rpms / softhsm

Clone
Source Code
GIT

Blame SOURCES/softhsm-openssl3-tests.patch

c7 c7-beta c7-i686 c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   softhsm-openssl3-tests.patch
Blob History Raw
0e205c 
From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
0e205c 
From: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
Date: Wed, 26 May 2021 20:03:25 +0300
0e205c 
Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
0e205c
0e205c 
OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
0e205c 
explicitly. By default, it will not be loaded and DES methods in tests
0e205c 
will fail. Nest test blocks under successful initialization.
0e205c
0e205c 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
---
0e205c 
 src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
0e205c 
 1 file changed, 182 insertions(+), 168 deletions(-)
0e205c
0e205c 
diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
0e205c 
index bcb1c6b..aa68746 100644
0e205c 
--- a/src/lib/crypto/test/DESTests.cpp
0e205c 
+++ b/src/lib/crypto/test/DESTests.cpp
0e205c 
@@ -259,54 +259,58 @@ void DESTests::testCBC()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
0e205c 
+			if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+
0e205c 
+			}
0e205c
0e205c 
 			// Test 112-bit key
0e205c 
 			cipherText = ByteString(testResult[i][j][1]);
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
0e205c 
+			if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c 
+
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
 #endif
0e205c
0e205c 
 			// Test 168-bit key
0e205c 
@@ -314,27 +318,28 @@ void DESTests::testCBC()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
0e205c 
+			if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c 
 }
0e205c 
@@ -534,54 +539,56 @@ void DESTests::testECB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
0e205c 
+			if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c
0e205c 
 			// Test 112-bit key
0e205c 
 			cipherText = ByteString(testResult[i][j][1]);
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
0e205c 
+			if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 #endif
0e205c
0e205c 
 			// Test 168-bit key
0e205c 
@@ -589,27 +596,28 @@ void DESTests::testECB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
0e205c 
+			if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c 
 }
0e205c 
@@ -809,54 +817,56 @@ void DESTests::testOFB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
0e205c 
+			if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c
0e205c 
 			// Test 112-bit key
0e205c 
 			cipherText = ByteString(testResult[i][j][1]);
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
0e205c 
+			if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 #endif
0e205c
0e205c 
 			// Test 168-bit key
0e205c 
@@ -864,27 +874,28 @@ void DESTests::testOFB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
0e205c 
+			if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c 
 }
0e205c 
@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
0e205c 
+			if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c
0e205c 
 			// Test 112-bit key
0e205c 
 			cipherText = ByteString(testResult[i][j][1]);
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
0e205c 
+			if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 #endif
0e205c
0e205c 
 			// Test 168-bit key
0e205c 
@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
0e205c
0e205c 
 			// Now, do the same thing using our DES implementation
0e205c 
 			shsmCipherText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
0e205c 
+			if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
-			shsmCipherText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
0e205c 
