Blob Blame History Raw
From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 20:03:25 +0300
Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it

OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
explicitly. By default, it will not be loaded and DES methods in tests
will fail. Nest test blocks under successful initialization.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
 1 file changed, 182 insertions(+), 168 deletions(-)

diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
index bcb1c6b..aa68746 100644
--- a/src/lib/crypto/test/DESTests.cpp
+++ b/src/lib/crypto/test/DESTests.cpp
@@ -259,54 +259,58 @@ void DESTests::testCBC()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
+			if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+
+			}
 
 			// Test 112-bit key
 			cipherText = ByteString(testResult[i][j][1]);
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
+			if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
+
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
 #endif
 
 			// Test 168-bit key
@@ -314,27 +318,28 @@ void DESTests::testCBC()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
+			if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 		}
 	}
 }
@@ -534,54 +539,56 @@ void DESTests::testECB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
+			if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 
 			// Test 112-bit key
 			cipherText = ByteString(testResult[i][j][1]);
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
+			if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 #endif
 
 			// Test 168-bit key
@@ -589,27 +596,28 @@ void DESTests::testECB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
+			if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 		}
 	}
 }
@@ -809,54 +817,56 @@ void DESTests::testOFB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
+			if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 
 			// Test 112-bit key
 			cipherText = ByteString(testResult[i][j][1]);
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
+			if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 #endif
 
 			// Test 168-bit key
@@ -864,27 +874,28 @@ void DESTests::testOFB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
+			if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 		}
 	}
 }
@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
+			if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 
 			// Test 112-bit key
 			cipherText = ByteString(testResult[i][j][1]);
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
+			if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 #endif
 
 			// Test 168-bit key
@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
 
 			// Now, do the same thing using our DES implementation
 			shsmCipherText.wipe();
-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
+			if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
 
-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(des->encryptFinal(OB));
-			shsmCipherText += OB;
+				CPPUNIT_ASSERT(des->encryptFinal(OB));
+				shsmCipherText += OB;
 
-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
 
-			// Check that we can get the plain text
-			shsmPlainText.wipe();
-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
+				// Check that we can get the plain text
+				shsmPlainText.wipe();
+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
 
-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(des->decryptFinal(OB));
-			shsmPlainText += OB;
+				CPPUNIT_ASSERT(des->decryptFinal(OB));
+				shsmPlainText += OB;
 
-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+				CPPUNIT_ASSERT(shsmPlainText == plainText);
+			}
 		}
 	}
 }
-- 
2.31.1


From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 20:09:31 +0300
Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/lib/crypto/test/RSATests.cpp | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
index 6af1e19..e583b8b 100644
--- a/src/lib/crypto/test/RSATests.cpp
+++ b/src/lib/crypto/test/RSATests.cpp
@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
 
 	// Key sizes to test
 	std::vector<size_t> keySizes;
-	keySizes.push_back(1024);
 #ifndef WITH_FIPS
 	keySizes.push_back(1025);
 #endif
@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
 
 void RSATests::testSerialisation()
 {
-	// Generate a 1024-bit key-pair for testing
+	// Generate a 2048-bit key-pair for testing
 	AsymmetricKeyPair* kp;
 	RSAParameters p;
 
 	p.setE("010001");
-	p.setBitLength(1024);
+	p.setBitLength(2048);
 
 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
 	CPPUNIT_ASSERT(kp != NULL);
@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
 
 void RSATests::testPKCS8()
 {
-	// Generate a 1024-bit key-pair for testing
+	// Generate a 2048-bit key-pair for testing
 	AsymmetricKeyPair* kp;
 	RSAParameters p;
 
 	p.setE("010001");
-	p.setBitLength(1024);
+	p.setBitLength(2048);
 
 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
 	CPPUNIT_ASSERT(kp != NULL);
@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
 
 	// Key sizes to test
 	std::vector<size_t> keySizes;
-	keySizes.push_back(1024);
 	keySizes.push_back(1280);
 	keySizes.push_back(2048);
 	//keySizes.push_back(4096);
@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
 
 	// Key sizes to test
 	std::vector<size_t> keySizes;
-	keySizes.push_back(1024);
 	keySizes.push_back(1280);
 	keySizes.push_back(2048);
 	//keySizes.push_back(4096);
-- 
2.31.1


From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 22:29:22 +0300
Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes

OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
CentOS 9 Stream) might block certain key sizes which causes the tests to
fail. Skip these tests because we are not going to get the results
anyway.

