0030 - ca aa fb 01 1c ab e1 51-19 d8 25 68 ae ec b1 13 .......Q..%h....
0040 - 16 80 f9 06 37 19 9c d3-98 04 02 35 0e 74 e5 ba ....7......5.t..
0050 - be da 43 7a d5 4a 36 c1-3c c8 e5 00 29 96 e0 76 ..Cz.J6.<...)..v
0060 - f9 64 5f 1d b9 03 fd 95-d3 b1 5f bb 83 4b 5d 02 .d_......._..K].
0070 - 3b ec 54 1d de ee 43 10-be 00 f0 77 1a b8 2e 4f ;.T...C....w...O
0080 - 25 92 36 e8 aa 1b a5 34-0a fd cd 24 56 2f 8d 8f %.6....4...$V/..
0090 - 91 f0 33 8b cb 9a 25 7f-74 68 62 e2 d3 7e 3e 6d ..3...%.thb..~>m
00a0 - 37 4c 43 81 af 9b f2 f5-31 ef 39 77 e8 e6 50 c7 7LC.....1.9w..P.
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
TLS SUCCESSFUL
406CD99AFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALALAQABDAbm07eLM7/rfhs2fAO6QTDa8LE9rCchEF6FfxtUBVi
E48chVnx4li+sS0bPkwauD+hBgIEZ7QMi6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB
HQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1
CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2 and ECDH
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1118 bytes and written 263 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 98D7F4DC1FA32FAAED20FE01C3106C13C431D8AA2CB952173135EA1FB2E1BA31
Session-ID-ctx:
Master-Key: 071290ECB9908A54963A7278EE7B9AA15387CA9B00C48BF6B2FE4AA49E188C78B491F79075873373DEB684BF8B092146
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - a2 ae 55 67 02 54 aa ba-fa e9 44 f8 58 b5 0c 2d ..Ug.T....D.X..-
0010 - d9 01 74 a4 d6 42 d9 a2-d0 11 84 09 87 49 3a 1e ..t..B.......I:.
0020 - 66 65 d2 97 9c a2 34 d2-a7 2f a7 f9 e7 74 c7 bc fe....4../...t..
0030 - 5e a7 5b 54 dc 33 c4 22-87 f4 06 17 6e d8 49 e9 ^.[T.3."....n.I.
0040 - 85 84 be 48 42 c8 ba 58-0e bf c2 a5 84 c6 5f 19 ...HB..X......_.
0050 - 5b a9 cf af b8 e4 7e 93-b6 47 27 d5 c6 62 64 0a [.....~..G'..bd.
0060 - da a6 c9 62 2b db 3f 96-d9 71 ed 8c 37 cc cc 09 ...b+.?..q..7...
0070 - f8 b0 98 ee 90 3e fe 19-a2 29 b7 87 9b 93 5a b5 .....>...)....Z.
0080 - ca 4d 32 95 f5 55 b2 1b-69 99 40 c0 c3 78 32 88 .M2..U..i.@..x2.
0090 - bf f6 13 6c 38 a7 ef 3a-85 ab 48 d3 40 70 dc 83 ...l8..:..H.@p..
00a0 - 70 cd a8 37 7c 32 de 07-f9 73 fe b6 30 70 5f 5d p..7|2...s..0p_]
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
TLS SUCCESSFUL
40DC9993FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALAKwQABDAHEpDsuZCKVJY6cnjue5qhU4fKmwDEi/ay/kqknhiM
eLSR95B1hzNz3raEv4sJIUahBgIEZ7QMi6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB
Fw==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: secp256r1
Shared groups: secp256r1
CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.3 and specific suite
spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1059 bytes and written 329 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 00311EB70B93E549F8AA4EF78168863130EA8EA1FC1DA98589747121D0F605A4
Session-ID-ctx:
Resumption PSK: D9DA71CB0E57B8B67514A77A2C5F7FE3926E2C96CA4C6F3C94684CCE7A63D17DB723FF589EF8AD89A103D6263A65F59A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ce 40 80 99 aa 2a 8d f3-89 47 7c c6 61 ff f9 f3 .@...*...G|.a...
0010 - 61 ed d9 e4 c5 91 ba 6f-88 f1 df 62 f8 75 c1 ea a......o...b.u..
0020 - 28 dc e6 50 70 01 4c 53-1f 98 c2 36 3f d0 c4 cc (..Pp.LS...6?...
0030 - b1 2a e3 9c dd 3b 9e 51-dc a7 7c 42 f2 4f 9f 46 .*...;.Q..|B.O.F
0040 - 64 0a f8 39 d1 e4 b5 36-98 42 49 3a 8e 9b 9b 38 d..9...6.BI:...8
0050 - 62 81 1b d9 9d 34 c4 32-f4 e6 2c 78 a8 87 01 b9 b....4.2..,x....
0060 - bc 78 9c fa 29 59 af e9-44 79 76 4f e6 ca a1 d7 .x..)Y..DyvO....
0070 - a5 ec 66 ab d3 36 d3 73-af 38 3f 60 a7 a0 da 41 ..f..6.s.8?`...A
0080 - ac 50 cd 39 05 a8 0c 11-cd 5b ae a8 89 ac 71 4f .P.9.....[....qO
0090 - 08 f9 cd c7 b0 42 25 f7-9f 2d 15 ee 27 2a bc 89 .....B%..-..'*..
00a0 - 90 da 06 96 24 72 14 df-2a cd 9c fc c3 41 21 1c ....$r..*....A!.
00b0 - 43 7e b9 96 88 40 74 ab-fd 4e d1 a7 72 6b a8 71 C~...@t..N..rk.q
00c0 - 0b 4e 12 95 ed 5f 92 d0-53 12 c0 b0 3a 00 c6 e5 .N..._..S...:...
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 20EE23E7E51B2E5BE4EEAAD507671560287C3BD11CA1B5101F6C6B6321DAE4FE
Session-ID-ctx:
Resumption PSK: 94512386B342D5F7FFEF5674A0856F7594685E055ACD6BA71929F79950E5D9319DFD29EF23E002F86CFE136706BB87D8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ce 40 80 99 aa 2a 8d f3-89 47 7c c6 61 ff f9 f3 .@...*...G|.a...
0010 - bf 82 7b a4 90 e5 61 7d-6b c3 71 b1 8d 22 57 d2 ..{...a}k.q.."W.
0020 - 4e ff f6 94 32 f3 e8 f2-e0 85 07 55 d4 f3 73 2e N...2......U..s.
0030 - 47 5b 3f 0b b4 51 93 d6-2a 62 d6 d6 25 75 83 56 G[?..Q..*b..%u.V
0040 - 94 c1 c8 e3 c3 21 fa 15-bf f3 6d 77 a2 34 39 85 .....!....mw.49.
0050 - ac 8c 28 67 79 f1 37 28-34 d3 89 79 f8 ee 98 a7 ..(gy.7(4..y....
0060 - dd ea 1f 9f d5 2e 10 89-01 f1 a1 0c 79 cf dd f6 ............y...
0070 - 45 8a 8a c8 11 fe 92 73-7b 08 28 be c4 5b 44 e9 E......s{.(..[D.
0080 - 3d 3b 90 95 7f cb 52 de-09 b8 f8 e4 16 d4 00 6d =;....R........m
0090 - 3c bc a7 de 8a 66 71 5a-fa 1c 62 36 d8 52 11 36 <....fqZ..b6.R.6
00a0 - 89 75 01 4b 58 cd 8b 77-06 67 d8 52 e3 6c 19 46 .u.KX..w.g.R.l.F
00b0 - 91 e2 ad 91 d3 40 21 78-09 66 56 80 ff 8b 74 19 .....@!x.fV...t.
00c0 - c8 bd 4e eb 60 7e a7 79-52 a7 b3 d5 8c 98 d1 b5 ..N.`~.yR.......
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
401C0A95FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIPyAX9ACO1rHzqEKbJieIoUY64yXwWPSOlBfVdUQAxMN
BDCUUSOGs0LV9//vVnSghW91lGheBVrNa6cZKfeZUOXZMZ39Ke8j4AL4bP4TZwa7
h9ihBgIEZ7QMi6IEAgIcIKQGBAQBAAAArgYCBGFwQHyzAwIBFw==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Supported groups: secp256r1
Shared groups: secp256r1
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
##
########################################
########################################
## Forcing the provider for all server operations
## Run sanity test with default values (RSA)
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1391 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 08C638C0732F7BBEC3D514BD8A24A269B9F9390843BFBED3172F192E7105DD58
Session-ID-ctx:
Resumption PSK: 4409A8E86B7A0160E66B857D8284A1A18002676198020DD609717807E12224CAA93D1AE816EF6B0D116E5601AA5C4787
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 80 88 51 22 37 19 20 60-c0 ba 6e 26 1f 6e 9b 0b ..Q"7. `..n&.n..
0010 - 11 ff 0a e0 2d 1d bc 9d-fb a4 ae 87 b8 e0 c8 63 ....-..........c
0020 - f5 a9 ab 91 12 95 6b d5-90 72 0d f5 d5 59 63 66 ......k..r...Ycf
0030 - 63 c2 e8 10 c6 b5 b9 a9-c9 02 e5 cb 78 d5 c1 ae c...........x...