+				shsmCipherText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c 
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
0e205c
0e205c 
-			// Check that we can get the plain text
0e205c 
-			shsmPlainText.wipe();
0e205c 
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
0e205c 
+				// Check that we can get the plain text
0e205c 
+				shsmPlainText.wipe();
0e205c 
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
-			shsmPlainText += OB;
0e205c 
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
0e205c 
+				shsmPlainText += OB;
0e205c
0e205c 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c 
 }
0e205c 
--
0e205c 
2.31.1
0e205c
0e205c
0e205c 
From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
0e205c 
From: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
Date: Wed, 26 May 2021 20:09:31 +0300
0e205c 
Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
0e205c
0e205c 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
---
0e205c 
 src/lib/crypto/test/RSATests.cpp | 11 ++++-------
0e205c 
 1 file changed, 4 insertions(+), 7 deletions(-)
0e205c
0e205c 
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
0e205c 
index 6af1e19..e583b8b 100644
0e205c 
--- a/src/lib/crypto/test/RSATests.cpp
0e205c 
+++ b/src/lib/crypto/test/RSATests.cpp
0e205c 
@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
0e205c
0e205c 
 	// Key sizes to test
0e205c 
 	std::vector<size_t> keySizes;
0e205c 
-	keySizes.push_back(1024);
0e205c 
 #ifndef WITH_FIPS
0e205c 
 	keySizes.push_back(1025);
0e205c 
 #endif
0e205c 
@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
0e205c
0e205c 
 void RSATests::testSerialisation()
0e205c 
 {
0e205c 
-	// Generate a 1024-bit key-pair for testing
0e205c 
+	// Generate a 2048-bit key-pair for testing
0e205c 
 	AsymmetricKeyPair* kp;
0e205c 
 	RSAParameters p;
0e205c
0e205c 
 	p.setE("010001");
0e205c 
-	p.setBitLength(1024);
0e205c 
+	p.setBitLength(2048);
0e205c
0e205c 
 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p);;
0e205c 
 	CPPUNIT_ASSERT(kp != NULL);
0e205c 
@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
0e205c
0e205c 
 void RSATests::testPKCS8()
0e205c 
 {
0e205c 
-	// Generate a 1024-bit key-pair for testing
0e205c 
+	// Generate a 2048-bit key-pair for testing
0e205c 
 	AsymmetricKeyPair* kp;
0e205c 
 	RSAParameters p;
0e205c
0e205c 
 	p.setE("010001");
0e205c 
-	p.setBitLength(1024);
0e205c 
+	p.setBitLength(2048);
0e205c
0e205c 
 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p);;
0e205c 
 	CPPUNIT_ASSERT(kp != NULL);
0e205c 
@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
0e205c
0e205c 
 	// Key sizes to test
0e205c 
 	std::vector<size_t> keySizes;
0e205c 
-	keySizes.push_back(1024);
0e205c 
 	keySizes.push_back(1280);
0e205c 
 	keySizes.push_back(2048);
0e205c 
 	//keySizes.push_back(4096);
0e205c 
@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
0e205c
0e205c 
 	// Key sizes to test
0e205c 
 	std::vector<size_t> keySizes;
0e205c 
-	keySizes.push_back(1024);
0e205c 
 	keySizes.push_back(1280);
0e205c 
 	keySizes.push_back(2048);
0e205c 
 	//keySizes.push_back(4096);
0e205c 
--
0e205c 
2.31.1
0e205c
0e205c
0e205c 
From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
0e205c 
From: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
Date: Wed, 26 May 2021 22:29:22 +0300
0e205c 
Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
0e205c
0e205c 
OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
0e205c 
CentOS 9 Stream) might block certain key sizes which causes the tests to
0e205c 
fail. Skip these tests because we are not going to get the results
0e205c 
anyway.
0e205c
0e205c 
There is no way with CPPUNIT to produce a warning only, so we have to
0e205c 
skip the whole test result.