There is no way with CPPUNIT to produce a warning only, so we have to
skip the whole test result.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
index e583b8b..3b397d2 100644
--- a/src/lib/crypto/test/RSATests.cpp
+++ b/src/lib/crypto/test/RSATests.cpp
@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
 			p.setE(*e);
 			p.setBitLength(*k);
 
-			// Generate key-pair
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+			// Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
+			if (rsa->generateKeyPair(&kp, &p)) {
 
-			RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
-			RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+				RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+				RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
 
-			CPPUNIT_ASSERT(pub->getBitLength() == *k);
-			CPPUNIT_ASSERT(priv->getBitLength() == *k);
-			CPPUNIT_ASSERT(pub->getE() == *e);
-			CPPUNIT_ASSERT(priv->getE() == *e);
+				CPPUNIT_ASSERT(pub->getBitLength() == *k);
+				CPPUNIT_ASSERT(priv->getBitLength() == *k);
+				CPPUNIT_ASSERT(pub->getE() == *e);
+				CPPUNIT_ASSERT(priv->getE() == *e);
 
-			rsa->recycleKeyPair(kp);
+				rsa->recycleKeyPair(kp);
+			}
 		}
 	}
 }
@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
 			p.setE(*e);
 			p.setBitLength(*k);
 
-			// Generate key-pair
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
+			if (!rsa->generateKeyPair(&kp, &p)) {
+				continue;
+			}
 
 			// Generate some data to sign
 			ByteString dataToSign;
@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
 			p.setE(*e);
 			p.setBitLength(*k);
 
-			// Generate key-pair
-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
+			if (!rsa->generateKeyPair(&kp, &p)) {
+				continue;
+			}
 
 			RNG* rng = CryptoFactory::i()->getRNG();
 
-- 
2.31.1


From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 27 May 2021 15:08:02 +0300
Subject: [PATCH 4/4] openssl3: skip DES* tests

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/lib/test/DeriveTests.cpp             |  16 ++-
 src/lib/test/ObjectTests.cpp             |  21 ++--
 src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
 3 files changed, 100 insertions(+), 66 deletions(-)

diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
index 9438ac2..275c399 100644
--- a/src/lib/test/DeriveTests.cpp
+++ b/src/lib/test/DeriveTests.cpp
@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
 		0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
 	};
 	CK_ULONG secLen = 0;
+	CK_BBOOL oldMechs = CK_FALSE;
 
 	switch (mechType)
 	{
 		case CKM_DES_ECB_ENCRYPT_DATA:
 		case CKM_DES3_ECB_ENCRYPT_DATA:
+			oldMechs = CK_TRUE;
+			/* fall-through */
 		case CKM_AES_ECB_ENCRYPT_DATA:
 			param1.pData = &data[0];
 			param1.ulLen = sizeof(data);
@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
 			break;
 		case CKM_DES_CBC_ENCRYPT_DATA:
 		case CKM_DES3_CBC_ENCRYPT_DATA:
+			oldMechs = CK_TRUE;
 			memcpy(param2.iv, "12345678", 8);
 			param2.pData = &data[0];
 			param2.length = sizeof(data);
@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
 			break;
 		case CKK_DES:
 			mechEncrypt.mechanism = CKM_DES_ECB;
+			oldMechs = CK_TRUE;
 			break;
 		case CKK_DES2:
 		case CKK_DES3:
 			mechEncrypt.mechanism = CKM_DES3_ECB;
+			oldMechs = CK_TRUE;
 			break;
 		case CKK_AES:
 			mechEncrypt.mechanism = CKM_AES_ECB;
@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
 				 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
 				 &hDerive) );
 	}
-	CPPUNIT_ASSERT(rv == CKR_OK);
+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
+		// Skip old mechanisms, they don't work under this crypto library
+		return;
+	}
+	CPPUNIT_ASSERT(rv==CKR_OK);
 
 	// Check that KCV has been set
 	CK_ATTRIBUTE checkAttribs[] = {
@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
 	CK_ULONG ulRecoveredTextLen;
 
 	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
+		// Skip old mechanisms, they don't work under this crypto library
+		return;
+	}
 	CPPUNIT_ASSERT(rv==CKR_OK);
 
 	ulCipherTextLen = sizeof(cipherText);
diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
index 9491ce1..4ffc1c8 100644
--- a/src/lib/test/ObjectTests.cpp
+++ b/src/lib/test/ObjectTests.cpp
@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
 	CPPUNIT_ASSERT(rv == CKR_OK);
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-	CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
+	// If DES key is not supported, skip it
+	if (attribKCV[0].ulValueLen == 3) {
+		CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
+	}
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
 	rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
-	CPPUNIT_ASSERT(rv == CKR_OK);
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-	CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
+	// If DES2 key is not supported, skip it
+	if (rv == CKR_OK) {
+		if (attribKCV[0].ulValueLen == 3) {
+			CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
+		}
+	}
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
 	CPPUNIT_ASSERT(rv == CKR_OK);
 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
-	CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
+	// If DES3 key is not supported, skip it
+	if (attribKCV[0].ulValueLen == 3) {
+		CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
+	}
 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
 	CPPUNIT_ASSERT(rv == CKR_OK);
 }
diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
index b24caaf..1994563 100644
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 	std::vector<CK_BYTE> vEncryptedData;
 	std::vector<CK_BYTE> vEncryptedDataParted;
 	PartSize partSize(blockSize, &vData);
+	CK_BBOOL oldMechs = CK_FALSE;
+	CK_RV rv = CKR_OK;
 
 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
 
@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 		case CKM_DES_CBC_PAD:
 		case CKM_DES3_CBC:
 		case CKM_DES3_CBC_PAD:
+			oldMechs = CK_TRUE;
+			/* fall-through */
 		case CKM_AES_CBC:
 		case CKM_AES_CBC_PAD:
 			pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 			pMechanism->pParameter = &gcmParams;
 			pMechanism->ulParameterLen = sizeof(gcmParams);
 			break;
+		case CKM_DES_ECB:
+		case CKM_DES3_ECB:
+			oldMechs = CK_TRUE;
+			break;
 		default:
 			break;
 	}
 
 	// Single-part encryption
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+	if (oldMechs == CK_FALSE)
 	{
 		CK_ULONG ulEncryptedDataLen;
 		const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 	}
 
 	// Multi-part encryption
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
-
-	for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
-		const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
-		CK_ULONG ulEncryptedPartLen;
-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
-		const size_t oldSize( vEncryptedDataParted.size() );
-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-		CK_BYTE dummy;
-		const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-	}
-	{
-		CK_ULONG ulLastEncryptedPartLen;
-		const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
-		if ( isSizeOK ) {
-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+	if (oldMechs == CK_FALSE) {
+		for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+			const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+			CK_ULONG ulEncryptedPartLen;
+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
 			const size_t oldSize( vEncryptedDataParted.size() );
+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
 			CK_BYTE dummy;
-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-			const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-		} else {
-			CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
-			vEncryptedDataParted = vData;
+			const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+		}
+		{
+			CK_ULONG ulLastEncryptedPartLen;
+			const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+			if ( isSizeOK ) {
+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
+				const size_t oldSize( vEncryptedDataParted.size() );
+				CK_BYTE dummy;
+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+				const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+			} else {
+				CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+				vEncryptedDataParted = vData;
+			}
 		}
 	}
 
 	// Single-part decryption
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
-
-	{
+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+	if (oldMechs == CK_FALSE) {
 		CK_ULONG ulDataLen;
 		const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
 		if ( isSizeOK ) {
@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 	}
 
 	// Multi-part decryption
-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
-	{
+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+	if (oldMechs == CK_FALSE) {
 		std::vector<CK_BYTE> vDecryptedData;
 		CK_BYTE dummy;
 		for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
 
 	// Generate all combinations of session/token keys.
 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
-	CPPUNIT_ASSERT(rv == CKR_OK);
-
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	if (rv == CKR_OK) {
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	}
 
 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
 
 	// Generate all combinations of session/token keys.
 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
-	CPPUNIT_ASSERT(rv == CKR_OK);
-
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	if (rv == CKR_OK) {
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	}
 #endif
 
 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
 
 	// Generate all combinations of session/token keys.
 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
-	CPPUNIT_ASSERT(rv == CKR_OK);
-
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	if (rv == CKR_OK) {
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	}
 }
 
 void SymmetricAlgorithmTests::testNullTemplate()
-- 
2.31.1