0040 - 10 bb 45 a0 bd 1f c7 18-2c af 67 6c 2e 7a ad 5a ..E.....,.gl.z.Z
0050 - c4 f9 e7 6f a2 d1 f2 f2-1c fb 62 3a b9 5f fe 45 ...o......b:._.E
0060 - 4e 14 69 0a 51 bb 25 ee-15 9b 3d 58 7d b2 dd ac N.i.Q.%...=X}...
0070 - d3 40 9b f7 a2 11 22 fa-5e db d6 0e 38 0a be 4d .@....".^...8..M
0080 - b4 e3 f8 f1 4e 2c 15 de-fa 33 01 28 85 33 44 03 ....N,...3.(.3D.
0090 - 81 ab 44 70 6f 45 1a 63-34 41 7a 97 34 e2 45 6d ..DpoE.c4Az.4.Em
00a0 - d9 05 e7 06 24 54 b9 80-96 37 56 df 28 84 81 69 ....$T...7V.(..i
00b0 - 71 50 a6 93 0b b4 ce 5b-6c 19 27 0e ce 2f 86 1f qP.....[l.'../..
00c0 - 3f e2 be 7d 76 62 82 db-d1 98 14 b9 0c e6 47 6b ?..}vb........Gk
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 9E100B6F6FD6BE743719B6C9CDC7A3C6196F39D00913ED77E002844358BD6E4D
Session-ID-ctx:
Resumption PSK: 784C252863E05E1BEB1400957DB7FD8096AA8320BEE87619A3CA5C6153A813D143E59D8C6BE07DF646FB6778CEE7551E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 80 88 51 22 37 19 20 60-c0 ba 6e 26 1f 6e 9b 0b ..Q"7. `..n&.n..
0010 - 21 7d 0d d8 ff b2 1c 9b-bc e3 e3 b5 97 13 91 32 !}.............2
0020 - 34 1c 8a 6f 6e 91 31 e8-1a 8e 25 9e 46 fa 9b cf 4..on.1...%.F...
0030 - dc 6b 39 d5 87 99 ef da-29 2c 5a 93 f5 69 82 39 .k9.....),Z..i.9
0040 - e9 2c b0 f5 f2 71 81 f4-b8 ee 24 ae 7a 1a a0 4a .,...q....$.z..J
0050 - 0d 86 12 7a 9c 3b e1 79-71 be be 54 ea 02 88 ab ...z.;.yq..T....
0060 - 92 ec af f4 47 e8 60 dd-85 f9 cc 75 90 f0 da 7c ....G.`....u...|
0070 - e2 e3 61 8c 8a 72 63 38-6b a0 72 0c 1f 5a 3c 4f ..a..rc8k.r..Z<O
0080 - fd 09 30 b1 dc 8c 3e e2-d6 93 b4 a7 88 b7 76 54 ..0...>.......vT
0090 - c7 7a 71 5e ab 12 b9 48-b5 5b a2 da b7 20 96 bc .zq^...H.[... ..
00a0 - 51 58 55 14 86 5e dd 5f-9a 2a 33 f1 8b 32 02 dd QXU..^._.*3..2..
00b0 - f4 19 69 2a 2e a6 a8 bb-f4 a0 67 ad d3 01 13 6c ..i*......g....l
00c0 - f5 74 0a 53 df 00 d7 ea-cb d8 19 88 c4 ed 58 13 .t.S..........X.
Start Time: 1739852939
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
400CC28CFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIEta+MFZiY0sdobFYSbEeB555yjzGyZE7HuDlrXh+m21
BDB4TCUoY+BeG+sUAJV9t/2AlqqDIL7odhmjylxhU6gT0UPlnYxr4H32RvtneM7n
VR6hBgIEZ7QMi6IEAgIcIKQGBAQBAAAArgYCBHWcRAazAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (RSA-PSS)
## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10
openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT}
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify return:1
---
Certificate chain
0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS
v:NotBefore: Feb 18 04:29:00 2025 GMT; NotAfter: Mar 20 04:29:00 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEIzCCAtugAwIBAgIUNJPWrXiGJ8bP6TQDxKDoglvQAdQwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0
aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDQyOTAwWhcNMjUwMzIwMDQyOTAwWjBnMQsw
CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr
MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy
bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDN+ro4vV+PPtBH2YFG
CYfMSzNstHBfqCtvpL2FDWEIvM8Gkh/MR3CnC/fUC3c2b7Ulwz9atGeBVeumKL4j
qnu5ie88lHVBgjwKRn5M+X6DMmp5DsQ786wA8Z2+cc25lRUBgeDprc9+np4aH/eb
+cm1L4fXTO7uIIofFQUAY+OBcrPI6fdIejT0dHrbAmO/FGblMJyVHA/PhdrvF3RD
k3CRwZllST4sPc0aMvu7VItTDJ1xkfSRFEnmjqClF2lNP0hfHEMlMiHzF/MJCU3b
8kB/WfnaKAESFTuNgiS425TU+Lf3YUgjHJntQgIiKf57AzHhrp/TOvnbetaCBRK8
BTQzAgMBAAGjaTBnMB0GA1UdDgQWBBSdLjd95wlfOD7rob2dNpQLOxa2wzAfBgNV
HSMEGDAWgBSdLjd95wlfOD7rob2dNpQLOxa2wzAPBgNVHRMBAf8EBTADAQH/MAkG
A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC
AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEADzmJJKBoTVcx
bt9en4a15zH8U2y1I+gJEjTMbYZ44PF4t3tjV0TXE6a6Rw247gZDWfWGezgsyiF8
87hjpKUVQFluv1Khmb/sgLauIr8XZkZTwza3r9aivSg0wj4J/u/+HDlxUIIWk4sy
tLqwzH9HBhsFpwZ7NIerFZNMVnknEu8M/K+VUHu3VGhXRmkqAvmf3o5+5FyVjDrp
tfCKPU7l9XeQFq0bPx6ypjguqf/xKh8sNWhiB2BpDPIDt6SISbbvHwW2lOXw3IUD
95lfnW10crcpsbDX+stNtJQ1KrHR/bln4q5ldUCcHRcFL9efMIvgwqONsxheSLrt
hFOYWpeOtA==
-----END CERTIFICATE-----
subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1619 bytes and written 391 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D0DA1A0CA020FDF5A6EB1EDA4371825A495D70DA987E614E14C69014BEFDB090
Session-ID-ctx:
Resumption PSK: 581A92F86BDC7053DF685BA087ACCE41E455C510EECF698231BFEC443A7E3D93EA0C5BEAA7EEFD9A30F1DEB60401DE19
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 2f 8c 51 ba aa 8e 87 d2-61 9b 71 ad 7d 9d 5d c7 /.Q.....a.q.}.].
0010 - 12 7d c7 46 05 77 7e 37-45 30 2f c7 5d e8 6a 06 .}.F.w~7E0/.].j.
0020 - c7 76 b4 cb 43 9c 49 10-76 f3 d3 fb f4 bc 74 23 .v..C.I.v.....t#
0030 - f9 9a ab 80 b6 aa 04 5b-7a 9c b8 27 f3 51 2e 21 .......[z..'.Q.!
0040 - 17 aa a0 f2 6a d2 61 f5-b4 6f 1f 32 ca fe 73 5a ....j.a..o.2..sZ
0050 - 47 38 54 b5 2d 31 52 ff-3e 66 16 ff a2 a4 20 f5 G8T.-1R.>f.... .
0060 - f8 5c fb 8d 66 69 a1 57-ac 15 27 07 ae d2 16 5b .\..fi.W..'....[
0070 - 30 15 72 d9 d9 ca cc 70-df 8e 39 22 fb 47 ec aa 0.r....p..9".G..
0080 - 4c ac e6 88 a5 de 27 34-5d a9 ba 67 bb 4d c5 47 L.....'4]..g.M.G
0090 - c5 49 3d fa 8e 2f f2 1f-d3 4d 89 17 6e 53 4b 7c .I=../...M..nSK|
00a0 - af 25 1b 54 66 06 56 4f-63 47 7d 01 35 c5 b8 cb .%.Tf.VOcG}.5...
00b0 - ce ec 36 4f 2d a6 d0 c4-92 6e 1a 0e d8 34 81 55 ..6O-....n...4.U
00c0 - 0e 26 62 b0 2e d8 4c eb-a6 91 d4 93 8d 81 cc d4 .&b...L.........
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 7F8C2AED254AC5DE03DB1635C9F61D11D0943C43C36F1C2CB48BDC58437B4D8C
Session-ID-ctx:
Resumption PSK: B55DC65864A0B7CF774608B36F5DD41BA24FCF760B33FA350C211FA1BDD8107D107EC7E7C2C7805B7A4786A37CD9AE70
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 2f 8c 51 ba aa 8e 87 d2-61 9b 71 ad 7d 9d 5d c7 /.Q.....a.q.}.].
0010 - d6 54 02 8d e9 ae 8c a2-8e 61 07 77 e5 d3 f3 35 .T.......a.w...5
0020 - 4f 3a 64 91 19 73 86 cb-16 64 97 42 c7 1d 53 05 O:d..s...d.B..S.
0030 - 4f 9c a9 cb dd 18 28 85-1d ba 8b bd 42 04 58 c0 O.....(.....B.X.
0040 - 10 82 4c b9 78 cd 4f 34-aa a4 fb d7 a6 ff aa 20 ..L.x.O4.......
0050 - 2c ec cf 09 17 f6 9c 0e-98 ca 0a f5 7f f5 01 cb ,...............
0060 - 36 02 0d d5 a2 00 d8 c4-c4 5e 9e f1 2e 10 34 fb 6........^....4.
0070 - d6 72 b4 2a 3b c9 f6 77-2e 06 ca 6d d2 c1 03 5a .r.*;..w...m...Z
0080 - 39 e3 19 ba 25 6c 54 f7-1c 70 61 5d c3 fa 4c 6e 9...%lT..pa]..Ln
0090 - d2 fe fc fd 88 09 40 70-6b 0a a4 04 be 6a 7f 6a ......@pk....j.j
00a0 - ad b6 3d 84 15 54 14 e4-e2 50 e3 b8 52 96 1f f3 ..=..T...P..R...
00b0 - 6f f7 56 13 46 96 11 b3-de 16 3c 73 1b d3 3f 42 o.V.F.....<s..?B
00c0 - 1b e1 32 09 85 1a bd 06-b0 5e 77 6c 05 42 3c 72 ..2......^wl.B<r
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
408CD97FFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-default.pem
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIFJrglahSqjd2IuOjYWpRnna4uYI2j7+n+d8ihTZ8/G2
BDC1XcZYZKC3z3dGCLNvXdQbok/Pdgsz+jUMIR+hvdgQfRB+x+fCx4BbekeGo3zZ
rnChBgIEZ7QMjKIEAgIcIKQGBAQBAAAArgYCBA5fPcezAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with RSA-PSS and SHA256
## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11
openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT}
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
verify return:1
---
Certificate chain
0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS
v:NotBefore: Feb 18 04:29:00 2025 GMT; NotAfter: Mar 20 04:29:00 2025 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKDCCA12gAwIBAgIUVgyFaLRg8A81qUlot3VeKjqyudIwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0
aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDQyOTAwWhcNMjUwMzIwMDQyOTAwWjBnMQsw
CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr
MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy
bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwtZGjmKiFh6ZBnXVN/I
ad0tBtbtm7LsOno4g1sfoxFY5DYPdJ9kGw10ewzr+6KRv7KmvX1hhsPpDKva5COb
f9/dsu8ic4FmPP9aO9Yr5PBMGHUqz8pX49YgUHMG+YwLxudCuusJGKn31sOdT8r7
EJRBepDrqJLrwqSV+3W2kbTTbZeSurAyflRTWlgux4UM8Cg0i9/nwdK+mDzv920q
McmqtdzdN12CWsZ5d9qDY/675cs9bYMvcke3Edh8NEmqOXEg0zsVPt+JBTU4y/Rd
NJJdHRc1QC+j+1Gd1mSMJF6yST/TlURQFCUweMljDWtJhyT12YTp1jpTyl66cG0V
xTdrBtmhLb2Q1YNotxdZgGdsmGlb/ySSkkF9q55D+TJdGOMjQhpH43JunhmD/6o9
0tSsjoRRGoDQcjLjcqJisEze5Grm99AVnkaRVPZ6kRFVcgbxCW/Fn9iIVCY8xuqs
jxKY27cjfaeNVWf61PDM/E4h+L7WmaITDzpRn3rvJB0NGRGkwwIDAQABo2kwZzAd
BgNVHQ4EFgQUmHW4BDTdQigb45przpGMqwMQcFIwHwYDVR0jBBgwFoAUmHW4BDTd
Qigb45przpGMqwMQcFIwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud
EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAk2ZBg521XgSqXPXjzDvU+zYxqYhal+
fjSevBp3p3YsLQp7ivNIX41GfthegOKmjt0UlXgC1x/pbzwwrXjhdNaALnC8vB0d
k3Sc0LKde/jvPzbqkJ7PfJX806kdR07tCSV/qom288lr4gv3XD+ZfZzzWfnZ137X
Xg7hrQnpkGufdsZ/EGyFaebvsqkj0I/5KVKX3onV1OlJLHM7lWlNfhOAZuZQ7brD
U/8utECtkUhAYeuYnMOgBD1u7noyrws5sNLK3nh7bo1qV+eP9AZLkxQJRTcPvmwW
WTTeqHeuPz6JfjZiGe88GYD65iU1CYJfXw4Lt2OCL+tjoW+9VWeYIFr5965q8yyo
trRWVQyMvvSzAHAU3xfcy/eu29q/2ktlqmN55ipmAsy5JvLwk5IgAprKMykdEnPW
o/c7Gkugx86p/hZ4edlWViJjl2o9QaqWq99ZPwyapzfh1IQFmnG0Qu4yNfHKa3AA
1rTCk3FZtBJKC1RwZHHg4Hc9mWm/GrTp2yIikg==
-----END CERTIFICATE-----
subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2011 bytes and written 391 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 3096 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 70CBA31DD381AC964AF4D411D49918C206A1876B193210C4AB46F75328868B36
Session-ID-ctx:
Resumption PSK: 330F7FCBFDDE8263139F84F2F4B37F6DBDD7DDC6FF72C41F46B1097659B98BF8B604DF4F9EF125BFE106F7F26A6ED4A3
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - a4 ee c9 32 ba 08 fe df-fc 6f a5 32 5b 25 bc 7a ...2.....o.2[%.z
0010 - 91 0c dc b3 1e 48 7e 80-92 46 0c 8d de 60 c3 05 .....H~..F...`..
0020 - 7e 56 75 84 ef 85 f9 85-54 07 90 c5 9b 5b c6 34 ~Vu.....T....[.4
0030 - 0d c6 1f 8b dd a2 d8 25-92 a2 16 cc 31 d2 8c f4 .......%....1...
0040 - cf 61 68 4d 68 07 39 72-e6 5b 2c 95 c9 db 86 af .ahMh.9r.[,.....
0050 - af 21 f5 0d 1b 12 95 a9-7e b8 72 e4 8b 40 19 13 .!......~.r..@..
0060 - 60 66 a9 e2 e5 d6 ad 02-8e 89 20 53 3f 87 dc d8 `f........ S?...
0070 - 60 8c e9 ff 6e f3 20 3b-42 aa 93 0b 96 19 ac 93 `...n. ;B.......
0080 - 8f 59 9d 37 74 dd 0a 19-e1 8b 5c d8 61 19 99 5e .Y.7t.....\.a..^
0090 - 97 c0 26 f4 d1 82 7f 0f-4b b8 d4 02 8c 91 bf 43 ..&.....K......C
00a0 - 4b 43 10 81 cf 47 af ca-5e 84 0f 06 11 73 cc 01 KC...G..^....s..
00b0 - 2f 65 53 80 c6 df c8 7f-77 20 4c c5 02 29 67 22 /eS.....w L..)g"
00c0 - ed 69 fe 90 1c 42 37 8c-2b 10 81 c7 ae b5 da 24 .i...B7.+......$
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A1EDAF1F32D90A2A4D0EF8C0DFA6BCDC461BF3C7A20D4365F4481D3EE3E7D2A5
Session-ID-ctx:
Resumption PSK: E0945543576B84FA737B9A843BC9D8FC46C6290A76BE1F7334FA10A27F4A1EEC5EB50152B539084B520C4B933E6633CB
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - a4 ee c9 32 ba 08 fe df-fc 6f a5 32 5b 25 bc 7a ...2.....o.2[%.z
0010 - 64 54 df 8b f0 d6 7d b6-b3 2d 24 83 cf 75 a5 30 dT....}..-$..u.0
0020 - 72 f3 45 e8 05 1c 3a bf-14 77 6f 30 40 21 c5 33 r.E...:..wo0@!.3
0030 - c9 a1 77 93 03 b7 d1 4b-b9 8c 9f fd b7 2e 9b c7 ..w....K........
0040 - 7c 39 e5 9f 39 e2 4e 1d-c8 a1 e8 dd 23 69 a2 42 |9..9.N.....#i.B
0050 - d5 76 b8 d7 8f a2 9a f0-69 0f 61 45 28 0c 9b 3f .v......i.aE(..?
0060 - f2 73 87 86 f2 38 75 a4-8e a9 48 ec 96 8a 55 fd .s...8u...H...U.
0070 - 59 e8 fd ef e7 b4 e3 1d-e1 7e e7 e1 4c 8f ec f2 Y........~..L...
0080 - 74 e7 56 10 13 b9 88 3f-d5 bc 4d 40 bd 16 1e e5 t.V....?..M@....
0090 - 33 80 f9 e1 0a ba 25 9f-30 87 c7 90 5d c4 09 3e 3.....%.0...]..>
00a0 - 75 9d ce 03 f0 3b 64 6e-1d bb 87 01 60 87 8e 2d u....;dn....`..-
00b0 - ca 56 64 7c fa dd c9 bb-ca 78 b8 05 50 1b de 12 .Vd|.....x..P...
00c0 - 33 95 25 78 69 95 ed 29-58 8e 2e 72 fb 12 62 b3 3.%xi..)X..r..b.
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
401C9CB1FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-sha256.pem
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIPYcXkXhTFqvIFlnfSBki24peqjLJd27nZ8g/mLF9Dln
BDDglFVDV2uE+nN7moQ7ydj8RsYpCna+H3M0+hCif0oe7F61AVK1OQhLUgxLkz5m
M8uhBgIEZ7QMjKIEAgIcIKQGBAQBAAAArgYCBHv5Pg2zAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (ECDSA)
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify error:num=1:unspecified certificate verification error
verify return:1
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1000 bytes and written 391 bytes
Verification error: unspecified certificate verification error
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 1 (unspecified certificate verification error)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3B37209523FF4EDA4BFA70C7F71C965EE6152AF628D57C8BC0F528C14206E865
Session-ID-ctx:
Resumption PSK: 1109C8537F4DE7C6D4B7D8030FDD04C87F871F615D82B7168508E606391C97BCB6E04F6ED912AD640367DB90BBDAB103
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 59 77 3d fe 65 dd 7a ae-b3 67 92 3d 01 0c 07 8c Yw=.e.z..g.=....
0010 - f8 b6 de 19 66 8d 1d 98-bd 73 a7 2a ab f4 72 1f ....f....s.*..r.
0020 - 3a cf 05 df ed 83 96 22-3b 48 8b 35 44 4b f4 27 :......";H.5DK.'
0030 - bb 15 c8 31 d2 a4 f2 bb-0f ac fa 55 37 d8 9b 98 ...1.......U7...
0040 - 71 04 60 f5 6e 13 70 b4-7c 4f 24 eb 7a 84 94 1c q.`.n.p.|O$.z...
0050 - f3 ea 5e 22 8d b3 5d 59-6f 66 4b c9 33 48 56 e7 ..^"..]YofK.3HV.
0060 - 05 7b 97 f2 8d c1 89 61-75 dd f2 62 2f bd 0b b3 .{.....au..b/...
0070 - a2 71 b9 04 fc 2f a1 d9-a9 38 3c 1b eb 59 8a c0 .q.../...8<..Y..
0080 - 78 f5 0b c5 31 d7 d6 da-b9 bb 97 f6 5c 05 4a 04 x...1.......\.J.
0090 - d5 d4 ec 88 60 c8 2a 42-ef e5 57 2b ef ad ef 97 ....`.*B..W+....
00a0 - 16 be 81 a0 ba cb db f4-32 7c b6 44 f5 c6 2d 99 ........2|.D..-.
00b0 - a8 f0 c4 ec e7 d6 21 3f-c1 42 e9 ef 48 c7 47 0a ......!?.B..H.G.
00c0 - 5b a0 82 89 64 2d bf 40-88 59 48 60 93 9d de d5 [...d-.@.YH`....
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: EC0917A03195A6EBCA78097FC47F574FD49F460FFFA8FFB0940EBF493961C5DD
Session-ID-ctx:
Resumption PSK: 5AF7364884306424D020082C7537B761F56FD7B8F5BC74562F6544FFC51912A8C0175F4C9A4A6573A0295D8132A25A2F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 59 77 3d fe 65 dd 7a ae-b3 67 92 3d 01 0c 07 8c Yw=.e.z..g.=....
0010 - b5 09 86 8a be f2 de 7a-6c e7 6b 13 ea a3 ae 91 .......zl.k.....
0020 - 90 04 e2 e9 dd 2a f5 ec-cc 06 9c 11 5e af 40 0f .....*......^.@.
0030 - 8d 15 4a f8 5f bf f4 30-7c 75 d0 cb 49 ef 19 a1 ..J._..0|u..I...
0040 - 6f d5 a7 0c bd b3 bc 7a-22 10 bb f1 35 50 62 2a o......z"...5Pb*
0050 - 09 36 c2 11 80 64 b9 5a-a5 1e 6d ae ce 7d b4 30 .6...d.Z..m..}.0
0060 - 46 99 5a 61 91 8c 21 3e-3a cf d6 af 1c 03 5a 8f F.Za..!>:.....Z.
0070 - 0a c4 cc 89 8b 83 2c 17-24 0c 2e 43 d1 de 7c 0e ......,.$..C..|.
0080 - bd 7f 9d a6 af 59 9c 6d-15 d3 4f 3c e1 ae f3 42 .....Y.m..O<...B
0090 - 6a d7 1b 5e 88 94 a9 12-80 80 e1 b8 b6 80 f7 e6 j..^............
00a0 - 36 0c 8d 7f 3e 73 b1 c6-02 99 80 ae 39 28 b8 e4 6...>s......9(..
00b0 - 21 46 46 96 2e d9 02 0a-85 14 ac ef f3 25 9e c2 !FF..........%..
00c0 - 02 fd fb c8 a4 60 1d d7-83 65 5a 39 cc 38 2d ea .....`...eZ9.8-.
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
409C37BCFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDBAQCEwIEIImumTgwP+xammAd715Kqvi6quScyBAwixuC5JgDrFNc
BDBa9zZIhDBkJNAgCCx1N7dh9W/XuPW8dFYvZUT/xRkSqMAXX0yaSmVzoCldgTKi
Wi+hBgIEZ7QMjKIEAgIcIKQGBAQBAAAArgYCBGdRCbezAwIBHQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (Ed25519)
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My ED25519 Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My ED25519 Cert
i:CN=Issuer
a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjA0MRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl
cAMhAEIvduyLWdY4L4M88R4uIBJQhN00KZxdneWMErhbviyPo4GBMH8wDAYDVR0T
AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B
Af8EBAMCB4AwHQYDVR0OBBYEFDWctd0bz0TAa+45A3gQNjpQ6di7MB8GA1UdIwQY
MBaAFK6YCyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQARpmk0
y9HTZE2NESZpSF/a1C0jgKMJhzU0aB9ABE5esxYSLtkplf3lOTepI9UGZk6vgUNY
1azX9qZH4DM/VbUB+JlT3jaw9T31wKdMniTWSppcLuxTt8A0iuq7Nkt4HMx/jkBd
ElxnI8JK9R/TX/dQNuZFY0e79LDFqZAz/IMHyZGhIVXm7ZiYvc7+RRIvF4r8K9WC
zPDTyaVEzAhmd8e8cBLTM2eFs4r5FM05wW1Qwy96v5vv6g/RFeKecgCTMQwSmt+B
C8eiV4Iv4m7SO8bvrxQ0JZccCKBqsLKD6nHxeD1lEQ3A51BVstCGjIkHXAyBjSTv
BciLPv/rMJa/5VYm
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My ED25519 Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signature type: Ed25519
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 952 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 96153BCD5AD48AD21A725A76ADD14F979B5E52F2F224DF900A25EEE655BDC5E3
Session-ID-ctx:
Resumption PSK: DC7B2E234D97D1D0A3A9A20E169846225C2F6E37DF55FABA7CCF409E3DE2C066FD7F83CE18F4A29F7DB0E9CC4A209398
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b0 9d 42 c7 91 19 1c e0-8f f8 09 6d c9 87 fb 75 ..B........m...u
0010 - 6b dd 2c f3 b1 7b c9 01-39 11 32 ef 09 02 f1 e4 k.,..{..9.2.....
0020 - bf eb fa d2 08 f3 0c a0-8c 00 0a 0e 11 7e c2 f0 .............~..
0030 - c4 d6 03 4f 5a b1 af 8d-a0 84 ea 46 d9 bc 7d 32 ...OZ......F..}2
0040 - b8 56 91 da 80 0d fb ee-6c 22 be 10 ca e5 a8 fa .V......l"......
0050 - e5 63 11 c7 42 c8 b6 f1-79 c0 e1 b2 1e cb 25 97 .c..B...y.....%.
0060 - 39 31 18 fe 9f c2 bb e3-e5 7b 9a 76 9c 81 4d 9b 91.......{.v..M.
0070 - 56 a9 65 e5 0a 01 72 43-2d 7f 7d 3d fc ee b2 09 V.e...rC-.}=....
0080 - 36 dc 70 32 5e 7b ad 43-52 db a2 89 f8 00 8b c5 6.p2^{.CR.......
0090 - 08 b0 e8 cd 0b 8e ef 4b-04 b5 e7 52 f8 61 64 09 .......K...R.ad.
00a0 - 0c 46 c3 e7 48 10 41 7b-1d db e9 ef b2 34 5b 6a .F..H.A{.....4[j
00b0 - 1b 23 fc 7e f1 98 93 8a-85 c1 f8 65 21 0d 68 4a .#.~.......e!.hJ
00c0 - 7c 48 12 06 92 db e2 aa-c9 87 29 c8 07 3b 1e c5 |H........)..;..
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 52E518B97276445B073316E8D2AEDE8443D18C0C0F05B1B48981AE13BCC3DEF3
Session-ID-ctx:
Resumption PSK: 3721FAE58686771EB182B5C410B77844E20A46087CE58E8852917019C79421331233D621C7339E63BA44B9CB0FAAAAE2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b0 9d 42 c7 91 19 1c e0-8f f8 09 6d c9 87 fb 75 ..B........m...u
0010 - 1d 8d be fc 5f 58 6c a7-fe 59 0e 3a aa 06 05 34 ...._Xl..Y.:...4
0020 - 6b cb 58 e4 80 12 db 34-c1 3c 7d bd 99 0f 1f 2a k.X....4.<}....*
0030 - c7 74 ac 40 71 7c fe 54-f0 04 bd 9c 56 30 47 bf .t.@q|.T....V0G.
0040 - 69 c4 6b 8e 7c bc 84 17-f2 f0 aa 4f d4 f5 16 c7 i.k.|......O....
0050 - ee 89 5d 75 a9 33 55 82-d6 a1 5b d7 52 cb 54 5e ..]u.3U...[.R.T^
0060 - 14 86 0a c9 4b 9e 8d c1-83 fc b7 48 e8 fe 18 44 ....K......H...D
0070 - 37 6d 22 22 f5 fb 94 7d-27 f9 6d ac 9b c6 60 8b 7m""...}'.m...`.
0080 - e1 43 a7 c8 7f 12 ee fb-e8 80 3f 53 d6 00 65 66 .C........?S..ef
0090 - ba d4 a8 9d f6 03 25 f7-8d 50 47 ea 44 90 ad 0a ......%..PG.D...
00a0 - f9 30 1c 80 26 5f c6 cf-95 da f1 c5 89 55 dd 22 .0..&_.......U."
00b0 - 61 85 05 d7 b8 8d ab 76-84 eb 85 73 25 9d f6 30 a......v...s%..0
00c0 - 51 94 5b c4 df 93 0b a8-3b 0d 6f 58 25 53 94 85 Q.[.....;.oX%S..
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
405CFA8AFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEID0kFpoBafq1/oLCACVQvJo/wMUsttmnpI2gJfngt+p9
BDA3IfrlhoZ3HrGCtcQQt3hE4gpGCHzljohSkXAZx5QhMxIz1iHHM55jukS5yw+q
quKhBgIEZ7QMjKIEAgIcIKQGBAQBAAAArgcCBQCpIcUiswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run sanity test with default values (Ed448)
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My ED448 Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My ED448 Cert
i:CN=Issuer
a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAyMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED
OgCs4t3hXXv13EcJkK75fepF8/othIegJ57nNAdCdyAaizu59x9FE68XBvyT1IYf
IZsGptJmKPKCqgCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj
ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUsuZD6WAS
VNbnD5HhWGrCGFwT99UwHwYDVR0jBBgwFoAUrpgLJFcMFUg7DydCzavFfQeJpjkw
DQYJKoZIhvcNAQELBQADggEBAJr8o6wL1gMytNdikthnlgHxuo58Uy0AZfBnRlRx
cwN/8+7wnx8z8W23f7uIso+z71Bitw8z0lmg74CUniFaNv52QU9MlyrcNmkSiCVf
K6QT62Xw/dZWcfgXyo0mIg9S6gspDVPyTOMQZJAmM19PwMgwadN1fTEnC4Vdz8BH
fLGBS2MnqyLkfUSSbzTLb8C+j0YVzCmFu0Vp7TXaCeGEhKYjg+VXwaP0cU6/FEbQ
Hr9jSORd+eSoPIlfNNLRuZ/EoTfLR9x0Z3TnPLUuh6gsyIKfYHkeacqbo0IfG75s
aJ3Hd3KUdIRo07TNIj0UiFV3m8072Yk2dtM+3H7UH3qvuKU=
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My ED448 Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signature type: Ed448
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1025 bytes and written 391 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 456 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 0C896DCC45B1CEAA5E31B777DC596CBBF2D539D676FCD9B7D6B2AAFA3909BE79
Session-ID-ctx:
Resumption PSK: 6D75248D42DAEB4EED508C1F0C6B4804F04DAA48A0965DD0FEA1397B7C28553690C4F2E8A88E03A5D7107D096305E532
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 91 2e ce d2 b1 7e df f8-01 e2 5c 09 16 04 d4 08 .....~....\.....
0010 - 20 00 87 95 77 c6 0b 8e-74 2b 04 9e 71 26 66 2c ...w...t+..q&f,
0020 - a1 5f a4 57 a2 48 87 c4-c3 66 af 43 79 25 cd 38 ._.W.H...f.Cy%.8
0030 - 31 2e 9a 14 47 fa ca 0f-e4 64 16 b5 00 2e 1a ef 1...G....d......
0040 - 8f b3 7d cd e7 4f a3 b5-53 8e 98 9a 3a 81 88 e7 ..}..O..S...:...
0050 - ed 8c d4 8c df ec 7c 79-5c 1f db 38 82 a2 89 44 ......|y\..8...D
0060 - 34 91 cc f6 64 e6 78 51-78 80 00 40 5c f8 a6 29 4...d.xQx..@\..)
0070 - f4 ec 28 2f 64 60 06 4a-8d de 50 b6 b2 39 9d dc ..(/d`.J..P..9..
0080 - b7 f7 52 98 23 a0 84 0b-c4 9f d3 42 45 0f 1f 06 ..R.#......BE...
0090 - f0 b6 ad 95 d5 c9 17 44-6f e6 f1 7e 82 44 c6 d4 .......Do..~.D..
00a0 - 5f 71 25 2d a9 ec 30 2f-c3 a7 e2 f9 63 d7 d8 47 _q%-..0/....c..G
00b0 - d2 40 0d 43 c6 e1 c1 e9-cd b4 0c c9 d6 42 2a 8e .@.C.........B*.
00c0 - 14 ba 8b bc 35 62 23 37-ad b9 8e 1a df 42 a0 40 ....5b#7.....B.@
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3B78A6D247FAD1629ECAD11F705D3785F223F8E49510BCAC06A70A96E5DCF630
Session-ID-ctx:
Resumption PSK: 54B313306465BEBB0C37DB76BE8EB9A13736768FA84BE15991F530AE6C4D248ED40CAD7D2D36E828BF16A9743ABAE882
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 91 2e ce d2 b1 7e df f8-01 e2 5c 09 16 04 d4 08 .....~....\.....
0010 - 57 33 e9 30 31 38 e3 3d-22 94 f3 ea 95 72 68 3c W3.018.="....rh<
0020 - ac 1c a0 b2 75 7e 51 d6-57 2a eb 40 32 5e c2 d6 ....u~Q.W*.@2^..
0030 - af 17 80 53 04 06 5b 05-2d 3b 32 67 16 2e 97 f4 ...S..[.-;2g....
0040 - a8 5f 99 20 78 65 b6 cc-0d 3d 6b 97 3c b6 55 4c ._. xe...=k.<.UL
0050 - 99 3f a0 5e 50 64 33 ea-23 9c de fa 1b ba a3 62 .?.^Pd3.#......b
0060 - 04 61 8b 0f 72 b4 e7 bb-0d 2b 71 d3 dc 96 bb e0 .a..r....+q.....
0070 - 63 4e 1a 81 17 52 9e 7f-60 2c 5f 69 81 fc 86 0c cN...R..`,_i....
0080 - 54 a7 60 aa 7f 19 f2 a7-65 9d 24 7a 7b 7e e4 26 T.`.....e.$z{~.&
0090 - 34 a4 3a f7 00 da 84 f9-75 fc 46 b0 4f 6f bd ed 4.:.....u.F.Oo..
00a0 - dd 78 75 90 06 f9 f6 6f-99 9f 6a ae b9 b3 10 f8 .xu....o..j.....
00b0 - 65 6c 2c 41 43 df ef 65-63 ff 97 d9 fc d9 eb 75 el,AC..ec......u
00c0 - a8 15 bf e6 83 ac ae db-3b 7c 0d 7e 2a 0a b0 ef ........;|.~*...
Start Time: 1739852940
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
40DCC7A6FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIFuMMLphmV8VKqK9AmGnlbPwgoHigv6v8VOX+lvW9csY
BDBUsxMwZGW+uww323a+jrmhNzZ2j6hL4VmR9TCubE0kjtQMrX0tNugovxapdDq6
6IKhBgIEZ7QMjKIEAgIcIKQGBAQBAAAArgcCBQCTgHaMswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1476 bytes and written 290 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 8D488966A7E2FDAEDC8BD82225B527643AC57B9E84B27362A2FCBDBAF387B08D
Session-ID-ctx:
Master-Key: 9E7F5C7B1F26877582711BA37A03870ED91DD2CD85F9C6271C73F6C2C4CC251EF175861B42814BF47D401302BEA57F1B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 3c e0 25 6c 8f 38 64 7e-eb d3 d7 0b 72 2d 21 b0 <.%l.8d~....r-!.
0010 - e0 1a 3b d0 0a 97 c7 8f-9d 17 79 ec 71 98 1d 74 ..;.......y.q..t
0020 - 39 c7 89 f8 d3 ec f0 24-43 dc 1b d9 72 7e 85 b1 9......$C...r~..
0030 - 07 bb 7c cc 44 72 9f 02-80 f3 af f2 46 96 dc 15 ..|.Dr......F...
0040 - 3b 67 55 d3 77 07 91 33-7a 62 6f cd d9 c0 f6 7f ;gU.w..3zbo.....
0050 - 30 8b be 5d a0 2c 4f 5d-b8 ea ec 68 9c 0f a4 79 0..].,O]...h...y
0060 - b8 20 af 0a db ba f0 65-4a ef 88 46 bb 07 10 66 . .....eJ..F...f
0070 - 04 c1 27 e4 71 0a 7b 75-77 4e 9f 15 ac 3e 53 0f ..'.q.{uwN...>S.
0080 - ba 82 00 76 c0 09 e5 1c-1a c4 5f 0a 81 2a df 37 ...v......_..*.7
0090 - ff 94 df 18 48 90 7d 8f-bb da fd 0c 2e 8b 32 69 ....H.}.......2i
00a0 - 81 6a c6 5f 16 79 ad ba-5f fc d2 e9 81 f7 9e ba .j._.y.._.......
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
TLS SUCCESSFUL
403CC890FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALAMAQABDCef1x7HyaHdYJxG6N6A4cO2R3SzYX5xiccc/bCxMwl
HvF1hhtCgUv0fUATAr6lfxuhBgIEZ7QMjKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB
HQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with explicit TLS 1.3
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My Test Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My Test Cert
i:CN=Issuer
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAxMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqZLMAQ2yaKcVciacryw7fL49yPsjaq8Qfp
/J3avZmxMogzzSlf4kkke6vUw9ep2IqLIwrt8HVkf/Sue28X0fK2nrfoEXIVqK+4
JDMkMZvMpxs/62UqOporp+YJprvlsMJCZqFDz7jJj21IYkrbKiM6mZi6g5ltkXlp
gs4q6p23+qoylk+fA+N4d/SctipNd24H0OrFN/2J+R88XlAW0+R63CiynUjQw47l
pw4oV81JmopqA4LV8OEmvJN+w/q3bwTAUqnS4Q5W7Md8hbv/2SMC2+5TP2m18yES
ZwjBcjNKBi8yeBJLUr+FqtPoMMxjTB6BR6aa/9NiytXI0NGoT7cCAwEAAaOBgTB/
MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRCofkUj+V1IIX6Q6eVyfKOoi+8MDAf
BgNVHSMEGDAWgBSumAskVwwVSDsPJ0LNq8V9B4mmOTANBgkqhkiG9w0BAQsFAAOC
AQEAn/EPRVeuciY+nEGi0BSzd7wAMIt4AlSV7YzldIbiOCQUyYodnoaz/oEH1Eb/
NhdDsWZ0NzALjBYRkR4iyf6/wGS/foIpeSgnSiDJOEx4H1zdwjmtUjX4s3hVJg9s
aPkWSnxBGptMa9F2DpZmK8VdXeIkI+jkdtZIb4qIDL2rLi3TSiDtLxJK1T+uaqQ8
iQHseUdVjbdTf+jiU9s+R9X1uHd1xEBtIAi+26D0/MfB1wNpP81BoQ2Ye4zgEWRJ
1GuBDg0VxdPKe8cHcxOQ9SWrAve+9DFCcQadRKyeBQL6CekYnXRWELN1f3hRAU7n
3eRMrDMvP0PK8VnXGJ0RdTJr2g==
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My Test Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1391 bytes and written 318 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A1B53E66B11293C0895F0AD48DCEBA5599025E7EE7C1B6B8BE7C4FA30E85DEE4
Session-ID-ctx:
Resumption PSK: 1132F87760FECA981853B001524F5DAC8ABAD57A9AE60D500B8FCCC10974594221519C02CA97984F0711CE7F0E9F67D5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 80 12 4e 48 d4 11 2f 31-54 9b c6 ec b5 c4 7f 0b ..NH../1T.......
0010 - 1f 41 1f 26 6d 2d 01 3c-91 ec 54 ab f3 26 da fc .A.&m-.<..T..&..
0020 - 23 5e 31 b3 af f1 d8 4e-88 58 9a 75 c3 3e 87 72 #^1....N.X.u.>.r
0030 - e1 1b d6 55 81 e2 0a ff-44 e4 a7 a5 36 66 86 cd ...U....D...6f..
0040 - 2d ab 11 bd 15 26 d2 74-7a 8c 55 ca 88 7d 5e 7a -....&.tz.U..}^z
0050 - ec a1 0f 88 b2 57 6f e7-da 71 c7 6d d7 0d 99 c8 .....Wo..q.m....
0060 - 08 bd 05 97 2d ca af 7c-b0 8d 15 6c 7f 91 65 30 ....-..|...l..e0
0070 - 44 a4 7e 65 8d 36 cb 8c-3f e8 cd 72 49 5e 0a c6 D.~e.6..?..rI^..
0080 - 5d d2 ee 00 32 4c cd 73-d3 f1 42 ef 7e d0 df 98 ]...2L.s..B.~...
0090 - a5 9b 4e b4 fe 39 ea 91-e6 4c db d4 a4 89 1e a8 ..N..9...L......
00a0 - 4d 90 0e 8b c4 78 d2 87-23 cc 43 69 6e c2 9f 32 M....x..#.Cin..2
00b0 - 3f cc f3 dc 03 98 85 19-5a ca 4f bd d1 b9 6d f6 ?.......Z.O...m.
00c0 - 50 bb f9 01 ab 75 a7 28-91 ae 06 24 6b c6 49 15 P....u.(...$k.I.
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 770F4ABC45FD55943A6378EA797A338FBDB7DEC524D1162322CC8A2872B20353
Session-ID-ctx:
Resumption PSK: 8A26E40639F37283506E484CA45D34274FAC78A83DDA0776A89C9674D59B4EF651E5B4B8019A720D75F8667237326732
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 80 12 4e 48 d4 11 2f 31-54 9b c6 ec b5 c4 7f 0b ..NH../1T.......
0010 - 98 38 82 b5 d0 96 ca 9d-b6 8a 8d 9d 04 91 56 17 .8............V.
0020 - c8 22 8b 25 95 9e 2d 6d-11 fc 26 70 fc 5a d0 c7 .".%..-m..&p.Z..
0030 - c7 db 39 f5 23 2b 8d 09-cc c9 0a 65 23 33 4b 64 ..9.#+.....e#3Kd
0040 - 10 56 b5 4f ca 31 91 27-fa 61 c1 5e 6b e7 d6 9a .V.O.1.'.a.^k...
0050 - c5 d0 11 48 b9 e4 cb cd-87 5c 96 40 ee 75 b5 f6 ...H.....\.@.u..
0060 - f7 37 82 f0 3a 89 69 d7-36 67 b5 cf 13 23 6d 7e .7..:.i.6g...#m~
0070 - 9d 64 2e e0 34 81 bd 69-cd 63 12 1d d1 12 25 9c .d..4..i.c....%.
0080 - 74 ea ac 45 d3 52 a5 12-63 10 6c 69 1c 57 13 91 t..E.R..c.li.W..
0090 - 19 4f 8f 87 83 c9 ef 01-0a 29 a0 28 d0 1e a2 cf .O.......).(....
00a0 - 30 de c1 7e 4b 2e 2e eb-cf b6 a8 1d de b3 8d 72 0..~K..........r
00b0 - f5 a5 02 32 73 ef 1f dc-0f 98 cf de fd 47 88 b7 ...2s........G..
00c0 - b5 cc f5 a1 09 dd 92 53-0c 52 d0 1c e3 56 08 dd .......S.R...V..
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
40CCF17FFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIC+23EX+7tiHUl6kVjAueGhei9Kppb0gPnfG/+h62R6a
BDCKJuQGOfNyg1BuSEykXTQnT6x4qD3aB3aonJZ01ZtO9lHltLgBmnINdfhmcjcy
ZzKhBgIEZ7QMjaIEAgIcIKQGBAQBAAAArgcCBQCXpuCNswMCAR0=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2 (ECDSA)
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify error:num=1:unspecified certificate verification error
verify return:1
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1087 bytes and written 290 bytes
Verification error: unspecified certificate verification error
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 567DD028883D98655AD6E4DCC63151BAC2C69A2B3A1F8475BA98157B26842523
Session-ID-ctx:
Master-Key: 5FBC5135CF3614E7BBCA6965BB5E89E340C1AE7958A7BC082C39543E35968994734096C5D0A0F627A1DFC5681851ADBB
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 0c f9 dd d0 d1 b0 90 ae-ce eb d7 af d3 d4 5d 90 ..............].
0010 - cf a1 68 67 97 f1 4e 28-d9 8f 47 fe ce 81 aa c6 ..hg..N(..G.....
0020 - d9 1b 65 7c 5b f3 5b e4-d0 92 cc 36 33 05 dd 79 ..e|[.[....63..y
0030 - 17 de a6 31 17 bc c9 4a-fd 1a db 81 97 f8 c2 ce ...1...J........
0040 - 86 b4 28 98 25 4b 08 c1-a5 bf e5 76 80 a6 15 ba ..(.%K.....v....
0050 - cd a3 76 1a 5d 0c da d8-dc c0 c5 e8 7c 85 df 91 ..v.].......|...
0060 - 2d 9c 21 3e 2d 28 c1 64-8c ad 28 64 b4 c3 10 16 -.!>-(.d..(d....
0070 - 80 eb 80 f7 7e 20 be 88-dc 1a f9 e3 7e a0 21 c8 ....~ ......~.!.
0080 - a7 0a 4e 60 7f 54 29 c6-1f 3a 60 2d 5d ef 41 1f ..N`.T)..:`-].A.
0090 - 55 7c 48 9f 6a 5c 61 b3-da a2 86 e6 dd da 10 9a U|H.j\a.........
00a0 - ea 15 f5 21 01 89 90 78-30 6c 26 06 a8 ac cc 4e ...!...x0l&....N
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: yes
---
TLS SUCCESSFUL
409CFC91FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALALAQABDBfvFE1zzYU57vKaWW7XonjQMGueVinvAgsOVQ+NZaJ
lHNAlsXQoPYnod/FaBhRrbuhBgIEZ7QMjaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB
HQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1
CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.2 and ECDH
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify error:num=1:unspecified certificate verification error
verify return:1
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1118 bytes and written 263 bytes
Verification error: unspecified certificate verification error
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: F59563679745151BA3319B8F415AA6E9BD37FEA1A0613B1DFC4B11CC38161821
Session-ID-ctx:
Master-Key: 89FADDA0ED005C321955B75AB96243F2960903865CBDCD3AA34A38FD9E241D94CBEF3AD4A564EF1B23EA1C2599FBA1D5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7d 8a 7a 31 a5 1f f5 4f-46 26 e9 a4 20 c6 fd ff }.z1...OF&.. ...
0010 - cd 06 18 4a 99 af 7d 36-f4 dd fb 22 55 d7 60 10 ...J..}6..."U.`.
0020 - 06 e5 53 b2 2d 6c f9 8f-6d 3c f7 55 67 83 3a e8 ..S.-l..m<.Ug.:.
0030 - 03 0e a8 74 f4 a6 69 4c-6f 5b d9 f8 7d 47 95 6e ...t..iLo[..}G.n
0040 - 75 b9 50 57 d4 9f d4 f6-ee 9f e4 84 1f d2 57 53 u.PW..........WS
0050 - ac 90 4c 60 68 16 f7 9c-c2 6f 28 5c 6c 96 76 0a ..L`h....o(\l.v.
0060 - bf cd 23 10 15 e6 51 35-e3 d2 28 88 53 66 66 d2 ..#...Q5..(.Sff.
0070 - 42 f5 8b b3 f6 4d fe f3-92 2d e9 c7 bb 3f 29 5f B....M...-...?)_
0080 - 2a 83 b5 3b 75 a2 10 e7-de b4 07 d0 f6 fe b6 08 *..;u...........
0090 - 24 31 65 32 4f 12 06 c1-d4 7c c1 4a 2e 20 5f 2e $1e2O....|.J. _.
00a0 - 30 a2 4f 8b 4e 32 92 63-27 5c 97 ee 7c a6 fd 65 0.O.N2.c'\..|..e
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: yes
---
TLS SUCCESSFUL
409C2DBDFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MF8CAQECAgMDBALAKwQABDCJ+t2g7QBcMhlVt1q5YkPylgkDhly9zTqjSjj9niQd
lMvvOtSlZO8bI+ocJZn7odWhBgIEZ7QMjaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB
Fw==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: secp256r1
Shared groups: secp256r1
CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256
Secure Renegotiation IS supported
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
## Run test with TLS 1.3 and specific suite
spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1
Connecting to 127.0.0.1
CONNECTED(00000005)
Can't use SSL_get_servername
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify error:num=1:unspecified certificate verification error
verify return:1
depth=1 CN=Issuer
verify return:1
depth=0 O=PKCS11 Provider, CN=My EC Cert
verify return:1
---
Certificate chain
0 s:O=PKCS11 Provider, CN=My EC Cert
i:CN=Issuer
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 04:28:42 2025 GMT; NotAfter: Feb 18 04:28:42 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1
ZXIwHhcNMjUwMjE4MDQyODQyWhcNMjYwMjE4MDQyODQyWjAvMRgwFgYDVQQKEw9Q
S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAREq6izYZWFNUQ1MhwEljzY8CHdRRDeQ7uAu26XhOdJIFBG
mLpdKML1zKu7UiPaQMa/M6SCDd61JscT/ZZr2WYxo4GBMH8wDAYDVR0TAQH/BAIw
ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC
B4AwHQYDVR0OBBYEFKi55SLu1wihQwnF28NnTgkhyWleMB8GA1UdIwQYMBaAFK6Y
CyRXDBVIOw8nQs2rxX0HiaY5MA0GCSqGSIb3DQEBCwUAA4IBAQBafWyD8i5CO50a
smdI89+wNyaZ8yWNkPVKK/eHM7cEw7XS6t7h3q2XUogJwAQtF+pR7Tm0wmK+gpsF
FG2h7DAvFLHaUEmHqncOiFLCwzCHFE9uyzxwuzUJFqbmS16yKotK/xG/7XkijcHw
Sj/8QEgEPef+0rbXiJRwkdPBllB2aBVkNSzGYJldMuSXWaDjI67v51BE8uLXz63C
RxeIZ5Q/wrJp/NlEMlvy4Lo44PWsGfUvJOnfmKGDFs63iRC6Ikev8xKAYX3ZYv9O
CZaVzw7C9n37FMinclmKq6FFqeuq1qIKWySHbIr+5QIGSgWPZzKqoT7+Ghgs8AYj
eTj8opIn
-----END CERTIFICATE-----
subject=O=PKCS11 Provider, CN=My EC Cert
issuer=CN=Issuer
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: ECDH, ?, 0 bits
---
SSL handshake has read 1060 bytes and written 329 bytes
Verification error: unspecified certificate verification error
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 1 (unspecified certificate verification error)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A40AADFF9C777B829A06C38B81C492CF961C31BCB662A3E5CAD7266D30309FD6
Session-ID-ctx:
Resumption PSK: 7C158CEA5E8F03C0845832A76C2DFCA06AAE9A2217A8A9472831301372FB92A4D67FE78D14185874713997DE19C8215D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ee c3 81 0a a0 7f 92 67-85 4f f2 25 80 c6 54 d0 .......g.O.%..T.
0010 - f9 ff fd ef ec f2 d8 55-c7 5b 04 2f 49 89 57 c4 .......U.[./I.W.
0020 - 6f 95 db 54 94 a5 cf 3d-3c 6a 9b a8 62 fa 2d b5 o..T...=<j..b.-.
0030 - 38 cd 62 b2 d7 e9 05 40-9b a1 2f d8 c9 a2 c0 21 8.b....@../....!
0040 - ee 7a e3 9e d0 2c ee 1a-6e 0e f3 d2 3b df 3c 66 .z...,..n...;.<f
0050 - 41 9b 71 8e 22 d7 02 f9-6f a5 b7 2e 9c c2 8f 7e A.q."...o......~
0060 - 85 95 b1 91 6e 29 73 a8-0e a8 89 2e 6c b5 bd 99 ....n)s.....l...
0070 - 60 8b d1 2d 72 46 62 ca-65 ee de d5 02 eb d6 b9 `..-rFb.e.......
0080 - b4 e0 74 bf 42 fa f0 05-54 4c 82 5e 47 17 59 c5 ..t.B...TL.^G.Y.
0090 - ee a3 e7 46 54 5b 7d 45-b6 ee 32 1d 9f 00 95 3c ...FT[}E..2....<
00a0 - 39 34 47 81 23 ac 80 ec-36 95 f9 63 13 c4 a6 8d 94G.#...6..c....
00b0 - ef 5d 45 bb 1b 1f 3d 3c-55 17 a6 d1 2f c5 1d d7 .]E...=<U.../...
00c0 - a1 f4 9c aa 07 8c cd a3-b6 77 be 5f 63 61 18 5f .........w._ca._
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5D9B3EB7A2E5F3E7672943380B23EEF8A2C4040C61247E5A934900DF71AD0421
Session-ID-ctx:
Resumption PSK: CDACD205E70F5CDCE4ECFBFC1A2906B436B8EBEF42F5C12E4150097ECB7D5BF3DC27A7D1E6F10AEB30640F018916BCA6
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ee c3 81 0a a0 7f 92 67-85 4f f2 25 80 c6 54 d0 .......g.O.%..T.
0010 - f9 3e 21 2f f9 3d e1 73-ee 3e c8 c3 03 df 24 93 .>!/.=.s.>....$.
0020 - 2c 14 6a c7 95 dc 60 52-77 db 81 26 17 5e 3b fe ,.j...`Rw..&.^;.
0030 - 37 28 05 a2 f1 63 3c e7-af 6b 67 70 18 39 b3 a2 7(...c<..kgp.9..
0040 - f6 3c 8b f4 88 03 04 5a-bf 48 44 88 81 6f 35 cb .<.....Z.HD..o5.
0050 - 2b 2f 40 2e 7b 3f 46 6f-83 9d f2 6d 9b 0b 45 ac +/@.{?Fo...m..E.
0060 - 52 ba 8b 7b 7d 25 63 3e-d9 79 85 16 79 0c c5 80 R..{}%c>.y..y...
0070 - 69 20 06 a4 52 c8 ee 6f-94 15 0b 25 39 ef ae ec i ..R..o...%9...
0080 - c7 9f 1e 74 1d be b1 bf-f2 58 57 f2 d6 2f 30 36 ...t.....XW../06
0090 - 67 f3 79 46 6d d2 40 35-e8 f4 6d 5e c7 c5 0e 99 g.yFm.@5..m^....
00a0 - 41 d8 b8 24 7f 35 f5 33-09 97 fc 98 d8 ae 3a ac A..$.5.3......:.
00b0 - d4 60 07 92 41 8f 24 28-40 33 23 b9 ea 62 bf 00 .`..A.$(@3#..b..
00c0 - bd a5 f0 e5 35 d2 05 d6-17 00 48 b3 59 72 2b d3 ....5.....H.Yr+.
Start Time: 1739852941
Timeout : 7200 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
TLS SUCCESSFUL
40BCDAB7FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688:
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIBCkkAw2U9AMAATUIcOAZxZ6gzMDmzyDsDOiaLHO07JN
BDDNrNIF5w9c3OTs+/waKQa0Nrjr70L1wS5BUAl+y31b89wnp9Hm8QrrMGQPAYkW
vKahBgIEZ7QMjaIEAgIcIKQGBAQBAAAArgcCBQCYbMTGswMCARc=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Supported groups: secp256r1
Shared groups: secp256r1
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
##
########################################
Server output:
spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MIGDAgEBAgIDBAQCEwIEIBCkkAw2U9AMAATUIcOAZxZ6gzMDmzyDsDOiaLHO07JN
BDDNrNIF5w9c3OTs+/waKQa0Nrjr70L1wS5BUAl+y31b89wnp9Hm8QrrMGQPAYkW
vKahBgIEZ7QMjaIEAgIcIKQGBAQBAAAArgcCBQCYbMTGswMCARc=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Supported groups: secp256r1
Shared groups: secp256r1
CIPHER is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
TLS SUCCESSFUL
Q
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
75/92 pkcs11-provider:softhsm / tls OK 3.51s
76/92 pkcs11-provider:kryoptic / tls RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=225 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
76/92 pkcs11-provider:kryoptic / tls SKIP 0.02s exit status 77
77/92 pkcs11-provider:kryoptic.nss / tls RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=44 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.02s exit status 77
78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=169 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.02s exit status 77
79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=56 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer
TLS fuzzer is not available -- skipping
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.03s exit status 77
80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=37 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.02s exit status 77
81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=107 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.02s exit status 77
82/92 pkcs11-provider:softokn / uri RUNNING
>>> MALLOC_PERTURB_=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
82/92 pkcs11-provider:softokn / uri SKIP 0.02s exit status 77
83/92 pkcs11-provider:softhsm / uri RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=129 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi
## Check that storeutl returns URIs
openssl storeutl -text pkcs11:
## Check returned URIs work to find objects
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%5E%1D%3B%E9%CB%52%DF%50%60%11%AF%42%17%55%20%C5;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%8A%E7%4D%87%1E%00%98%5C%D0%37%E8%92%DB%A8%8A%2E;object=Test-Ed-gen-8ae74d87;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%8F%02%EB%D9%CE%A4%B4%EE%81%A4%60%AB%69%90%F8%6F;object=Test-RSA-gen-8f02ebd9;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%B3%EA%41%44%8C%91%47%6D%94%5A%A8%FB%75%28%0E%DD;object=Test-RSA-Key-Usage-b3ea4144;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%24%61%9A%A6%8C%B5%59%A7%3F%A5%43%02%BE%2F%C2%CB;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%4A%43%CC%33%BD%A0%06%7F%C2%CB%2D%D0%9E%8B%E3%A0;object=Pkey%20sigver%20Test;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%5B%A1%A9%B0%66%E6%18%53%0D%C3%DE%BF%9F%2C%BD%D8;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%85%EF%07%D1%3A%6B%FE%1F%FE%6A%27%CE%F5%35%64%84;object=Test-RSA-PSS-gen-85ef07d1;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%D9%09%B1%55%FE%41%E4%28%5A%81%58%DD%4A%2B%79%A3;object=Test-EC-gen-d909b155;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%56%DE%18%6C%7C%91%26%11%C2%33%3E%6D%8F%93%B4%1D;object=Test-Ed-gen-56de186c;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%41%E2%C3%7D%E0%96%AA%86%04%F5%FA%EE%BB%4D%71%DE;type=private
openssl storeutl -text "$uri"
$uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=095e27811af282a3;token=SoftHSM%20Token;id=%D6%21%70%20%E3%BB%53%B4%B8%6D%FA%39%A6%7E%69%5E;object=Fork-Test;type=private
openssl storeutl -text "$uri"
## Check each URI component is tested
$cmp=pkcs11:model=SoftHSM%20v2
openssl storeutl -text "pkcs11:${cmp}"
$cmp=manufacturer=SoftHSM%20project
openssl storeutl -text "pkcs11:${cmp}"
$cmp=serial=095e27811af282a3
openssl storeutl -text "pkcs11:${cmp}"
$cmp=token=SoftHSM%20Token
openssl storeutl -text "pkcs11:${cmp}"
$cmp=id=%5E%1D%3B%E9%CB%52%DF%50%60%11%AF%42%17%55%20%C5
openssl storeutl -text "pkcs11:${cmp}"
$cmp=type=private
openssl storeutl -text "pkcs11:${cmp}"
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
83/92 pkcs11-provider:softhsm / uri OK 2.00s
84/92 pkcs11-provider:kryoptic / uri RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=25 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
84/92 pkcs11-provider:kryoptic / uri SKIP 0.02s exit status 77
85/92 pkcs11-provider:kryoptic.nss / uri RUNNING
>>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=215 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.02s exit status 77
86/92 pkcs11-provider:softhsm / ecxc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=209 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
86/92 pkcs11-provider:softhsm / ecxc SKIP 0.02s exit status 77
87/92 pkcs11-provider:kryoptic / ecxc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=150 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.02s exit status 77
88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=212 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.02s exit status 77
89/92 pkcs11-provider:softokn / cms RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=208 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
89/92 pkcs11-provider:softokn / cms SKIP 0.02s exit status 77
90/92 pkcs11-provider:kryoptic / cms RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=192 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
90/92 pkcs11-provider:kryoptic / cms SKIP 0.02s exit status 77
91/92 pkcs11-provider:kryoptic.nss / cms RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=13 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.02s exit status 77
92/92 pkcs11-provider:kryoptic / pinlock RUNNING
>>> MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=182 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.02s exit status 77
Ok: 21
Expected Fail: 0
Fail: 0
Unexpected Pass: 0
Skipped: 71
Timeout: 0
Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/meson-logs/testlog.txt
create-stamp debian/debhelper-build-stamp
dh_testroot -O--buildsystem=meson
dh_prep -O--buildsystem=meson
dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson
cd obj-aarch64-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install
[0/1] Installing files
Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/aarch64-linux-gnu/ossl-modules
Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7
dh_installdocs -O--buildsystem=meson
dh_installchangelogs -O--buildsystem=meson
dh_installman -O--buildsystem=meson
dh_installsystemduser -O--buildsystem=meson
dh_perl -O--buildsystem=meson
dh_link -O--buildsystem=meson
dh_strip_nondeterminism -O--buildsystem=meson
dh_compress -O--buildsystem=meson
dh_fixperms -O--buildsystem=meson
dh_missing -O--buildsystem=meson
dh_dwz -a -O--buildsystem=meson
dh_strip -a -O--buildsystem=meson
dh_makeshlibs -a -O--buildsystem=meson
dh_shlibdeps -a -O--buildsystem=meson
dpkg-shlibdeps: warning: diversions involved - output may be incorrect
diversion by libc6 from: /lib/ld-linux-aarch64.so.1
dpkg-shlibdeps: warning: diversions involved - output may be incorrect
diversion by libc6 to: /lib/ld-linux-aarch64.so.1.usr-is-merged
dh_installdeb -O--buildsystem=meson
dh_gencontrol -O--buildsystem=meson
dh_md5sums -O--buildsystem=meson
dh_builddeb -O--buildsystem=meson
dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_arm64.deb'.
dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_arm64.deb'.
dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_arm64.buildinfo
dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_arm64.changes
dpkg-genchanges: info: binary-only upload (no source code included)
dpkg-source --after-build .
dpkg-buildpackage: info: binary-only upload (no source included)
dpkg-genchanges: info: including full source code in upload
I: copying local configuration
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/B01_cleanup starting
I: user script /srv/workspace/pbuilder/2357949/tmp/hooks/B01_cleanup finished
I: unmounting dev/ptmx filesystem
I: unmounting dev/pts filesystem
I: unmounting dev/shm filesystem
I: unmounting proc filesystem
I: unmounting sys filesystem
I: cleaning the build env
I: removing directory /srv/workspace/pbuilder/2357949 and its subdirectories
I: Current time: Tue Feb 18 18:29:09 +14 2025
I: pbuilder-time-stamp: 1739852949