0e205c
0e205c 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
---
0e205c 
 src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
0e205c 
 1 file changed, 18 insertions(+), 13 deletions(-)
0e205c
0e205c 
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
0e205c 
index e583b8b..3b397d2 100644
0e205c 
--- a/src/lib/crypto/test/RSATests.cpp
0e205c 
+++ b/src/lib/crypto/test/RSATests.cpp
0e205c 
@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
0e205c 
 			p.setE(*e);
0e205c 
 			p.setBitLength(*k);
0e205c
0e205c 
-			// Generate key-pair
0e205c 
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p);;
0e205c 
+			// Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
0e205c 
+			if (rsa->generateKeyPair(&kp, &p)) {
0e205c
0e205c 
-			RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
0e205c 
-			RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
0e205c 
+				RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
0e205c 
+				RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
0e205c
0e205c 
-			CPPUNIT_ASSERT(pub->getBitLength() == *k);
0e205c 
-			CPPUNIT_ASSERT(priv->getBitLength() == *k);
0e205c 
-			CPPUNIT_ASSERT(pub->getE() == *e);
0e205c 
-			CPPUNIT_ASSERT(priv->getE() == *e);
0e205c 
+				CPPUNIT_ASSERT(pub->getBitLength() == *k);
0e205c 
+				CPPUNIT_ASSERT(priv->getBitLength() == *k);
0e205c 
+				CPPUNIT_ASSERT(pub->getE() == *e);
0e205c 
+				CPPUNIT_ASSERT(priv->getE() == *e);
0e205c
0e205c 
-			rsa->recycleKeyPair(kp);
0e205c 
+				rsa->recycleKeyPair(kp);
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c 
 }
0e205c 
@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
0e205c 
 			p.setE(*e);
0e205c 
 			p.setBitLength(*k);
0e205c
0e205c 
-			// Generate key-pair
0e205c 
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p);;
0e205c 
+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
0e205c 
+			if (!rsa->generateKeyPair(&kp, &p)) {
0e205c 
+				continue;
0e205c 
+			}
0e205c
0e205c 
 			// Generate some data to sign
0e205c 
 			ByteString dataToSign;
0e205c 
@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
0e205c 
 			p.setE(*e);
0e205c 
 			p.setBitLength(*k);
0e205c
0e205c 
-			// Generate key-pair
0e205c 
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p);;
0e205c 
+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
0e205c 
+			if (!rsa->generateKeyPair(&kp, &p)) {
0e205c 
+				continue;
0e205c 
+			}
0e205c
0e205c 
 			RNG* rng = CryptoFactory::i()->getRNG();
0e205c
0e205c 
--
0e205c 
2.31.1
0e205c
0e205c
0e205c 
From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
0e205c 
From: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
Date: Thu, 27 May 2021 15:08:02 +0300
0e205c 
Subject: [PATCH 4/4] openssl3: skip DES* tests
0e205c
0e205c 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
0e205c 
---
0e205c 
 src/lib/test/DeriveTests.cpp             |  16 ++-
0e205c 
 src/lib/test/ObjectTests.cpp             |  21 ++--
0e205c 
 src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
0e205c 
 3 files changed, 100 insertions(+), 66 deletions(-)
0e205c
0e205c 
diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
0e205c 
index 9438ac2..275c399 100644
0e205c 
--- a/src/lib/test/DeriveTests.cpp
0e205c 
+++ b/src/lib/test/DeriveTests.cpp
0e205c 
@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0e205c 
 		0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
0e205c 
 	};
0e205c 
 	CK_ULONG secLen = 0;
0e205c 
+	CK_BBOOL oldMechs = CK_FALSE;
0e205c
0e205c 
 	switch (mechType)
0e205c 
 	{
0e205c 
 		case CKM_DES_ECB_ENCRYPT_DATA:
0e205c 
 		case CKM_DES3_ECB_ENCRYPT_DATA:
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
+			/* fall-through */
0e205c 
 		case CKM_AES_ECB_ENCRYPT_DATA:
0e205c 
 			param1.pData = &data[0];
0e205c 
 			param1.ulLen = sizeof(data);
0e205c 
@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0e205c 
 			break;
0e205c 
 		case CKM_DES_CBC_ENCRYPT_DATA:
0e205c 
 		case CKM_DES3_CBC_ENCRYPT_DATA:
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
 			memcpy(param2.iv, "12345678", 8);
0e205c 
 			param2.pData = &data[0];
0e205c 
 			param2.length = sizeof(data);
0e205c 
@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0e205c 
 			break;
0e205c 
 		case CKK_DES:
0e205c 
 			mechEncrypt.mechanism = CKM_DES_ECB;
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
 			break;
0e205c 
 		case CKK_DES2:
0e205c 
 		case CKK_DES3:
0e205c 
 			mechEncrypt.mechanism = CKM_DES3_ECB;
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
 			break;
0e205c 
 		case CKK_AES:
0e205c 
 			mechEncrypt.mechanism = CKM_AES_ECB;
0e205c 
@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0e205c 
 				 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
0e205c 
 				 &hDerive) );
0e205c 
 	}
0e205c 
-	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
0e205c 
+		// Skip old mechanisms, they don't work under this crypto library
0e205c 
+		return;
0e205c 
+	}
0e205c 
+	CPPUNIT_ASSERT(rv==CKR_OK);
0e205c
0e205c 
 	// Check that KCV has been set
0e205c 
 	CK_ATTRIBUTE checkAttribs[] = {
0e205c 
@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0e205c 
 	CK_ULONG ulRecoveredTextLen;
0e205c
0e205c 
 	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
0e205c 
+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
0e205c 
+		// Skip old mechanisms, they don't work under this crypto library
0e205c 
+		return;
0e205c 
+	}
0e205c 
 	CPPUNIT_ASSERT(rv==CKR_OK);
0e205c
0e205c 
 	ulCipherTextLen = sizeof(cipherText);
0e205c 
diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
0e205c 
index 9491ce1..4ffc1c8 100644
0e205c 
--- a/src/lib/test/ObjectTests.cpp
0e205c 
+++ b/src/lib/test/ObjectTests.cpp
0e205c 
@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
0e205c 
-	CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
0e205c 
+	// If DES key is not supported, skip it
0e205c 
+	if (attribKCV[0].ulValueLen == 3) {
0e205c 
+		CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
0e205c 
+	}
0e205c 
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c
0e205c 
@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
0e205c 
 	rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
0e205c 
-	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
0e205c 
-	CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
0e205c 
+	// If DES2 key is not supported, skip it
0e205c 
+	if (rv == CKR_OK) {
0e205c 
+		if (attribKCV[0].ulValueLen == 3) {
0e205c 
+			CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
0e205c 
+		}
0e205c 
+	}
0e205c 
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c
0e205c 
@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
0e205c 
-	CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
0e205c 
+	// If DES3 key is not supported, skip it
0e205c 
+	if (attribKCV[0].ulValueLen == 3) {
0e205c 
+		CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
0e205c 
+	}
0e205c 
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
0e205c 
 	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
 }
0e205c 
diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
0e205c 
index b24caaf..1994563 100644
0e205c 
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
0e205c 
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
0e205c 
@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
0e205c 
 	std::vector<CK_BYTE> vEncryptedData;
0e205c 
 	std::vector<CK_BYTE> vEncryptedDataParted;
0e205c 
 	PartSize partSize(blockSize, &vData);
0e205c 
+	CK_BBOOL oldMechs = CK_FALSE;
0e205c 
+	CK_RV rv = CKR_OK;
0e205c
0e205c 
 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
0e205c
0e205c 
@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
0e205c 
 		case CKM_DES_CBC_PAD:
0e205c 
 		case CKM_DES3_CBC:
0e205c 
 		case CKM_DES3_CBC_PAD:
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
+			/* fall-through */
0e205c 
 		case CKM_AES_CBC:
0e205c 
 		case CKM_AES_CBC_PAD:
0e205c 
 			pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
0e205c 
@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
0e205c 
 			pMechanism->pParameter = &gcmParams;
0e205c 
 			pMechanism->ulParameterLen = sizeof(gcmParams);
0e205c 
 			break;
0e205c 
+		case CKM_DES_ECB:
0e205c 
+		case CKM_DES3_ECB:
0e205c 
+			oldMechs = CK_TRUE;
0e205c 
+			break;
0e205c 
 		default:
0e205c 
 			break;
0e205c 
 	}
0e205c
0e205c 
 	// Single-part encryption
0e205c 
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
0e205c 
+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
0e205c 
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
0e205c 
+	if (oldMechs == CK_FALSE)
0e205c 
 	{
0e205c 
 		CK_ULONG ulEncryptedDataLen;
0e205c 
 		const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
0e205c 
@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
0e205c 
 	}
0e205c
0e205c 
 	// Multi-part encryption
0e205c 
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
0e205c 
-
0e205c 
-	for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i
0e205c 
-		const CK_ULONG lPartLen( i+partSize.getNext()
0e205c 
-		CK_ULONG ulEncryptedPartLen;
0e205c 
-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
0e205c 
-		const size_t oldSize( vEncryptedDataParted.size() );
0e205c 
-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
0e205c 
-		CK_BYTE dummy;
0e205c 
-		const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
0e205c 
-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
0e205c 
-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
0e205c 
-	}
0e205c 
-	{
0e205c 
-		CK_ULONG ulLastEncryptedPartLen;
0e205c 
-		const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
0e205c 
-		if ( isSizeOK ) {
0e205c 
-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
0e205c 
+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
0e205c 
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
0e205c 
+	if (oldMechs == CK_FALSE) {
0e205c 
+		for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i
0e205c 
+			const CK_ULONG lPartLen( i+partSize.getNext()
0e205c 
+			CK_ULONG ulEncryptedPartLen;
0e205c 
+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
0e205c 
 			const size_t oldSize( vEncryptedDataParted.size() );
0e205c 
+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
0e205c 
 			CK_BYTE dummy;
0e205c 
-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
0e205c 
-			const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
0e205c 
-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
0e205c 
-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
0e205c 
-		} else {
0e205c 
-			CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
0e205c 
-			vEncryptedDataParted = vData;
0e205c 
+			const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
0e205c 
+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
0e205c 
+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
0e205c 
+		}
0e205c 
+		{
0e205c 
+			CK_ULONG ulLastEncryptedPartLen;
0e205c 
+			const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
0e205c 
+			if ( isSizeOK ) {
0e205c 
+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
0e205c 
+				const size_t oldSize( vEncryptedDataParted.size() );
0e205c 
+				CK_BYTE dummy;
0e205c 
+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
0e205c 
+				const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
0e205c 
+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
0e205c 
+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
0e205c 
+			} else {
0e205c 
+				CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
0e205c 
+				vEncryptedDataParted = vData;
0e205c 
+			}
0e205c 
 		}
0e205c 
 	}
0e205c
0e205c 
 	// Single-part decryption
0e205c 
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
0e205c 
-
0e205c 
-	{
0e205c 
+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
0e205c 
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
0e205c 
+	if (oldMechs == CK_FALSE) {
0e205c 
 		CK_ULONG ulDataLen;
0e205c 
 		const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
0e205c 
 		if ( isSizeOK ) {
0e205c 
@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
0e205c 
 	}
0e205c
0e205c 
 	// Multi-part decryption
0e205c 
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
0e205c 
-	{
0e205c 
+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
0e205c 
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
0e205c 
+	if (oldMechs == CK_FALSE) {
0e205c 
 		std::vector<CK_BYTE> vDecryptedData;
0e205c 
 		CK_BYTE dummy;
0e205c 
 		for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i
0e205c 
@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
0e205c
0e205c 
 	// Generate all combinations of session/token keys.
0e205c 
 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
0e205c 
-	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-
0e205c 
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	if (rv == CKR_OK) {
0e205c 
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	}
0e205c
0e205c 
 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
0e205c
0e205c 
 	// Generate all combinations of session/token keys.
0e205c 
 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
0e205c 
-	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	if (rv == CKR_OK) {
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	}
0e205c 
 #endif
0e205c
0e205c 
 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
0e205c
0e205c 
 	// Generate all combinations of session/token keys.
0e205c 
 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
0e205c 
-	CPPUNIT_ASSERT(rv == CKR_OK);
0e205c 
-
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	if (rv == CKR_OK) {
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
0e205c 
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
0e205c 
+	}
0e205c 
 }
0e205c
0e205c 
 void SymmetricAlgorithmTests::testNullTemplate()
0e205c 
--
0e205c 
2.31.1
0e205c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation