I: pbuilder: network access will be disabled during build I: Current time: Sun Mar 22 21:12:46 -12 2026 I: pbuilder-time-stamp: 1774257166 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: using eatmydata during job I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/121922/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='i386' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=22 ' DISTRIBUTION='trixie' HOME='/root' HOST_ARCH='i386' IFS=' ' INVOCATION_ID='51d9025cdb6848ce9c575781d84cb003' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' LD_LIBRARY_PATH='/usr/lib/libeatmydata' LD_PRELOAD='libeatmydata.so' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='121922' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.2wB8ffzu/pbuilderrc_gWRY --distribution trixie --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.2wB8ffzu/b1 --logfile b1/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID='112' SUDO_UID='107' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://213.165.73.152:3128' I: uname -a Linux ionos6-i386 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Nov 22 2024 /bin -> usr/bin I: user script /srv/workspace/pbuilder/121922/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: i386 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19795 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 48.5 MB of archives. After unpacking 175 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian trixie/main i386 libpython3.13-minimal i386 3.13.2-1 [859 kB] Get: 2 http://deb.debian.org/debian trixie/main i386 libexpat1 i386 2.6.4-1 [107 kB] Get: 3 http://deb.debian.org/debian trixie/main i386 python3.13-minimal i386 3.13.2-1 [2266 kB] Get: 4 http://deb.debian.org/debian trixie/main i386 python3-minimal i386 3.13.1-2 [27.0 kB] Get: 5 http://deb.debian.org/debian trixie/main i386 media-types all 10.1.0 [26.9 kB] Get: 6 http://deb.debian.org/debian trixie/main i386 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian trixie/main i386 tzdata all 2024b-6 [257 kB] Get: 8 http://deb.debian.org/debian trixie/main i386 libffi8 i386 3.4.6-1 [21.2 kB] Get: 9 http://deb.debian.org/debian trixie/main i386 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian trixie/main i386 libreadline8t64 i386 8.2-6 [173 kB] Get: 11 http://deb.debian.org/debian trixie/main i386 libpython3.13-stdlib i386 3.13.2-1 [1985 kB] Get: 12 http://deb.debian.org/debian trixie/main i386 python3.13 i386 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian trixie/main i386 libpython3-stdlib i386 3.13.1-2 [9952 B] Get: 14 http://deb.debian.org/debian trixie/main i386 python3 i386 3.13.1-2 [28.0 kB] Get: 15 http://deb.debian.org/debian trixie/main i386 libproc2-0 i386 2:4.0.4-7 [66.0 kB] Get: 16 http://deb.debian.org/debian trixie/main i386 procps i386 2:4.0.4-7 [876 kB] Get: 17 http://deb.debian.org/debian trixie/main i386 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian trixie/main i386 libmagic-mgc i386 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian trixie/main i386 libmagic1t64 i386 1:5.45-3+b1 [115 kB] Get: 20 http://deb.debian.org/debian trixie/main i386 file i386 1:5.45-3+b1 [43.2 kB] Get: 21 http://deb.debian.org/debian trixie/main i386 gettext-base i386 0.23.1-1 [245 kB] Get: 22 http://deb.debian.org/debian trixie/main i386 libuchardet0 i386 0.0.8-1+b2 [69.2 kB] Get: 23 http://deb.debian.org/debian trixie/main i386 groff-base i386 1.23.0-7 [1199 kB] Get: 24 http://deb.debian.org/debian trixie/main i386 bsdextrautils i386 2.40.4-3 [96.2 kB] Get: 25 http://deb.debian.org/debian trixie/main i386 libpipeline1 i386 1.5.8-1 [41.2 kB] Get: 26 http://deb.debian.org/debian trixie/main i386 man-db i386 2.13.0-1 [1428 kB] Get: 27 http://deb.debian.org/debian trixie/main i386 libtext-charwidth-perl i386 0.04-11+b4 [9656 B] Get: 28 http://deb.debian.org/debian trixie/main i386 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian trixie/main i386 ucf all 3.0049 [42.5 kB] Get: 30 http://deb.debian.org/debian trixie/main i386 m4 i386 1.4.19-5 [301 kB] Get: 31 http://deb.debian.org/debian trixie/main i386 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian trixie/main i386 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian trixie/main i386 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian trixie/main i386 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian trixie/main i386 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian trixie/main i386 libtool all 2.5.4-3 [539 kB] Get: 37 http://deb.debian.org/debian trixie/main i386 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian trixie/main i386 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian trixie/main i386 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian trixie/main i386 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian trixie/main i386 libelf1t64 i386 0.192-4 [195 kB] Get: 42 http://deb.debian.org/debian trixie/main i386 dwz i386 0.15-1+b1 [116 kB] Get: 43 http://deb.debian.org/debian trixie/main i386 libunistring5 i386 1.3-1 [458 kB] Get: 44 http://deb.debian.org/debian trixie/main i386 libicu72 i386 72.1-6 [9582 kB] Get: 45 http://deb.debian.org/debian trixie/main i386 libxml2 i386 2.12.7+dfsg+really2.9.14-0.2+b1 [734 kB] Get: 46 http://deb.debian.org/debian trixie/main i386 gettext i386 0.23.1-1 [1714 kB] Get: 47 http://deb.debian.org/debian trixie/main i386 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian trixie/main i386 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian trixie/main i386 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian trixie/main i386 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian trixie/main i386 libtcl8.6 i386 8.6.16+dfsg-1 [1103 kB] Get: 52 http://deb.debian.org/debian trixie/main i386 tcl8.6 i386 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian trixie/main i386 tcl-expect i386 5.45.4-3+b1 [134 kB] Get: 54 http://deb.debian.org/debian trixie/main i386 expect i386 5.45.4-3+b1 [159 kB] Get: 55 http://deb.debian.org/debian trixie/main i386 libidn2-0 i386 2.3.7-2+b1 [130 kB] Get: 56 http://deb.debian.org/debian trixie/main i386 libp11-kit0 i386 0.25.5-3 [423 kB] Get: 57 http://deb.debian.org/debian trixie/main i386 libtasn1-6 i386 4.20.0-2 [51.6 kB] Get: 58 http://deb.debian.org/debian trixie/main i386 libgnutls30t64 i386 3.8.9-2 [1462 kB] Get: 59 http://deb.debian.org/debian trixie/main i386 libevent-2.1-7t64 i386 2.1.12-stable-10+b1 [195 kB] Get: 60 http://deb.debian.org/debian trixie/main i386 libunbound8 i386 1.22.0-1+b1 [633 kB] Get: 61 http://deb.debian.org/debian trixie/main i386 libgnutls-dane0t64 i386 3.8.9-2 [453 kB] Get: 62 http://deb.debian.org/debian trixie/main i386 gnutls-bin i386 3.8.9-2 [696 kB] Get: 63 http://deb.debian.org/debian trixie/main i386 libeac3 i386 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [55.7 kB] Get: 64 http://deb.debian.org/debian trixie/main i386 libglib2.0-0t64 i386 2.83.3-2 [1581 kB] Get: 65 http://deb.debian.org/debian trixie/main i386 libnspr4 i386 2:4.36-1 [119 kB] Get: 66 http://deb.debian.org/debian trixie/main i386 libnspr4-dev i386 2:4.36-1 [220 kB] Get: 67 http://deb.debian.org/debian trixie/main i386 libnss3 i386 2:3.107-1 [1503 kB] Get: 68 http://deb.debian.org/debian trixie/main i386 libnss3-dev i386 2:3.107-1 [253 kB] Get: 69 http://deb.debian.org/debian trixie/main i386 libp11-kit-dev i386 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian trixie/main i386 libpkgconf3 i386 1.8.1-4 [38.4 kB] Get: 71 http://deb.debian.org/debian trixie/main i386 softhsm2-common i386 2.6.1-2.2+b1 [12.4 kB] Get: 72 http://deb.debian.org/debian trixie/main i386 libsofthsm2 i386 2.6.1-2.2+b1 [264 kB] Get: 73 http://deb.debian.org/debian trixie/main i386 libssl-dev i386 3.4.0-2 [2842 kB] Get: 74 http://deb.debian.org/debian trixie/main i386 libtommath1 i386 1.3.0-1 [64.8 kB] Get: 75 http://deb.debian.org/debian trixie/main i386 libtomcrypt1 i386 1.18.2+dfsg-7+b2 [407 kB] Get: 76 http://deb.debian.org/debian trixie/main i386 libstoken1t64 i386 0.92-1.1+b2 [31.2 kB] Get: 77 http://deb.debian.org/debian trixie/main i386 libtomcrypt-dev i386 1.18.2+dfsg-7+b2 [1272 kB] Get: 78 http://deb.debian.org/debian trixie/main i386 libstoken-dev i386 0.92-1.1+b2 [8204 B] Get: 79 http://deb.debian.org/debian trixie/main i386 ninja-build i386 1.12.1-1 [153 kB] Get: 80 http://deb.debian.org/debian trixie/main i386 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian trixie/main i386 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian trixie/main i386 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian trixie/main i386 python3-typeguard all 4.4.1-1 [37.0 kB] Get: 84 http://deb.debian.org/debian trixie/main i386 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian trixie/main i386 python3-jaraco.context all 6.0.0-1 [7984 B] Get: 86 http://deb.debian.org/debian trixie/main i386 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian trixie/main i386 python3-pkg-resources all 75.6.0-1 [222 kB] Get: 88 http://deb.debian.org/debian trixie/main i386 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian trixie/main i386 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian trixie/main i386 python3-setuptools all 75.6.0-1 [720 kB] Get: 91 http://deb.debian.org/debian trixie/main i386 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian trixie/main i386 opensc-pkcs11 i386 0.26.0-1 [910 kB] Get: 93 http://deb.debian.org/debian trixie/main i386 opensc i386 0.26.0-1 [415 kB] Get: 94 http://deb.debian.org/debian trixie/main i386 openssl i386 3.4.0-2 [1427 kB] Get: 95 http://deb.debian.org/debian trixie/main i386 p11-kit-modules i386 0.25.5-3 [270 kB] Get: 96 http://deb.debian.org/debian trixie/main i386 p11-kit i386 0.25.5-3 [406 kB] Get: 97 http://deb.debian.org/debian trixie/main i386 pkgconf-bin i386 1.8.1-4 [30.6 kB] Get: 98 http://deb.debian.org/debian trixie/main i386 pkgconf i386 1.8.1-4 [26.2 kB] Get: 99 http://deb.debian.org/debian trixie/main i386 softhsm2 i386 2.6.1-2.2+b1 [177 kB] Fetched 48.5 MB in 2s (28.4 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19795 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_i386.deb ... Unpacking libpython3.13-minimal:i386 (3.13.2-1) ... Selecting previously unselected package libexpat1:i386. Preparing to unpack .../libexpat1_2.6.4-1_i386.deb ... Unpacking libexpat1:i386 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_i386.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:i386 (3.13.2-1) ... Setting up libexpat1:i386 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20129 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.1-2_i386.deb ... Unpacking python3-minimal (3.13.1-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_10.1.0_all.deb ... Unpacking media-types (10.1.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2024b-6_all.deb ... Unpacking tzdata (2024b-6) ... Selecting previously unselected package libffi8:i386. Preparing to unpack .../4-libffi8_3.4.6-1_i386.deb ... Unpacking libffi8:i386 (3.4.6-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:i386. Preparing to unpack .../6-libreadline8t64_8.2-6_i386.deb ... Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8 to /lib/i386-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8.2 to /lib/i386-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8 to /lib/i386-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8.2 to /lib/i386-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:i386 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:i386. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_i386.deb ... Unpacking libpython3.13-stdlib:i386 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_i386.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:i386. Preparing to unpack .../9-libpython3-stdlib_3.13.1-2_i386.deb ... Unpacking libpython3-stdlib:i386 (3.13.1-2) ... Setting up python3-minimal (3.13.1-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21139 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.1-2_i386.deb ... Unpacking python3 (3.13.1-2) ... Selecting previously unselected package libproc2-0:i386. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_i386.deb ... Unpacking libproc2-0:i386 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_i386.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:i386. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic1t64:i386 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_i386.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_i386.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:i386. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_i386.deb ... Unpacking libuchardet0:i386 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_i386.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-3_i386.deb ... Unpacking bsdextrautils (2.40.4-3) ... Selecting previously unselected package libpipeline1:i386. Preparing to unpack .../11-libpipeline1_1.5.8-1_i386.deb ... Unpacking libpipeline1:i386 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_i386.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:i386. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_i386.deb ... Unpacking libtext-charwidth-perl:i386 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0049_all.deb ... Moving old data out of the way Unpacking ucf (3.0049) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-5_i386.deb ... Unpacking m4 (1.4.19-5) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-3_all.deb ... Unpacking libtool (2.5.4-3) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:i386. Preparing to unpack .../27-libelf1t64_0.192-4_i386.deb ... Unpacking libelf1t64:i386 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_i386.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:i386. Preparing to unpack .../29-libunistring5_1.3-1_i386.deb ... Unpacking libunistring5:i386 (1.3-1) ... Selecting previously unselected package libicu72:i386. Preparing to unpack .../30-libicu72_72.1-6_i386.deb ... Unpacking libicu72:i386 (72.1-6) ... Selecting previously unselected package libxml2:i386. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_i386.deb ... Unpacking libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_i386.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:i386. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking libtcl8.6:i386 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:i386. Preparing to unpack .../39-tcl-expect_5.45.4-3+b1_i386.deb ... Unpacking tcl-expect:i386 (5.45.4-3+b1) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-3+b1_i386.deb ... Unpacking expect (5.45.4-3+b1) ... Selecting previously unselected package libidn2-0:i386. Preparing to unpack .../41-libidn2-0_2.3.7-2+b1_i386.deb ... Unpacking libidn2-0:i386 (2.3.7-2+b1) ... Selecting previously unselected package libp11-kit0:i386. Preparing to unpack .../42-libp11-kit0_0.25.5-3_i386.deb ... Unpacking libp11-kit0:i386 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:i386. Preparing to unpack .../43-libtasn1-6_4.20.0-2_i386.deb ... Unpacking libtasn1-6:i386 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:i386. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_i386.deb ... Unpacking libgnutls30t64:i386 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:i386. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_i386.deb ... Unpacking libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:i386. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_i386.deb ... Unpacking libunbound8:i386 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:i386. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_i386.deb ... Unpacking libgnutls-dane0t64:i386 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_i386.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:i386. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_i386.deb ... Unpacking libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:i386. Preparing to unpack .../50-libglib2.0-0t64_2.83.3-2_i386.deb ... Unpacking libglib2.0-0t64:i386 (2.83.3-2) ... Selecting previously unselected package libnspr4:i386. Preparing to unpack .../51-libnspr4_2%3a4.36-1_i386.deb ... Unpacking libnspr4:i386 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_i386.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:i386. Preparing to unpack .../53-libnss3_2%3a3.107-1_i386.deb ... Unpacking libnss3:i386 (2:3.107-1) ... Selecting previously unselected package libnss3-dev:i386. Preparing to unpack .../54-libnss3-dev_2%3a3.107-1_i386.deb ... Unpacking libnss3-dev:i386 (2:3.107-1) ... Selecting previously unselected package libp11-kit-dev:i386. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_i386.deb ... Unpacking libp11-kit-dev:i386 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:i386. Preparing to unpack .../56-libpkgconf3_1.8.1-4_i386.deb ... Unpacking libpkgconf3:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b1_i386.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:i386. Preparing to unpack .../59-libssl-dev_3.4.0-2_i386.deb ... Unpacking libssl-dev:i386 (3.4.0-2) ... Selecting previously unselected package libtommath1:i386. Preparing to unpack .../60-libtommath1_1.3.0-1_i386.deb ... Unpacking libtommath1:i386 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:i386. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:i386. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_i386.deb ... Unpacking libstoken1t64:i386 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:i386. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_i386.deb ... Unpacking libstoken-dev:i386 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1_i386.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.1-1_all.deb ... Unpacking python3-typeguard (4.4.1-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.0-1_all.deb ... Unpacking python3-jaraco.context (6.0.0-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.6.0-1_all.deb ... Unpacking python3-pkg-resources (75.6.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.6.0-1_all.deb ... Unpacking python3-setuptools (75.6.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:i386. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_i386.deb ... Unpacking opensc-pkcs11:i386 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_i386.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.0-2_i386.deb ... Unpacking openssl (3.4.0-2) ... Selecting previously unselected package p11-kit-modules:i386. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_i386.deb ... Unpacking p11-kit-modules:i386 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_i386.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_i386.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:i386. Preparing to unpack .../84-pkgconf_1.8.1-4_i386.deb ... Unpacking pkgconf:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (10.1.0) ... Setting up libpipeline1:i386 (1.5.8-1) ... Setting up libtext-charwidth-perl:i386 (0.04-11+b4) ... Setting up libicu72:i386 (72.1-6) ... Setting up bsdextrautils (2.40.4-3) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:i386 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:i386 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-5) ... Setting up libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:i386 (0.192-4) ... Setting up libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2024b-6) ... Current default time zone: 'Etc/UTC' Local time is now: Mon Mar 23 09:13:08 UTC 2026. Universal Time is now: Mon Mar 23 09:13:08 UTC 2026. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:i386 (1.22.0-1+b1) ... Setting up libpkgconf3:i386 (1.8.1-4) ... Setting up libnspr4:i386 (2:4.36-1) ... Setting up libproc2-0:i386 (2:4.0.4-7) ... Setting up libunistring5:i386 (1.3-1) ... Setting up libssl-dev:i386 (3.4.0-2) ... Setting up libtcl8.6:i386 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:i386 (3.4.6-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:i386 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:i386 (4.20.0-2) ... Setting up netbase (6.4) ... Setting up openssl (3.4.0-2) ... Setting up readline-common (8.2-6) ... Setting up libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Setting up libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-3) ... Setting up tcl-expect:i386 (5.45.4-3+b1) ... Setting up libidn2-0:i386 (2.3.7-2+b1) ... Setting up libnss3:i386 (2:3.107-1) ... Setting up pkgconf:i386 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:i386 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:i386 (2.83.3-2) ... No schema files found: doing nothing. Setting up libstoken-dev:i386 (0.92-1.1+b2) ... Setting up libp11-kit0:i386 (0.25.5-3) ... Setting up ucf (3.0049) ... Setting up libreadline8t64:i386 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:i386 (2:3.107-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:i386 (3.13.2-1) ... Setting up libp11-kit-dev:i386 (0.25.5-3) ... Setting up libpython3-stdlib:i386 (3.13.1-2) ... Setting up libgnutls30t64:i386 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-3+b1) ... Setting up python3 (3.13.1-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:i386 (0.26.0-1) ... Setting up p11-kit-modules:i386 (0.25.5-3) ... Setting up libgnutls-dane0t64:i386 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.0-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.1-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.6.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.6.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.40-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture i386 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/i386-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-16) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86 Host machine cpu: i686 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.0 Run-time dependency libssl found: YES 3.4.0 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.107 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/i386-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-i686-linux-gnu && LC_ALL=C.UTF-8 ninja -j22 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/i386-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=22 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu' [1/29] Compiling C object tests/tdigests.p/tdigests.c.o [2/29] Compiling C object tests/ccerts.p/ccerts.c.o [3/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [5/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [6/29] Compiling C object tests/ccerts.p/util.c.o [7/29] Compiling C object tests/tlsctx.p/util.c.o [8/29] Compiling C object tests/tsession.p/tsession.c.o [9/29] Linking target tests/tdigests [10/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [11/29] Compiling C object tests/tpkey.p/tpkey.c.o [12/29] Compiling C object tests/tpkey.p/util.c.o [13/29] Linking target tests/treadkeys [14/29] Compiling C object tests/tlssetkey.p/util.c.o [15/29] Compiling C object tests/tfork.p/tfork.c.o [16/29] Compiling C object tests/pincache.p/pincache.c.o [17/29] Linking target tests/ccerts [18/29] Compiling C object tests/tcmpkeys.p/util.c.o [19/29] Linking target tests/tsession [20/29] Linking target tests/tlsctx [21/29] Compiling C object tests/tfork.p/util.c.o [22/29] Linking target tests/tpkey [23/29] Linking target tests/tlssetkey [24/29] Linking target tests/pincache [25/29] Linking target tests/tcmpkeys [26/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [27/29] Compiling C object tests/tgenkey.p/util.c.o [28/29] Linking target tests/tfork [29/29] Linking target tests/tgenkey 1/92 pkcs11-provider:softokn / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so SOFTOKNPATH=/usr/lib/i386-linux-gnu TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=71 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ######################################## ## Setup NSS Softokn NSS's certutil command is required ++ exit 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.02s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so SOFTOKNPATH=/usr/lib/i386-linux-gnu TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=38 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1158730810 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 Creating new Self Sign CA + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:b0:fc:ba:33:f7:05:1a:42:2b:20:9b:42:83:05:23 16:e0:7d:2d:8f:76:4c:37:64:73:99:53:6f:e9:5d:16 87:4f:ca:34:ee:85:0c:26:98:68:ac:89:56:e2:40:9c 87:8b:27:a7:26:74:ce:00:59:7a:11:8d:b3:27:40:ca e2:d3:be:05:b8:86:a6:8b:bf:89:dd:a8:a2:43:d8:56 c2:36:a4:7c:de:73:9f:2a:eb:28:d5:d0:c7:48:87:95 a8:db:28:e7:c0:0b:0a:7e:09:ca:cd:d4:0a:1b:ee:f5 e0:6e:c7:ca:24:91:01:e3:d4:f8:16:87:9c:90:3e:f0 94:fc:b2:09:51:7d:ae:4f:25:b2:7b:8d:e0:c3:bd:ec 2a:94:a7:c1:b2:99:fe:37:66:27:ba:ec:39:9b:28:0d d5:0d:95:5d:01:b6:98:cc:9d:40:d8:63:3e:a1:85:49 a7:05:b8:a9:43:4e:75:23:7f:dc:46:bb:65:f4:23:39 b9:37:a5:2a:ff:df:a6:98:13:ad:d4:e4:bc:16:33:58 6a:82:11:89:55:71:80:08:46:99:00:aa:08:02:26:40 d7:37:a2:58:c5:38:d3:31:91:ba:6d:b0:61:af:ea:19 44:fb:43:39:c6:07:e3:eb:14:98:82:84:dc:95:ee:34 7d Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:d76fd985c6f2577885410242a2b49ded9d99e30c sha256:216715212453443475e5ee581961cfd8708df0b90240c2aeeb52a7e45e3902f7 Public Key PIN: pin-sha256:IWcVISRTRDR15e5YGWHP2HCN8LkCQMKu61Kn5F45Avc= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + cat /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:a6:08:04:f2:3c:15:7a:81:e3:54:24:74:4d:98:c1 01:8c:33:32:ce:62:6d:b1:fc:30:ef:64:13:35:46:90 c4:b2:7c:a1:99:49:57:5e:c6:ae:88:1e:93:bb:8e:be f6:95:27:6f:0e:d4:06:13:41:ad:98:02:3e:17:48:0f 71:6b:ca:e6:5c:d5:a3:01:b2:19:81:17:e7:f4:42:b3 37:44:0a:d5:3a:93:1d:5c:9a:f8:9b:88:7e:b6:21:f5 bb:c4:6a:25:5b:80:ae:4a:8b:a2:2a:06:f6:5a:1d:c7 58:df:22:33:6d:bc:be:c0:8c:cc:67:e3:57:9b:3e:f9 c3:bd:57:0f:fd:df:b7:0f:6a:c8:a2:34:19:85:a2:3c ee:3a:6a:aa:ed:d2:8d:75:a7:08:1c:c3:39:48:01:8a af:58:33:4a:57:a5:3c:28:8f:7e:79:6a:97:e0:10:0d 17:85:49:90:5a:20:81:07:59:b9:94:6d:8f:2b:52:3c 7a:af:2f:e8:b3:97:05:f2:5f:2f:e6:af:3e:a8:e2:d7 a0:0b:0c:a7:c9:2c:16:ec:9b:c5:f3:be:4c:de:3f:6f 05:04:88:54:a2:84:c6:ba:e5:74:b0:59:86:c5:91:74 69:5b:b1:b0:6c:72:df:fc:f6:ca:19:4c:14:22:29:a5 c9 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 5bea8bc2888cf08d0167126374f5a4eb45a91e68 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:5bea8bc2888cf08d0167126374f5a4eb45a91e68 sha256:73d54ee1c7211e755ea0939ef738b359069218b8cb9f9609b72d077270b36173 Public Key PIN: pin-sha256:c9VO4cchHnVeoJOe9zizWQaSGLjLn5YJty0HcnCzYXM= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410407f46f477bfdde38bfec56945a4fd81ca3ff4e4f96daf1d9944b19cc3fb5375a7f89eecce1175747ee7605fcb9ad44472483a75fd25e71d02aba104fc9d70f6f EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 07:f4:6f:47:7b:fd:de:38:bf:ec:56:94:5a:4f:d8:1c a3:ff:4e:4f:96:da:f1:d9:94:4b:19:cc:3f:b5:37:5a Y: 7f:89:ee:cc:e1:17:57:47:ee:76:05:fc:b9:ad:44:47 24:83:a7:5f:d2:5e:71:d0:2a:ba:10:4f:c9:d7:0f:6f Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 466e678ee8e617a78f4b4eda7c6961d6cd440c69 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:466e678ee8e617a78f4b4eda7c6961d6cd440c69 sha256:013985cd34122dd8f6e64416df773ab2747faa8eb62dd8822d2fc40eba6ff4bc Public Key PIN: pin-sha256:ATmFzTQSLdj25kQW33c6snR/qo62LdiCLS/EDrpv9Lw= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410482033d0ed8d0264218af425004419aef46de86214c7a45cb43e13238352f28eb1e89f9c38304cacd77b5a856c2e950e5a4257b6005945df9dc1d6d5eb52cd341 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:82:03:3d:0e:d8:d0:26:42:18:af:42:50:04:41:9a ef:46:de:86:21:4c:7a:45:cb:43:e1:32:38:35:2f:28 eb Y: 1e:89:f9:c3:83:04:ca:cd:77:b5:a8:56:c2:e9:50:e5 a4:25:7b:60:05:94:5d:f9:dc:1d:6d:5e:b5:2c:d3:41 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): dd0d821138a2def3f41e0d59c53ea673384d5fa8 Other Information: Public Key ID: sha1:dd0d821138a2def3f41e0d59c53ea673384d5fa8 sha256:5c57b31854f2d14e4d5b5bacc5531f03861281b6747fda5a14f14b0f8d14473d Public Key PIN: pin-sha256:XFezGFTy0U5NW1usxVMfA4YSgbZ0f9paFPFLD40URz0= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04204f3dc6e4c62fb6c3b08164de0520cf717476373782c1a745d557a774ce90be31 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 4f:3d:c6:e4:c6:2f:b6:c3:b0:81:64:de:05:20:cf:71 74:76:37:37:82:c1:a7:45:d5:57:a7:74:ce:90:be:31 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 0693d5714b0f441799b4cbc350a9a4674982e040 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:0693d5714b0f441799b4cbc350a9a4674982e040 sha256:1270e5cc286e87b48887635506d1732bdc0cf54d04d5815d229295a50a731bee Public Key PIN: pin-sha256:EnDlzChuh7SIh2NVBtFzK9wM9U0E1YFdIpKVpQpzG+4= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439dcd95e5ed4288ad10174e9531dabbe8ee682a216d5fa966ec78134104e3f5419dcf9ba2c388e93f9087392bfb50f25622d2b4a20f1ad86c000 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Mon Mar 23 09:13:22 UTC 2026 Not After: Tue Mar 23 09:13:22 UTC 2027 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: dc:d9:5e:5e:d4:28:8a:d1:01:74:e9:53:1d:ab:be:8e e6:82:a2:16:d5:fa:96:6e:c7:81:34:10:4e:3f:54:19 dc:f9:ba:2c:38:8e:93:f9:08:73:92:bf:b5:0f:25:62 2d:2b:4a:20:f1:ad:86:c0:00 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 7fb7f4f04ee306da73a86f4aca73dde1c39d4c1d Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:7fb7f4f04ee306da73a86f4aca73dde1c39d4c1d sha256:f0b96ee5296258edceb66746b9dae97dd7290a590a986ba4b69f94bdecc7b1b2 Public Key PIN: pin-sha256:8Llu5SliWO3OtmdGudrpfdcpClkKmGuktp+UvezHsbI= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Mon Mar 22 21:13:24 2027 CA expiration time: Mon Mar 22 21:13:22 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Mon Mar 23 09:13:24 UTC 2026 Not After: Tue Mar 23 09:13:24 UTC 2027 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:98:46:5d:7f:12:01:45:46:ba:30:2a:a4:eb:14:d5 47:f0:b3:85:1f:e1:a4:55:0d:7c:71:67:c8:1f:91:ed e3:76:0c:1f:1b:52:f3:ed:d6:61:52:5b:7e:95:7b:dd 6c:77:18:02:44:6a:bf:0b:5a:b0:97:d6:dd:5b:11:a2 4a:49:39:1f:d6:97:d8:88:a6:e8:1a:3b:1f:28:4d:88 da:a6:c9:86:0a:fe:cc:3b:c1:c1:ea:e3:cd:b9:0a:0a 06:76:ca:37:48:89:66:0b:56:80:46:81:99:9f:00:d9 97:67:7f:20:68:a0:9c:2a:2e:4f:f6:b2:4b:79:32:7d ad:8d:5c:95:ec:d5:37:58:fb:2f:67:ad:f5:cc:6d:4f 2b:bc:ca:aa:5d:78:12:a0:9f:4a:82:1d:1f:c2:72:dd e5:6f:78:8e:d5:ea:a1:b0:dd:ca:db:05:bb:5c:d9:17 ce:70:bb:97:b9:76:aa:66:c2:00:37:94:52:57:c5:1a fa:b4:08:bd:bf:35:9e:b7:8d:0a:ba:3e:50:60:5e:e4 58:19:b2:11:77:41:8b:99:55:b7:5e:0d:95:21:b3:13 4a:39:08:0a:2f:78:24:04:b7:7c:47:ff:9b:b7:1d:5f 53:94:f8:4c:b8:82:d2:c1:2e:b9:1c:87:a1:b9:ba:73 f5 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 2957b88c49b37874eb8ddba208f6692f5e8e3682 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:2957b88c49b37874eb8ddba208f6692f5e8e3682 sha256:c1cce898e95ad9c383161a4304d0c5b622d4fcad53d62a2e9daa850e7b3e4768 Public Key PIN: pin-sha256:wczomOla2cODFhpDBNDFtiLU/K1T1iounaqFDns+R2g= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104e6e38e6ebf38ec8d4413495d2c5977779b7ff1ee24d69f0b0158428d1c2a13656f655b94452987d9ca9b70cefc4ea6fc39db8a7b139e3efcf22015cd346f060b1f2f0d6490e5e3bdb416af302eae4e5f91d967185d5aaf9147c37f8fda5524da EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Mon Mar 22 21:13:24 2027 CA expiration time: Mon Mar 22 21:13:22 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Mon Mar 23 09:13:24 UTC 2026 Not After: Tue Mar 23 09:13:24 UTC 2027 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:e6:e3:8e:6e:bf:38:ec:8d:44:13:49:5d:2c:59:77 77:9b:7f:f1:ee:24:d6:9f:0b:01:58:42:8d:1c:2a:13 65:6f:65:5b:94:45:29:87:d9:ca:9b:70:ce:fc:4e:a6 fc Y: 39:db:8a:7b:13:9e:3e:fc:f2:20:15:cd:34:6f:06:0b 1f:2f:0d:64:90:e5:e3:bd:b4:16:af:30:2e:ae:4e:5f 91:d9:67:18:5d:5a:af:91:47:c3:7f:8f:da:55:24:da Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): b5f34df6a0fbf84f7edde8e35b3a03ddbd37549d Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:b5f34df6a0fbf84f7edde8e35b3a03ddbd37549d sha256:8ef37e74bbef10595c28f0d954b700ce52f373dcc43620809ee03aa1b248bfa3 Public Key PIN: pin-sha256:jvN+dLvvEFlcKPDZVLcAzlLzc9zENiCAnuA6obJIv6M= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401da5906d3be7f64f00d361c14847cbe2c9d0e4acb3e80423c01510cd429dbdcb9b82fbeb88e0cbc305f7f244dff2a58122f748570298c28b2227d5a8277c7a3eb9101234ef6e452350d29b9ab4a9be50040bfe7c473e94c91d327116d3a94d22eb286daa5a288b1b1b4b0f2524a2534456a37ac5c070d219f1f9d7745bcd473c816dbc6 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Mon Mar 22 21:13:24 2027 CA expiration time: Mon Mar 22 21:13:22 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Mon Mar 23 09:13:24 UTC 2026 Not After: Tue Mar 23 09:13:24 UTC 2027 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 01:da:59:06:d3:be:7f:64:f0:0d:36:1c:14:84:7c:be 2c:9d:0e:4a:cb:3e:80:42:3c:01:51:0c:d4:29:db:dc b9:b8:2f:be:b8:8e:0c:bc:30:5f:7f:24:4d:ff:2a:58 12:2f:74:85:70:29:8c:28:b2:22:7d:5a:82:77:c7:a3 eb:91 Y: 01:23:4e:f6:e4:52:35:0d:29:b9:ab:4a:9b:e5:00:40 bf:e7:c4:73:e9:4c:91:d3:27:11:6d:3a:94:d2:2e:b2 86:da:a5:a2:88:b1:b1:b4:b0:f2:52:4a:25:34:45:6a 37:ac:5c:07:0d:21:9f:1f:9d:77:45:bc:d4:73:c8:16 db:c6 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 52cc9c8ca13c153fd9e9441336c7c8cc9a1dcfec Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:52cc9c8ca13c153fd9e9441336c7c8cc9a1dcfec sha256:b8e19c40402196a130bc90d15365965325bbc54741d604a97ce5685745973834 Public Key PIN: pin-sha256:uOGcQEAhlqEwvJDRU2WWUyW7xUdB1gSpfOVoV0WXODQ= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Mon Mar 22 21:13:24 2027 CA expiration time: Mon Mar 22 21:13:22 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Mon Mar 23 09:13:24 UTC 2026 Not After: Tue Mar 23 09:13:24 UTC 2027 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:e7:9f:71:7a:77:80:e4:d9:0b:16:1b:62:96:92:23 f4:23:8f:18:0f:c1:48:84:78:d4:e5:18:fe:bf:91:35 92:25:8e:f1:1b:83:40:77:b8:88:26:5a:a7:5f:04:30 a4:31:30:14:22:06:ac:4c:91:58:41:10:c7:75:4b:b6 90:7e:01:db:ac:7f:00:4f:65:51:93:bc:75:05:36:98 44:00:19:9d:9b:7b:13:42:af:31:45:af:1b:d5:72:57 e7:5e:42:a3:ef:6b:1e:02:51:97:7f:ca:bc:b5:ca:37 59:79:3f:b1:57:e4:a3:7b:39:b3:ab:6c:ec:4c:73:b5 09:39:d7:c1:54:4f:82:79:21:59:96:86:59:ff:3c:8d 0d:c6:2b:e4:b6:95:ac:cf:f4:cc:fa:3f:ea:5b:cf:3d d4:40:c9:d0:ef:6f:b7:1f:65:90:99:48:ee:aa:e6:77 a1:d2:74:b5:3e:2d:dc:81:01:4e:e8:94:2f:39:fe:b7 90:65:4c:2f:92:88:8d:85:91:be:df:7a:23:32:34:05 ed:3b:00:e2:59:18:c9:c4:06:d7:09:be:98:e1:68:36 2f:ee:95:e3:8a:38:85:69:60:2e:6b:55:ed:09:92:da e0:fa:5e:e1:be:98:3f:b9:86:39:8f:ae:6e:4a:29:3a 91 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 93ad18a34c66c86a9988e7960920445031f25593 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:93ad18a34c66c86a9988e7960920445031f25593 sha256:77186d5279458ec6072d9128848c659913b4ad0a371e93e5e3e240ea7713fc27 Public Key PIN: pin-sha256:dxhtUnlFjsYHLZEohIxlmRO0rQo3HpPl4+JA6ncT/Cc= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Mon Mar 22 21:13:28 2027 CA expiration time: Mon Mar 22 21:13:22 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Mon Mar 23 09:13:28 UTC 2026 Not After: Tue Mar 23 09:13:28 UTC 2027 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0b:33:36:00:cb:17:2b:a8:b6:ec:ed:70:c2:09:a7:f5 ec:11:30:02:ce:18:f4:c0:e5:22:f2:58:e4:c3:90:05 bd:3c:bb:d3:e6:6f:64:29:0a:95:a5:35:c8:77:54:8e 0f:56:bc:23:ec:ed:52:d0:d8:b5:7c:1d:95:fc:98:09 a9:9e:6d:96:48:d4:7d:ab:64:7c:3b:b0:d2:93:d7:3e 93:fb:16:fb:b0:2f:17:44:8a:82:a3:21:04:90:b4:0d 00:ae:e5:2a:a5:ae:dd:2e:eb:52:d0:3e:74:71:cf:dc 9b:7a:6d:78:1d:29:49:d7:76:e9:d5:0a:40:05:60:40 97:1c:dc:87:8d:30:ad:f4:7a:2d:05:ee:0f:e4:12:61 dc:cc:cd:57:ae:dd:d3:15:f6:09:38:9a:05:65:15:f4 7e:19:06:04:e9:07:7b:b1:47:e6:ec:7b:ff:dc:1d:01 97:06:47:6c:f8:e1:9d:20:cd:79:58:32:22:f6:10:e4 86:a9:d8:0e:65:19:49:83:b3:7e:5d:75:03:8c:d2:f8 80:77:09:7a:0e:ef:d1:e1:21:3b:42:d3:29:9d:99:22 47:85:4d:74:d1:bf:81:43:1e:04:0f:c1:6e:9d:02:03 0b:9c:63:db:b2:5e:9b:11:11:c1:b5:ca:b6:e9:1f:2f b6:c7:f4:90:0f:84:e5:51:e7:c8:95:b2:88:a1:5f:e1 e2:09:c1:da:1b:f7:f4:8f:ff:66:51:fa:c1:14:02:eb 56:37:34:a5:f7:a9:6e:7c:ed:0b:f8:4d:84:b3:0e:fe 79:7a:f9:b7:5f:82:98:66:2e:8a:ab:74:b3:ed:f5:24 ce:89:43:cf:cd:15:15:3c:64:7d:c8:44:30:a5:21:6b da:13:a2:76:68:3d:5f:1d:ea:c6:b9:39:32:ef:91:10 67:34:97:37:26:fc:7e:de:3a:d3:50:b3:b6:3f:60:c8 4d:ab:8a:5a:16:1e:ae:97:79:98:37:2a:29:46:5e:16 28:76:01 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): bb24e339ab215eeb7172a0ef964a61bc8e17cf26 Authority Key Identifier (not critical): d76fd985c6f2577885410242a2b49ded9d99e30c Other Information: Public Key ID: sha1:bb24e339ab215eeb7172a0ef964a61bc8e17cf26 sha256:abbcb30690a948eb0404e13e15b8ee1bb60f6cdd28cdd5d3ddf228d3f457e1cc Public Key PIN: pin-sha256:q7yzBpCpSOsEBOE+FbjuG7YPbN0ozdXT3fIo0/RX4cw= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token + echo ' ----------------------------------------------------------------------------------------------------' ---------------------------------------------------------------------------------------------------- + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439dcd95e5ed4288ad10174e9531dabbe8ee682a216d5fa966ec78134104e3f5419dcf9ba2c388e93f9087392bfb50f25622d2b4a20f1ad86c000 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410407f46f477bfdde38bfec56945a4fd81ca3ff4e4f96daf1d9944b19cc3fb5375a7f89eecce1175747ee7605fcb9ad44472483a75fd25e71d02aba104fc9d70f6f EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04204f3dc6e4c62fb6c3b08164de0520cf717476373782c1a745d557a774ce90be31 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410482033d0ed8d0264218af425004419aef46de86214c7a45cb43e13238352f28eb1e89f9c38304cacd77b5a856c2e950e5a4257b6005945df9dc1d6d5eb52cd341 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401da5906d3be7f64f00d361c14847cbe2c9d0e4acb3e80423c01510cd429dbdcb9b82fbeb88e0cbc305f7f244dff2a58122f748570298c28b2227d5a8277c7a3eb9101234ef6e452350d29b9ab4a9be50040bfe7c473e94c91d327116d3a94d22eb286daa5a288b1b1b4b0f2524a2534456a37ac5c070d219f1f9d7745bcd473c816dbc6 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' ---------------------------------------------------------------------------------------------------- + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' ## Output configurations Generate openssl config file + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + cat + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 6.34s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so SOFTOKNPATH=/usr/lib/i386-linux-gnu TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src MALLOC_PERTURB_=198 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ######################################## ## Searching for Kryoptic module ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.02s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so SOFTOKNPATH=/usr/lib/i386-linux-gnu TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src MALLOC_PERTURB_=65 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' ######################################## ## Searching for Kryoptic module +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.02s 5/92 pkcs11-provider:softokn / basic RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=129 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.01s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=94 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 40596CF7:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1158730810 - SoftHSM slot ID 0x4510d43a):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1158730810 - SoftHSM slot ID 0x4510d43a):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 8.44s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.01s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=8 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.01s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=146 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.01s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=181 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.27s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=198 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.01s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=29 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.01s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=11 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.01s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=82 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.19s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=55 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.01s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=43 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.01s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=121 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.01s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=179 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 0.42s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=205 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.01s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=140 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.01s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=235 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 0.90s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=175 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.01s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=79 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.01s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> MALLOC_PERTURB_=73 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=149 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.01s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=171 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.01s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=145 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.01s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=41 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr .....+.....+.+..+......+.........+...+.........+.+...+.........+............+++++++++++++++++++++++++++++++++++++++*...+.+.....+...+...+.......+........+...+....+..+...+.+..+.............+......+...+...+..+.......+........+......+++++++++++++++++++++++++++++++++++++++*..+.............+........+.........................+..+..........+...+...............+..+...+.+...+......++++++ .+......+....+...+............+..+...+.+.....+.........+.+......+.....+......+...+......+++++++++++++++++++++++++++++++++++++++*.+..........+...+..+....+.....+...+++++++++++++++++++++++++++++++++++++++*.+.+...........+......+.............+..+...+.......+...++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 23 09:13:39 2027 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 0.85s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=22 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.01s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=46 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.01s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> MALLOC_PERTURB_=7 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.01s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=176 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.05s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> MALLOC_PERTURB_=96 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.01s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=175 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.01s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=21 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.01s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=139 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 0.28s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=24 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.01s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=135 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.01s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=65 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.01s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=195 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.01s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=24 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.01s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=183 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.01s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=99 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.01s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=165 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.01s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> MALLOC_PERTURB_=189 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.01s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=77 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.01s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=179 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.01s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=244 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.01s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=239 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.16s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=94 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.01s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=129 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.01s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=69 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.13s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=38 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.01s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=134 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.01s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=99 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.01s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=104 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.01s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=170 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.01s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> MALLOC_PERTURB_=54 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.01s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=156 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.79s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=201 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.01s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=32 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.01s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=236 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.01s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=56 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.27s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=163 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.01s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=15 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.01s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=179 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.01s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> MALLOC_PERTURB_=7 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 40D960F7:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 40D960F7:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 Å ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.04s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=176 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.01s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> MALLOC_PERTURB_=245 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.01s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=43 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.01s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=198 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.05s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=171 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.01s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=214 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.01s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=71 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.01s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=38 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3E5FC8C242D9CB18F6435F61C79C69FC03A02537E8E0C514422663F1F79AB3CD Session-ID-ctx: Resumption PSK: 55815E3A2FF9725CA98746C9B1B77F6912E45158EBCD8371E1B168BC039E24241A3D87DEDFAD5A80035448263644020A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b8 d7 e0 61 54 5d f1 3c-f9 a8 0f bf 80 ae 53 a6 ...aT].<......S. 0010 - 1e b1 4d 2f ee e7 3d 8b-68 3d 7f 61 2c dd a1 40 ..M/..=.h=.a,..@ 0020 - d4 b4 21 dd e1 d1 95 81-22 23 33 be 8f 91 a1 30 ..!....."#3....0 0030 - 67 da f4 4b 28 99 3f 22-82 78 1a 5d 90 e9 56 df g..K(.?".x.]..V. 0040 - d3 2e 4b 60 2d 19 8e 11-e7 80 ca 0d 59 01 47 cc ..K`-.......Y.G. 0050 - fc a2 41 1b a8 70 f9 7f-8b 3f 1c 51 47 38 d5 50 ..A..p...?.QG8.P 0060 - d9 e3 c4 32 ce ce 09 1e-eb 1b e6 b4 08 d7 bf 61 ...2...........a 0070 - 13 65 e1 f6 8f 4b 35 57-fe 83 ae 52 14 82 5a 83 .e...K5W...R..Z. 0080 - 98 5d f3 24 17 91 b1 f7-63 d7 c0 cd ef 63 f1 33 .].$....c....c.3 0090 - f3 44 50 06 1c 55 57 6b-a4 41 00 94 90 66 ff 5e .DP..UWk.A...f.^ 00a0 - 11 db 91 5c 30 95 0a 2a-80 58 40 82 0e 55 30 01 ...\0..*.X@..U0. 00b0 - 8a d9 fb 6d 5c 77 2d 0c-41 14 ad 78 55 36 dd 63 ...m\w-.A..xU6.c 00c0 - 77 b7 ff 1d 29 67 a0 e7-32 c2 1b dc 26 36 b2 83 w...)g..2...&6.. Start Time: 1774257221 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6D23FB57D2822542C1267426557C3C8D1C895AD564601F63D7DD79BD7CE0FE31 Session-ID-ctx: Resumption PSK: 5F35F8B1CDEFAEFEE486D226B942BE72FAE33E49019DEB07AFA1BEECD7C636922D500FEF32AE307412B4DD43F91D14A1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b8 d7 e0 61 54 5d f1 3c-f9 a8 0f bf 80 ae 53 a6 ...aT].<......S. 0010 - eb ba 23 f1 78 9c 66 c5-e7 26 16 fb e8 ba 49 9f ..#.x.f..&....I. 0020 - 22 90 81 9c e3 6e ef 51-d0 fc 91 97 52 e5 e0 16 "....n.Q....R... 0030 - 78 c3 56 58 19 1a 47 27-02 9e 9c b3 5d 44 b3 dc x.VX..G'....]D.. 0040 - af 79 8e 19 af 13 f2 14-ea 88 dc 5a f8 b2 fb 39 .y.........Z...9 0050 - 13 57 28 7c 03 b5 d6 d7-e7 cf 2d 87 d0 07 1d 88 .W(|......-..... 0060 - 9a 8a 5d ad b0 cc c9 79-6a 0e 6d a7 c3 be 26 78 ..]....yj.m...&x 0070 - 2e 8a b8 f0 86 3c aa d1-31 38 c5 59 ee 6c c6 03 .....<..18.Y.l.. 0080 - 7a f3 b0 07 99 0c 99 8c-b7 7c c9 37 e9 45 5b d6 z........|.7.E[. 0090 - 16 ca 40 71 b5 50 3d 31-1f 9f 4c 4c 07 de 21 c9 ..@q.P=1..LL..!. 00a0 - c3 0e c6 58 96 f1 3c 9b-0c 22 56 11 5e 55 66 a3 ...X..<.."V.^Uf. 00b0 - 47 b4 fc 09 7f 20 13 70-5a 2b 67 ae 4d 10 14 9a G.... .pZ+g.M... 00c0 - 20 eb 2c 0a 3b e1 ff 38-66 42 66 0a 8d d4 83 25 .,.;..8fBf....% Start Time: 1774257221 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 401968F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIIt1S4cwg7Z0EmAhrc08o2NKhYp/1U2WmdiGqxJTlMPT BDBfNfixze+u/uSG0ia5Qr5y+uM+SQGd6wevob7s18Y2ki1QD+8yrjB0ErTdQ/kd FKGhBgIEacEERaIEAgIcIKQGBAQBAAAArgcCBQDibgyvswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 23 09:13:41 2026 GMT; NotAfter: Apr 22 09:13:41 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUNZoLlVRROrJOvZunU7fENx1+acYwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzIzMDkxMzQxWhcNMjYwNDIyMDkxMzQxWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDnn3F6d4Dk2QsWG2KW kiP0I48YD8FIhHjU5Rj+v5E1kiWO8RuDQHe4iCZap18EMKQxMBQiBqxMkVhBEMd1 S7aQfgHbrH8AT2VRk7x1BTaYRAAZnZt7E0KvMUWvG9VyV+deQqPvax4CUZd/yry1 yjdZeT+xV+Sjezmzq2zsTHO1CTnXwVRPgnkhWZaGWf88jQ3GK+S2lazP9Mz6P+pb zz3UQMnQ72+3H2WQmUjuquZ3odJ0tT4t3IEBTuiULzn+t5BlTC+SiI2Fkb7feiMy NAXtOwDiWRjJxAbXCb6Y4Wg2L+6V44o4hWlgLmtV7QmS2uD6XuG+mD+5hjmPrm5K KTqRAgMBAAGjaTBnMB0GA1UdDgQWBBTlpWZXTeH7mJ+xv3//vncCBAk7tzAfBgNV HSMEGDAWgBTlpWZXTeH7mJ+xv3//vncCBAk7tzAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAkeEQmMzCMAvF pm33D5FL4gQG67Dnyaql8QTALAeM6PLztf6BjpDFMNQD9yvK1lMpfp4zfs9CQPnE nfdDeMCchp+GoVAgu/KFnX7BGDjxLv/ECDu0xp38cohXHW1YM/d0FtScVRTa8dfX skyRnM3g40KeVSmaDSoRPT8D6aPADDUNg5Sj/eeXde1PVWnwr37yFfoUJbMWzer2 Bg48jl8USUP8LglFO5hz3EAlud7Wv2pn++fec7+6YTZ7f25kRxjDyMxGNHKhKUhP Ox+eAfLywEAs5xxSeLmMceJAarrOB8j7WWhE+4olHfhosXC2rp/OuST0kSWcmbGl Zdhlt54HSA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7372F807A5E52BD2700DCC1825CEBAEA3AE2AD31C00220FB8EB24D77AB6BC673 Session-ID-ctx: Resumption PSK: E244C4682F356E13D0DC87E4EBA64AAF16C16B7AF02DC19AD3AAB716C463CB1DBF7A5350ED0ECF6B2A0A2104D9BAD111 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e4 10 83 e1 96 b6 e6 d8-35 c1 58 d8 5f 1c 46 fb ........5.X._.F. 0010 - 94 66 39 ad 07 97 6c 01-d5 8c 22 05 6d 0b f8 e9 .f9...l...".m... 0020 - d9 21 ec 3d bc 02 80 ad-3b 1a 22 55 4f bd 0e 63 .!.=....;."UO..c 0030 - de d8 d0 2c d2 23 85 3b-d5 2a ec a7 6e 85 2c 5c ...,.#.;.*..n.,\ 0040 - 16 e3 81 f7 5e 02 57 2d-54 53 1e cd 74 51 bf bd ....^.W-TS..tQ.. 0050 - ec 6d 5a f7 08 92 7a b8-b8 ed 13 b5 a1 05 0f 5c .mZ...z........\ 0060 - f7 99 14 42 c2 61 ef eb-38 93 28 87 02 fb e9 16 ...B.a..8.(..... 0070 - b9 05 db 8b 13 2d df 12-7c 0d 69 ee 6b 23 ac 62 .....-..|.i.k#.b 0080 - ab d4 e1 91 f6 0c 9c ec-03 16 01 54 de 5f a5 58 ...........T._.X 0090 - 90 9d c6 48 17 ce 45 6a-14 83 6a fb ff 0e b7 ef ...H..Ej..j..... 00a0 - 6b 49 f3 2c 50 99 13 67-e2 14 04 bb 27 8f 4e 11 kI.,P..g....'.N. 00b0 - ff 48 4a ec 63 6e aa 76-82 d7 e5 d0 66 a8 0e 95 .HJ.cn.v....f... 00c0 - 3c e1 f3 c8 17 85 7c fa-49 2d 66 a4 56 f3 c9 69 <.....|.I-f.V..i Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 89A5750ECC716F49C4BD9766D0F456313BCAB05B446A76AE26694A923C4DAECD Session-ID-ctx: Resumption PSK: 6F975F19FB7B4AE685181EFB58AF1C018A03B46AB817C3440ABDF6E46F2C41CDEC1F144EEF3F49A7E7FECD73647E6AC7 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e4 10 83 e1 96 b6 e6 d8-35 c1 58 d8 5f 1c 46 fb ........5.X._.F. 0010 - 39 60 81 89 76 c4 02 45-4e 1b 40 c0 c0 55 4e b6 9`..v..EN.@..UN. 0020 - 8f e5 e6 fb 49 1e 80 6f-1c af 8e 6f 04 71 a8 b3 ....I..o...o.q.. 0030 - d0 c0 25 93 fd c2 47 4f-06 d4 32 98 0c 19 63 be ..%...GO..2...c. 0040 - 0e cf 81 bb 7f 50 92 72-cc 45 f5 16 4d 74 9e 9a .....P.r.E..Mt.. 0050 - d6 3a 0d e2 d6 7d e2 dc-69 4c 35 c0 a7 50 d9 35 .:...}..iL5..P.5 0060 - fe 07 06 ed 93 c7 a8 53-2b fb 70 49 43 f5 2a d4 .......S+.pIC.*. 0070 - 0d 34 74 84 d5 03 c5 a0-1f 07 73 df e4 e8 57 c1 .4t.......s...W. 0080 - d6 96 fc 5d 34 4d 9c 60-4d 85 2d bf 64 90 85 2f ...]4M.`M.-.d../ 0090 - 3d 57 f1 07 22 61 a0 95-5b c4 9f 07 9e ab c3 da =W.."a..[....... 00a0 - 6f a5 a9 18 38 a4 ad 79-7b e9 b5 d3 9f 87 1e a5 o...8..y{....... 00b0 - d0 66 cf 68 99 32 17 23-62 ae 0c 90 be 10 d8 1a .f.h.2.#b....... 00c0 - 49 49 09 49 c0 54 13 6e-26 28 42 79 c3 c5 e8 f3 II.I.T.n&(By.... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40E967F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIB4HCrUoN//RM0twdo67anggloFLdE320F5z6BCzBymy BDBvl18Z+3tK5oUYHvtYrxwBigO0argXw0QKvfbkbyxBzewfFE7vP0mn5/7Nc2R+ asehBgIEacEERqIEAgIcIKQGBAQBAAAArgYCBENyRQCzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 23 09:13:42 2026 GMT; NotAfter: Apr 22 09:13:42 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUSOG9m2T99CIUrHfyfstNJbxnYIUwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzIzMDkxMzQyWhcNMjYwNDIyMDkxMzQyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwszNgDLFyuotuztcMIJ p/XsETACzhj0wOUi8ljkw5AFvTy70+ZvZCkKlaU1yHdUjg9WvCPs7VLQ2LV8HZX8 mAmpnm2WSNR9q2R8O7DSk9c+k/sW+7AvF0SKgqMhBJC0DQCu5Sqlrt0u61LQPnRx z9ybem14HSlJ13bp1QpABWBAlxzch40wrfR6LQXuD+QSYdzMzVeu3dMV9gk4mgVl FfR+GQYE6Qd7sUfm7Hv/3B0BlwZHbPjhnSDNeVgyIvYQ5Iap2A5lGUmDs35ddQOM 0viAdwl6Du/R4SE7QtMpnZkiR4VNdNG/gUMeBA/Bbp0CAwucY9uyXpsREcG1yrbp Hy+2x/SQD4TlUefIlbKIoV/h4gnB2hv39I//ZlH6wRQC61Y3NKX3qW587Qv4TYSz Dv55evm3X4KYZi6Kq3Sz7fUkzolDz80VFTxkfchEMKUha9oTonZoPV8d6sa5OTLv kRBnNJc3Jvx+3jrTULO2P2DITauKWhYerpd5mDcqKUZeFih2AQIDAQABo2kwZzAd BgNVHQ4EFgQUg6Z8gnUBJe4rtOWY9XMCmM8Hy6MwHwYDVR0jBBgwFoAUg6Z8gnUB Je4rtOWY9XMCmM8Hy6MwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAVAYm7u6Ih0gBk6d2bg299CraGRtFOd q38DUWeT61NhTbwV16XRNlkXnp4qAeYtbewqZIjvnn6rW3o4uJJ8fCcPCkJuUm+9 GYKbPADd6I/XPogOIUIzi5t6nv/kCVYdbC1kwUtOaxYbAE3C/BylLmhO5H1FUqqf d7cUzGUz1WndUAhBa0RAAjbuJ4eizy+qBD2RObi/eJkiSrjwkGP19j7TTpsWbZXA qy4Nb6sEdTxH7LRh5zsxvuqtfZFyxv1HC+/5i/lJELb9UXTP7pc+zfyVNKtINdoU PiugGKw/BVafjui6OptQLW+EZTrju8HyGLiBvlIg57BTviEuUX28VzudqoReqn7J kRE5z4naCuKJzzGyjVzDJOZAn8UX0uYfo1eD0qoketw1iwiiSNlTqB+fofogzDMz 4yu7cvxVVW3ZfkCwDTMM3nRgyI9mRb5L+Eye/YjBdGWYkDd+0DYxvIZwJuYXochO 25rB3hf4S9VqUQzw4zGQq2UqPL1TXPkkVpm16Q== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8D4F3FCCA857FAD2186DA5C3352397A3E96E8BBAFE0E1EF718F5A52807E19A28 Session-ID-ctx: Resumption PSK: B7FE96DD1A18DB856AB8DDFAA198294D1B6192583E28C25226C90EEDE5EE98D32BB4DCC93786A4D3606B441FF4116AD5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9f d2 4c f7 59 ef 69 3a-8d 88 80 7a 68 e3 f0 a1 ..L.Y.i:...zh... 0010 - c7 c4 e2 e8 6f b5 af f6-1c 87 22 0a 4c 63 48 69 ....o.....".LcHi 0020 - 11 da a5 cd 2e af 89 47-88 c6 04 a7 58 36 f0 c7 .......G....X6.. 0030 - fb 68 8c 8d c0 bd e5 8b-52 d7 2d c5 bb a2 29 ea .h......R.-...). 0040 - bc 6a 1e e6 b3 70 5e df-79 bc 28 bf aa 38 23 99 .j...p^.y.(..8#. 0050 - 48 22 e1 eb 3f f7 0b e1-ac 27 c3 f9 b0 4e 09 1f H"..?....'...N.. 0060 - fb 1a 00 ac 1d 4a d1 e0-9b 36 41 54 7b da 49 f4 .....J...6AT{.I. 0070 - cc 43 45 a2 90 eb f2 53-c8 da 4a b7 48 fa f2 2d .CE....S..J.H..- 0080 - 64 07 02 0a d1 c4 ad 7c-41 31 41 46 c2 24 2d 43 d......|A1AF.$-C 0090 - 33 2d ed 1d 29 9a 1a b4-21 30 d9 21 60 8a dc 05 3-..)...!0.!`... 00a0 - 45 6f 9b 69 82 d1 f3 2c-c6 cc 6c b6 1a e6 9e 20 Eo.i...,..l.... 00b0 - 3b e3 7e a0 03 26 10 0f-bd 0c 5b 57 c9 ca 6c 2c ;.~..&....[W..l, 00c0 - 78 6f e2 64 44 22 86 8b-2e d7 78 5c 05 f6 80 0c xo.dD"....x\.... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 1100BA131C52516D8B5108075FBA79E17ECEBA3C5651EAE7C6E06B7D27AF2C23 Session-ID-ctx: Resumption PSK: 943AEB2E9110F964440E20D4675B85A8357EC9084EFF279F0B105A724BCC4FD23C57994445E6334A19295679FCE2D6F3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9f d2 4c f7 59 ef 69 3a-8d 88 80 7a 68 e3 f0 a1 ..L.Y.i:...zh... 0010 - e5 1e 77 47 f6 aa ff ae-63 10 f9 31 08 b3 e1 39 ..wG....c..1...9 0020 - 1a 47 25 85 e0 42 a4 cb-3a 21 a7 95 38 0a 56 55 .G%..B..:!..8.VU 0030 - 60 cd 76 4a 79 d6 92 12-b2 71 ce 16 9a ba ca 2e `.vJy....q...... 0040 - 16 84 d8 89 60 10 67 8a-9c 7e 0b bd 0d fb bf 07 ....`.g..~...... 0050 - 87 d2 d7 64 41 67 ff dd-d6 20 e2 0d 16 98 01 fd ...dAg... ...... 0060 - aa 6c ea 28 ca 95 e9 41-80 5b dc df 27 59 0c e9 .l.(...A.[..'Y.. 0070 - c8 f6 c2 51 f5 7b 95 aa-8c 3e bf 89 9d 65 53 d6 ...Q.{...>...eS. 0080 - 1e 16 7a 13 55 0b 49 5a-9d b5 6b 1d cf cc 77 de ..z.U.IZ..k...w. 0090 - ca c6 54 39 bd 9a c8 c6-45 a0 ad 4e ac a1 f0 24 ..T9....E..N...$ 00a0 - 33 eb a4 97 38 71 61 a2-96 13 b6 33 2d 91 8a 64 3...8qa....3-..d 00b0 - 07 35 93 99 b8 0d a7 11-fb 2f e6 45 cf 9f db ca .5......./.E.... 00c0 - e3 41 b3 07 2d 7b 23 91-95 57 c6 43 38 c1 bc fc .A..-{#..W.C8... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F965F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIK0P8+MI94YqhwBNwcxIZCRblzNdQ4DnWomyB9gHRi3y BDCUOusukRD5ZEQOINRnW4WoNX7JCE7/J58LEFpyS8xP0jxXmURF5jNKGSlWefzi 1vOhBgIEacEERqIEAgIcIKQGBAQBAAAArgYCBEXYEiCzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1002 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: BD1957E3361FC7F57FFD6A78E84217A629DD44D713E424281DD8BCFE89B008AE Session-ID-ctx: Resumption PSK: 8F812EC365C79610F6EE6590C3DD38E59E1126E507D17FA2CF5616EC6B38B453FA9E93F9E67B2A67600AE989EADCBCB6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2f b5 da 9c 3f 86 16 70-90 c9 b2 e4 6f ca 96 e4 /...?..p....o... 0010 - 31 94 35 87 6f 04 6b 14-ab e3 6b 83 fb f6 e5 6c 1.5.o.k...k....l 0020 - 1a b1 1f 30 13 6f b2 39-37 71 97 4c 0c 89 c8 34 ...0.o.97q.L...4 0030 - a6 d3 46 37 7e d3 ff 96-13 30 2a 05 78 6e 38 91 ..F7~....0*.xn8. 0040 - 9f 90 60 63 05 ab 0c f8-c2 c3 d6 88 4c 0d a8 c1 ..`c........L... 0050 - 14 0c 00 b8 3d db 01 7a-18 96 f2 c7 ea 86 39 41 ....=..z......9A 0060 - d4 d6 d1 aa 52 56 0c ed-dc 96 56 3e bf f7 87 41 ....RV....V>...A 0070 - 0b 84 ac 0d 9b d4 ea 24-fa 1b 90 dd 0b 5a fd 73 .......$.....Z.s 0080 - e7 15 cf f8 19 bc b7 c5-f8 01 10 97 24 ef dd 41 ............$..A 0090 - a9 62 82 d9 22 e9 f8 57-ae 14 78 0b fe a9 92 f7 .b.."..W..x..... 00a0 - f1 34 81 44 c5 bb a9 5c-78 3b 89 8c 45 12 38 61 .4.D...\x;..E.8a 00b0 - 7c c1 aa 73 ab d2 db d7-04 33 7e 0e 87 81 91 29 |..s.....3~....) 00c0 - 64 cf 11 8b c3 96 19 b7-62 f1 6f 10 23 c7 da c1 d.......b.o.#... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A4E733D36242189CA87FEA6EF8ED2B0ABAE80B6806A782662EED2E81733B8B24 Session-ID-ctx: Resumption PSK: CA9409EF838EEE093F8DA4087AD198FABB9ADF8A09FBA821BA2B2B81B8819CDC6FA5C77D1BA70690240ED1F157324B99 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2f b5 da 9c 3f 86 16 70-90 c9 b2 e4 6f ca 96 e4 /...?..p....o... 0010 - f6 42 4e 7f d4 07 73 05-de e7 4b 37 84 78 2d 0c .BN...s...K7.x-. 0020 - c6 d0 7b 4f 77 f5 05 01-db a9 8f 92 93 e8 dc c6 ..{Ow........... 0030 - 35 38 ba e2 36 10 95 f1-ab 7b 9a 00 10 46 fc c2 58..6....{...F.. 0040 - d8 4d 58 26 ce b1 eb db-36 8f 7a 9d 48 50 4f 73 .MX&....6.z.HPOs 0050 - 80 a8 87 9a 22 7c 99 0e-46 9c 65 ce 67 76 cc 94 ...."|..F.e.gv.. 0060 - b6 69 c7 5c c2 0b 12 9a-d3 46 62 38 19 cd 88 ac .i.\.....Fb8.... 0070 - 21 9d 11 0b 8d 42 1a ad-bf d2 0b 0f a3 39 d6 5a !....B.......9.Z 0080 - 5c 1e da bc b2 cf 16 74-e4 b9 5c 9c 87 a9 f9 2d \......t..\....- 0090 - d3 6d c4 a0 04 5a 73 27-aa 14 0d 38 a2 b2 63 dd .m...Zs'...8..c. 00a0 - 95 6b da f0 7c ed 10 fd-ee 4d 6b 9a 7d 9a 10 14 .k..|....Mk.}... 00b0 - 67 92 63 15 0d cd 2b 4d-d2 9d 9b 96 c8 58 6a eb g.c...+M.....Xj. 00c0 - c2 28 29 8b f7 de fe 92-b3 98 78 fd 04 50 d2 d8 .().......x..P.. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40B968F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIHw8oZ/xjODo5A+03AsN8Lf6HkuixfaBYW44kZHSpCYv BDDKlAnvg47uCT+NpAh60Zj6u5rfign7qCG6KyuBuIGc3G+lx30bpwaQJA7R8Vcy S5mhBgIEacEERqIEAgIcIKQGBAQBAAAArgcCBQCrS2JUswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAE89xuTGL7bDsIFk3gUgz3F0djc3gsGnRdVXp3TOkL4xo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFAaT1XFLD0QXmbTLw1CppGdJguBAMB8GA1UdIwQY MBaAFNdv2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA5/1Nd 5W94a46LaXyibAAokbL6YnuAAMd3uVugD56lWPVLJ/drSbpKNYaSGJ5oWeYUx6PA RSyoDMXb/qZYvAG0XMbooIlJMezLrR3BgiY2orELVUVbpEFGMD69C9gAfqGNtTRc Jk6huEELHG4Es/f5+HJmKGpqWown8LKrTCxTkCggFfYPC2PuRsfnSVEsDVuvSuOK LMFIz2dlmU6Lx4lTaMG8ucwmnoH30qxzS92k3TXMWYbdCfc/WzSK9ViXuVXRs/l8 uVpVbGxVwQk+TPAM2f9SylIbOErtzOE7EVX57J3KrqsckRVAKKgnPqs3A+NCRi43 VEhqRIUxrt94U2/N -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: Ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B71569FD91E3DAAA50BA382A98005945D3FADF0AC979815EA93EC23B1FF262B8 Session-ID-ctx: Resumption PSK: A0C35DB9BCF5611DF17D0BE7C29BB1DD95C80DBB12F064EFE277AF03752C7871ACB3510D00BC8C7EFC8D538388703C69 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 02 22 ab 6f 55 b3 da ba-eb a2 c9 ea 47 cb 92 b0 .".oU.......G... 0010 - c2 02 29 5d f9 e5 e0 8c-43 c0 0d b1 f1 c9 20 c4 ..)]....C..... . 0020 - 3e 0f 3f ec e9 3c 98 41-b2 b8 8f fb 8d ac 3e 13 >.?..<.A......>. 0030 - a1 83 28 1c f5 d7 ba 49-45 be 26 55 5e 4b 27 3d ..(....IE.&U^K'= 0040 - 32 87 35 f0 45 5f bc 09-f3 f9 87 a9 24 4f d6 f4 2.5.E_......$O.. 0050 - 54 59 a9 2a 41 4b 7f 7e-e1 3f 32 e3 0c 2c 6e d4 TY.*AK.~.?2..,n. 0060 - ac 57 82 b5 4c fc 37 0c-38 b5 c2 9a 0e d2 03 54 .W..L.7.8......T 0070 - 91 40 71 a6 d7 e3 99 75-10 d9 e8 19 4d 44 db 61 .@q....u....MD.a 0080 - 11 da 22 d9 e0 3c 44 29-6a 9a 19 5c 1e 66 b5 39 .."...I.b.D.....s.. 00a0 - a7 e0 7e 78 74 cc 4f db-31 af c9 e3 a9 a0 22 d8 ..~xt.O.1.....". 00b0 - 18 fc d2 59 d2 70 2a a0-6c 50 8d 89 7c 0f 5e fc ...Y.p*.lP..|.^. 00c0 - 4b 73 86 f6 66 68 e9 32-71 59 eb 5e 92 1f d5 6d Ks..fh.2qY.^...m Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0B0C72836EE91E03E1C602954874D3C973D35BAC3D2B90924AE46ECF83E59709 Session-ID-ctx: Resumption PSK: 0F6CCFBD92170437324A3F2962FB742730C58B5FF59F022A1E6549D1379422516DCAEEB8A3C7AB946BF04725FB7D7C09 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 02 22 ab 6f 55 b3 da ba-eb a2 c9 ea 47 cb 92 b0 .".oU.......G... 0010 - 8d 5e 4a 23 89 bd 75 6a-56 04 f1 c8 5c 0d 64 22 .^J#..ujV...\.d" 0020 - fb 36 1f e9 2c e8 7e 47-80 90 80 3e 2a 49 00 71 .6..,.~G...>*I.q 0030 - a8 14 14 b1 6a 14 ec 04-ad cd 38 c0 22 55 14 93 ....j.....8."U.. 0040 - 80 d8 77 d4 82 9f 6b 57-00 c0 d7 73 1c 6a a5 d6 ..w...kW...s.j.. 0050 - 47 fd 3f 68 b7 06 c9 8a-4b 21 14 ea 83 11 08 24 G.?h....K!.....$ 0060 - ee 1f ba 6a f4 6e 67 06-bf ff c9 c9 26 49 4e 6c ...j.ng.....&INl 0070 - 55 60 86 26 10 70 92 11-70 04 05 0e 03 f9 19 11 U`.&.p..p....... 0080 - 4e f9 76 eb 8d 70 32 4f-32 88 b2 b6 dc 86 a0 6d N.v..p2O2......m 0090 - fc fa 61 27 03 fb 1d bd-6a 16 dd e9 be bc 92 ce ..a'....j....... 00a0 - 95 05 41 97 f8 e6 dc 76-e4 ed 27 f7 4b 87 da 3c ..A....v..'.K..< 00b0 - 8c 27 77 5b 6f 11 cf 49-1c 75 ba 3a 74 27 bc 7b .'w[o..I.u.:t'.{ 00c0 - b4 40 42 0f d9 84 66 d5-cd 11 e5 4f d4 04 38 9b .@B...f....O..8. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 402964F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGOQh5/ZT+sv+h68Y/iyPI0SbwE3sfsygr4+yrUI+602 BDAPbM+9khcENzJKPyli+3QnMMWLX/WfAioeZUnRN5QiUW3K7rijx6uUa/BHJft9 fAmhBgIEacEERqIEAgIcIKQGBAQBAAAArgcCBQCRFv6JswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 TLS SUCCESSFUL Q Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgDc2V5e1CiK0QF06VMdq76O5oKiFtX6lm7HgTQQTj9UGdz5uiw4jpP5CHOSv7UP JWItK0og8a2GwACjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUf7f08E7j BtpzqG9KynPd4cOdTB0wHwYDVR0jBBgwFoAU12/ZhcbyV3iFQQJCorSd7Z2Z4www DQYJKoZIhvcNAQELBQADggEBAHnmGFsn0hC1LReydWLw8v/xNmS1d2gKJqmraHjW s6Ui5tOKTNt64Ug/1s5ves9zL2Ewh90RTctvTE2Ad7akw7M4T3Wn1/aUWZKWNMwp F37toDjhoGVBNagLglRAlOAhg1o6i2iSNIT3tQV8tzxW7ukTicgX/J1moNdGf6AA jMFZZ7I0fQBRNImTR2bGzBxH7rAhtxi2E9RCG3+SsSU31/zGl3U7CRuOkNoOg1PH zUufYbnKBQRyNoEMK5zCHHWwxWtwVdcc+QQc+KYw1g5xFRkhWCZpF65DG+XpyTdQ LYe+d5Thh5OqppxMFHW0rFqC2/JDBTQA1sBKS9DTbCt6dRs= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: Ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F8B23E612ADA2C05D70DCB95709D89AF2EEE4FFCD3E6834CD1A794C8D2D8D81E Session-ID-ctx: Resumption PSK: 71B20FC7B10BFA3770CE0268E6E749340ABC93F12847879D649A809CA63B6AA4A75A2CA8D60C760B16006B2C321A64E0 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - c3 62 50 37 c0 f3 9e e0-9f 3f 6f 8c 7e 86 c4 3d .bP7.....?o.~..= 0010 - 8f 05 76 d0 4f 51 52 7e-7b 50 57 dd 43 c8 0f ba ..v.OQR~{PW.C... 0020 - 9d 58 56 f3 16 17 6a 96-c8 17 0a 84 0b e1 cb 8d .XV...j......... 0030 - 31 a8 a6 65 c9 4b 8e bc-8f dd 78 8d c6 18 51 3c 1..e.K....x...Q< 0040 - 2e 27 1d 52 ae 6a 0d 4c-96 22 a4 89 a1 ab 5a fe .'.R.j.L."....Z. 0050 - 01 07 2c 7d fa ff 27 a2-5d 98 46 0e 99 3b 74 bc ..,}..'.].F..;t. 0060 - 01 80 23 ed dc 2c ff 4f-92 89 f8 02 9a da 53 1c ..#..,.O......S. 0070 - f1 66 ab 6b 63 ae 3e 38-33 94 49 05 37 ef 0a d3 .f.kc.>83.I.7... 0080 - df 42 50 cd 1b 1c 97 5c-47 c0 3e 51 43 8d 53 51 .BP....\G.>QC.SQ 0090 - b2 91 1f 8d 70 a0 05 7a-ca fd 90 2a fb e9 37 9e ....p..z...*..7. 00a0 - 9f 21 cf fd 56 5a dd e6-30 56 ca 5e ec 7c 94 78 .!..VZ..0V.^.|.x 00b0 - c8 33 d5 cd 60 b4 d7 4d-fe a1 50 7c e4 fe 89 05 .3..`..M..P|.... 00c0 - c0 ad 3b f3 6e d1 ab be-30 c9 c6 f4 7a af a1 f1 ..;.n...0...z... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FB3CB5FF805F83F69D94D1A9E83F84C672F10223252029E82428C09866729E07 Session-ID-ctx: Resumption PSK: 3DBF455D20C7C0EABD3EC47D7CD7CB3C9A293202F2527ED35C1BE3C02BD97CFB9155384FB7ECC214329F9CCF13B5AD8F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - c3 62 50 37 c0 f3 9e e0-9f 3f 6f 8c 7e 86 c4 3d .bP7.....?o.~..= 0010 - 67 7d b0 0d 7d d4 bf 18-19 5e 4b 32 59 8f 3b f9 g}..}....^K2Y.;. 0020 - 29 33 82 00 56 f7 d3 77-c5 48 bc b2 a1 90 21 ab )3..V..w.H....!. 0030 - 0c d3 b9 9c 0e be 65 26-15 9c 2f 3d da 20 6e c7 ......e&../=. n. 0040 - 00 05 59 ae 77 68 b7 a9-fd 4d 28 66 f1 43 e1 9e ..Y.wh...M(f.C.. 0050 - 67 10 c5 84 bf f2 39 8f-45 61 ff 4e bf 77 7b 0c g.....9.Ea.N.w{. 0060 - 32 be cf fd 3f bd ec 21-f6 a0 78 ad 33 c5 6e 3d 2...?..!..x.3.n= 0070 - ee 3f 5d 12 e8 c6 9a c0-95 29 b3 07 9f 85 c6 62 .?]......).....b 0080 - ff 89 82 4e f8 1b bf 0b-8a c2 94 3d 65 4a c4 33 ...N.......=eJ.3 0090 - 91 6f ff 88 34 71 a1 10-9a e4 75 f4 9e dc 1d e4 .o..4q....u..... 00a0 - 72 d8 b3 8f 7f 33 46 3a-4a f6 2a 62 25 b7 8f 2b r....3F:J.*b%..+ 00b0 - ed 0c e1 ef b9 74 9f 7e-de eb 3b c4 d0 e6 65 aa .....t.~..;...e. 00c0 - b1 d6 5a 7f f0 03 5b 8f-e1 ea 0c 9f 61 e5 6d 60 ..Z...[.....a.m` Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 405963F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIPZXjxXcC3AKvtC66s89ED4A3xYwU0IGturf5FYrGsXW BDA9v0VdIMfA6r0+xH1818s8mikyAvJSftNcG+PAK9l8+5FVOE+37MIUMp+czxO1 rY+hBgIEacEERqIEAgIcIKQGBAQBAAAArgcCBQC3pgUqswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: FEA3D0E14FE03F9EAF14F866A5416EDA517E70F99414B11889344D579AC51C62 Session-ID-ctx: Master-Key: 75F4454644BA6B6ABA8EFFE665E86465635B28AD371C062D00EF993A931879E19005D19A2FA92B4A52D9E413709E025E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 86 c8 9d be cb db 62 2d-ad b1 69 44 86 76 3d 27 ......b-..iD.v=' 0010 - d8 87 5c ca 58 e3 8c e6-82 18 15 a8 78 13 4b e3 ..\.X.......x.K. 0020 - ac 32 26 7d f4 13 62 22-29 e3 6f 2c e2 a4 83 2f .2&}..b").o,.../ 0030 - 54 2e 4a 9a c8 c9 ad 99-97 6d 88 e1 0f be 28 e9 T.J......m....(. 0040 - fc ff 47 48 b9 4d c8 57-a9 36 96 28 d3 79 50 8f ..GH.M.W.6.(.yP. 0050 - 76 d2 24 f8 d6 27 b9 b0-ec 11 f3 c8 77 c2 e6 6c v.$..'......w..l 0060 - 7e 73 36 8b 4a 20 f8 c5-85 c6 04 42 81 97 77 b8 ~s6.J .....B..w. 0070 - 30 f1 cb 5d e3 d4 0e 60-30 12 c5 cd b3 5f f3 98 0..]...`0...._.. 0080 - 63 64 ac 68 97 90 e3 a8-77 67 f0 75 bc d7 14 3f cd.h....wg.u...? 0090 - b3 61 e0 6e 5f 58 0f ee-40 12 b5 0d 80 c9 5f ab .a.n_X..@....._. 00a0 - 1f 52 be dd 19 ef f7 f6-94 a9 39 40 a9 30 04 1b .R........9@.0.. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40A96CF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDB19EVGRLprarqO/+Zl6GRlY1sorTccBi0A75k6kxh5 4ZAF0ZovqStKUtnkE3CeAl6hBgIEacEERqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 863F0ACA7AF55D77D38433FEE479E1E1254BAE93C8BE130904E61F743C26CAC1 Session-ID-ctx: Resumption PSK: 510500FA1AC5DB0537FFE86D42D8665BFD55F8CBDEFBA7DB366E25A5CBE78F168AF4F9C8CED82926DB60BD4F83AF2EAE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 99 71 95 e7 d4 64 e1 62-ac 2f 39 67 cd 82 65 1b .q...d.b./9g..e. 0010 - 47 35 e8 30 23 d5 17 fa-06 56 aa 12 28 5f 4b e7 G5.0#....V..(_K. 0020 - 02 66 74 8b ef 6c 63 f8-5d 0b 83 db e2 58 5d 16 .ft..lc.]....X]. 0030 - de 1d ec 38 40 bc f3 01-e3 8e 60 d8 ae 6a 24 a0 ...8@.....`..j$. 0040 - 95 31 8d 7c d7 b4 7d 37-1a 86 0c b1 9d 42 95 fc .1.|..}7.....B.. 0050 - 93 84 8f df a2 64 9d a0-b9 28 a0 5e 5a ce c1 4c .....d...(.^Z..L 0060 - 03 28 94 00 62 88 79 62-4c d2 ff c0 56 5f 45 49 .(..b.ybL...V_EI 0070 - cf bb 55 19 e3 7c 3e 80-86 cc d2 2e 56 c8 94 23 ..U..|>.....V..# 0080 - 65 d8 ba f8 30 e8 3f 8f-4f 11 eb 16 b7 f2 03 72 e...0.?.O......r 0090 - 09 c3 1c 2e 70 02 35 3b-69 d5 d8 f8 48 dd 3c f3 ....p.5;i...H.<. 00a0 - 2a 73 d2 27 f5 b3 99 f0-40 6b 52 0e 1c a6 17 7e *s.'....@kR....~ 00b0 - 16 11 f2 a7 9c d2 74 71-b6 b9 ad ae 8f b6 7c b0 ......tq......|. 00c0 - 98 1f 17 65 cd a8 56 8b-f4 e3 d5 e4 f7 03 5a ab ...e..V.......Z. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4434B39DE35B77075B3C3F4FD4EDAE62411EC4BB427E9D50B31D741A020723D9 Session-ID-ctx: Resumption PSK: FC090CBBABBEEF189BFAE8A1955506282D954C147DD24B23E6D671DAF223BD7E52EC2DC3D1D413D52EEE382DA0BD35FF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 99 71 95 e7 d4 64 e1 62-ac 2f 39 67 cd 82 65 1b .q...d.b./9g..e. 0010 - 9c 66 13 30 44 40 0c 62-1c 36 d7 f8 c8 82 d6 af .f.0D@.b.6...... 0020 - d2 bd 44 f3 15 99 ba a0-31 90 32 c7 82 99 48 64 ..D.....1.2...Hd 0030 - 6d 84 c3 77 0a 08 46 e8-23 fd 08 f3 2f e0 b3 c5 m..w..F.#.../... 0040 - d0 40 c9 06 27 83 79 87-cb d6 c5 07 ee 91 fc 2a .@..'.y........* 0050 - 4c 8e c1 e4 b0 3c bf a6-a1 38 84 21 5b ba 97 af L....<...8.![... 0060 - 27 f9 a4 20 f3 fc 7d 74-b6 a5 b7 ef 8c d3 9e b9 '.. ..}t........ 0070 - ee 25 52 60 35 ba 85 eb-de 97 af 2d 1a b6 b5 e4 .%R`5......-.... 0080 - a5 83 78 2a 33 35 59 90-8a 3f 32 1c 3f 47 01 b8 ..x*35Y..?2.?G.. 0090 - 18 4d 33 c2 c7 04 16 38-08 ad 53 be 01 81 8a 9c .M3....8..S..... 00a0 - 1b af ed 97 1c 4b 0d 99-16 eb b8 69 6c 04 75 50 .....K.....il.uP 00b0 - a5 20 e9 ea 66 32 b4 0c-72 39 71 43 27 e7 66 7c . ..f2..r9qC'.f| 00c0 - 29 8f 5e 2d a4 71 b5 01-a6 94 96 98 f3 e9 a1 e6 ).^-.q.......... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40696CF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEILIPSpR4wyIgdPCB8S3dx9SUV4a/WMfiWiq1KhsnvWtP BDD8CQy7q77vGJv66KGVVQYoLZVMFH3SSyPm1nHa8iO9flLsLcPR1BPVLu44LaC9 Nf+hBgIEacEERqIEAgIcIKQGBAQBAAAArgcCBQC5x9ZQswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 61F6BDAC0E211CD4A1E37E5FEDCBD0A13A6ABF8430AE90BCA48FA86F66347068 Session-ID-ctx: Master-Key: BA9A05EE4111AEAFF1555F855EA22B98BB7F5D9C51CD00D4D0AC835BDDEC0DD951D82A141D1571F8984E747D40AB1FCE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fd a8 38 31 54 21 f1 1b-2f 4c f0 8b e4 f3 85 42 ..81T!../L.....B 0010 - b9 ca e0 37 7a 7e 46 5d-af e8 01 15 d5 ff c1 64 ...7z~F].......d 0020 - df a1 fd 71 02 05 2b 2a-f6 1d f4 91 49 26 43 5a ...q..+*....I&CZ 0030 - 26 93 25 71 e7 61 e6 8a-6c 50 01 19 fb a4 d3 16 &.%q.a..lP...... 0040 - 72 10 54 84 c7 e8 b2 cb-be 2c d3 5b 90 c7 50 65 r.T......,.[..Pe 0050 - e5 e4 b5 e6 a6 86 d8 a6-38 0d 96 13 90 9a 61 b2 ........8.....a. 0060 - f5 d8 1c 2b df fb 63 91-69 85 70 83 51 06 7b 77 ...+..c.i.p.Q.{w 0070 - 79 e2 62 c4 f2 65 7a 3a-4a b1 f8 29 b5 44 7b 01 y.b..ez:J..).D{. 0080 - d3 dd 71 00 bc 6a 89 2d-10 5c 11 f8 48 a0 26 02 ..q..j.-.\..H.&. 0090 - 80 ab d6 5f db a8 99 da-a9 f4 12 1d cd 35 dc 21 ..._.........5.! 00a0 - 13 03 05 f2 62 32 87 34-68 95 4b 7b 94 77 18 5a ....b2.4h.K{.w.Z Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 407967F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDC6mgXuQRGur/FVX4VeoiuYu39dnFHNANTQrINb3ewN 2VHYKhQdFXH4mE50fUCrH86hBgIEacEERqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 TLS SUCCESSFUL Q Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1118 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: ABC3AB9737C24940044867A7A88DDB613843D7BCAA92BE95E05D32EFB14A291E Session-ID-ctx: Master-Key: AC3BD08568C4C1D143E37F7BFB6093947EF0C7E7BABC6DB9096B81D36A2582AFFBDF5D86034B3ABDAB6C3A941138007C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 97 ff 25 67 e5 60 53 b7-d9 75 d4 6b e4 4e be 61 ..%g.`S..u.k.N.a 0010 - a3 e2 5d e7 0f 22 63 bf-43 b3 05 38 48 2a de 01 ..].."c.C..8H*.. 0020 - 24 de a7 15 d1 1d a1 08-76 3d 82 df 48 95 3f 1c $.......v=..H.?. 0030 - ff dc bb 64 1e 33 dc ca-69 c4 57 c5 81 92 67 01 ...d.3..i.W...g. 0040 - 83 f7 af 9e 84 d2 a3 59-58 59 f8 79 5a 93 17 07 .......YXY.yZ... 0050 - 19 72 cd a8 3c 7b 59 fe-f5 da 21 47 15 ff 7f 13 .r..<{Y...!G.... 0060 - 68 93 03 4d 8c 59 5a 06-a2 a6 d1 ec 14 e3 a3 c0 h..M.YZ......... 0070 - 69 9e f1 7e 04 e0 cd 5a-0c 77 a4 69 fb 28 ff 4a i..~...Z.w.i.(.J 0080 - 52 69 76 df d6 7b 11 55-1d 9d 4c 91 7e 8e ee c6 Riv..{.U..L.~... 0090 - 60 a9 c3 dd c2 c5 35 ad-c7 8a 1f ef 51 87 1b 49 `.....5.....Q..I 00a0 - c5 4f fc c9 46 41 9c 63-65 ed ab 48 06 e5 d5 ab .O..FA.ce..H.... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40F961F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDCsO9CFaMTB0UPjf3v7YJOUfvDH57q8bbkJa4HTaiWC r/vfXYYDSzq9q2w6lBE4AHyhBgIEacEERqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: BD2F4108CAF62241A3C1A7A050323412ABD201EE32098BB4CC1B19872F41637E Session-ID-ctx: Resumption PSK: ACA1F6D089976A61579880AB035FF8850602FEA9E4E257F026BA87BBFFCB6B8C21B1DC41490FC4E486F53D8AE10744E2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e3 26 b5 a5 89 08 67 e5-ba 09 2a 2d 85 dc 64 84 .&....g...*-..d. 0010 - 68 7a 78 99 5c d9 a9 09-b6 4d 4e 2a 81 1e 77 c0 hzx.\....MN*..w. 0020 - 06 96 07 fa ec 81 fe 1e-77 e8 f2 c5 42 6f 54 47 ........w...BoTG 0030 - 81 2f 0b 71 1a 90 95 17-e1 81 09 0d f7 8a d5 3b ./.q...........; 0040 - 71 17 14 d5 b6 22 96 29-04 a9 6f de 83 19 a6 23 q....".)..o....# 0050 - de bb 22 7f a4 fe 65 ab-42 e0 45 37 17 7d 97 79 .."...e.B.E7.}.y 0060 - 71 6e 7e d8 f7 e9 b4 23-37 a6 19 47 ee ee 95 7d qn~....#7..G...} 0070 - 97 8e a7 6f aa 89 c9 ad-bc df 41 a0 1c 27 2f 71 ...o......A..'/q 0080 - da bd df b9 d7 2e ff ac-2d bc 92 d2 eb eb 2f c5 ........-...../. 0090 - cf d1 e8 36 86 1f 08 91-25 26 27 50 2b 9d b0 a3 ...6....%&'P+... 00a0 - 0e 17 b6 28 6f 0c 8f ac-51 6f da 61 c3 b7 e8 1c ...(o...Qo.a.... 00b0 - 3a 85 2c 7f 9c 26 97 0c-1a 17 81 f8 1d 67 3c da :.,..&.......g<. 00c0 - cf d2 98 e1 99 ee 46 67-3a b4 d0 58 dd da 9f 1b ......Fg:..X.... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 66F36C36D439BC5AC14A4A8DF85DFD6558B875210FD2625DA20565585683A9E0 Session-ID-ctx: Resumption PSK: 9F8605078117FA6ACBEC8B9CD66AF0BD178A91C729311650C00C5C9563EB1A3A48C581B9AC5B191A6B4B3D6CBCCC9DE8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e3 26 b5 a5 89 08 67 e5-ba 09 2a 2d 85 dc 64 84 .&....g...*-..d. 0010 - fe 12 15 44 fa b9 5e 05-bf 18 fb 1e 69 55 34 76 ...D..^.....iU4v 0020 - 5a e0 35 6b ab f1 c9 6a-24 e5 e1 a6 c4 ab c7 c8 Z.5k...j$....... 0030 - 89 38 45 63 6f 92 71 c4-71 09 8e f2 3a 31 8b bd .8Eco.q.q...:1.. 0040 - dc 41 2d a0 22 27 df 05-c3 b4 5d 36 9d 9f e9 d2 .A-."'....]6.... 0050 - 78 2f 68 8b e9 cd e1 e0-45 75 c9 0d eb 49 75 99 x/h.....Eu...Iu. 0060 - 59 55 89 c4 67 fc 3f a0-25 18 16 8d aa 28 a8 79 YU..g.?.%....(.y 0070 - b1 8d c1 49 cf d0 63 b5-3c 8f a5 2c b7 b4 57 cf ...I..c.<..,..W. 0080 - 34 63 1c d1 72 aa 90 a0-c7 02 b4 e3 48 9a c8 77 4c..r.......H..w 0090 - 2a d7 a1 17 7d ed 53 3c-36 61 4e 1a 72 78 fd b8 *...}.S<6aN.rx.. 00a0 - 76 4e 8f 16 13 e6 73 58-36 e1 bf fe c7 c3 c8 94 vN....sX6....... 00b0 - e9 4e ad 47 99 f2 15 17-f9 9e 8c c0 22 5f e7 aa .N.G........"_.. 00c0 - eb 90 51 31 af 15 27 a1-2f df 46 a4 ea 40 43 d4 ..Q1..'./.F..@C. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 409960F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIAYgfR4zZPcFsiYZARtXeCbHXE8T4CE3Opvc4XLNrWL4 BDCfhgUHgRf6asvsi5zWavC9F4qRxykxFlDADFyVY+saOkjFgbmsWxkaa0s9bLzM neihBgIEacEERqIEAgIcIKQGBAQBAAAArgcCBQCQU0EbswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 195AE1D175C842BE76894CABBDE6EE2699DF244E22E36573091AC45A80ED1A91 Session-ID-ctx: Resumption PSK: 07431BB926130F2ADC88BDBF2FB2FDA2DEBE61E97B78F35AE45FB48B5FF6ECC4C180C9F1A78508BCD2EB2AAE870BB9D3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 84 da 95 d7 c1 dd 74 99-52 59 7d 2b 89 10 86 81 ......t.RY}+.... 0010 - 6a a0 89 69 85 d7 ff 59-72 82 5a 0b a3 d0 e8 17 j..i...Yr.Z..... 0020 - e5 47 da 17 d0 a1 53 60-9e 80 af be ab 6e 4e 58 .G....S`.....nNX 0030 - 7a cd 47 ae d5 d7 f4 94-26 e4 a2 bd 27 8d 97 06 z.G.....&...'... 0040 - f3 37 ac 5e 9d 4b 83 55-af dd b3 6f 60 3f a9 da .7.^.K.U...o`?.. 0050 - e1 c2 c6 76 cb 29 0a 6b-ea 91 86 91 7a b0 2a cc ...v.).k....z.*. 0060 - bd c6 f4 0a bd 1b 9b 53-2e 9d 82 19 a9 21 fd 60 .......S.....!.` 0070 - 45 2f 47 6b cc f4 d6 fd-dd 09 71 43 41 b1 1b f6 E/Gk......qCA... 0080 - 36 36 87 10 bd 97 ce b3-12 3c ce 16 27 89 b5 55 66.......<..'..U 0090 - d7 b7 49 ad f4 7d e1 36-ad 83 4c 2c a8 d4 e6 fd ..I..}.6..L,.... 00a0 - 97 94 d7 a0 c7 f0 72 36-02 7e 42 41 d1 52 fb 98 ......r6.~BA.R.. 00b0 - 0d 16 41 6d c1 25 f4 dc-9b c6 3a 09 60 a8 15 11 ..Am.%....:.`... 00c0 - 9e 98 68 a7 b6 f6 ad 5f-a2 1f ed 35 e0 12 06 b1 ..h...._...5.... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B2A4AF28843D51B0AB6F1E1B8BD469E45FDA1EDD5CE9238FBB853F283762FA25 Session-ID-ctx: Resumption PSK: F426A16546D51D5FD051C22E3603D6C470F70EC61C30FC3547A71F0B316B1FF6A6F2BCD8BC0970B13C88829E9C4700C8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 84 da 95 d7 c1 dd 74 99-52 59 7d 2b 89 10 86 81 ......t.RY}+.... 0010 - a5 61 4e 96 9a 91 e0 f1-c0 0a a9 ce 45 6c 5f 92 .aN.........El_. 0020 - 22 d8 e6 c1 71 35 63 bd-78 ed 34 fb ed e8 63 48 "...q5c.x.4...cH 0030 - 2f e7 29 ee 66 3e 99 4c-2a 66 c9 a2 b0 61 11 37 /.).f>.L*f...a.7 0040 - 83 ba 74 4b b6 7e 53 bf-05 37 d8 ff 89 f3 5a 3a ..tK.~S..7....Z: 0050 - fd 77 f1 e0 c8 da 7c 8e-eb fa 30 64 2f dd 78 ec .w....|...0d/.x. 0060 - 39 63 32 88 4a c3 df 69-84 75 a3 20 92 76 55 53 9c2.J..i.u. .vUS 0070 - 54 ee d0 e5 00 5e da 66-ff c2 2b ce 41 dd c3 23 T....^.f..+.A..# 0080 - 0f cd 5b a9 2e 1b d8 ad-7d a7 99 ac c1 30 55 85 ..[.....}....0U. 0090 - 70 fa cf cb 05 f6 12 32-a8 3f 16 33 c7 28 c7 fa p......2.?.3.(.. 00a0 - 63 2b 66 70 9f 58 42 98-ca ef 7a fd 63 8c f3 fc c+fp.XB...z.c... 00b0 - 0e cc 8f 2f a6 c3 ff cb-80 88 9f ed 7f 6e 2e c0 .../.........n.. 00c0 - 1b 29 85 7d 34 f8 39 a1-8e 17 6e 33 00 16 90 74 .).}4.9...n3...t Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40E963F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIFf7Sulyizz3Jk9nFGzDa3NmlhVxZeRJQVU5PUH62V5r BDD0JqFlRtUdX9BRwi42A9bEcPcOxhww/DVHpx8LMWsf9qbyvNi8CXCxPIiCnpxH AMihBgIEacEERqIEAgIcIKQGBAQBAAAArgYCBAwHF4SzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 TLS SUCCESSFUL This TLS version forbids renegotiation. Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 23 09:13:42 2026 GMT; NotAfter: Apr 22 09:13:42 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUG5lunOIFsdvOVuWkfApBesz30x4wPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzIzMDkxMzQyWhcNMjYwNDIyMDkxMzQyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDnn3F6d4Dk2QsWG2KW kiP0I48YD8FIhHjU5Rj+v5E1kiWO8RuDQHe4iCZap18EMKQxMBQiBqxMkVhBEMd1 S7aQfgHbrH8AT2VRk7x1BTaYRAAZnZt7E0KvMUWvG9VyV+deQqPvax4CUZd/yry1 yjdZeT+xV+Sjezmzq2zsTHO1CTnXwVRPgnkhWZaGWf88jQ3GK+S2lazP9Mz6P+pb zz3UQMnQ72+3H2WQmUjuquZ3odJ0tT4t3IEBTuiULzn+t5BlTC+SiI2Fkb7feiMy NAXtOwDiWRjJxAbXCb6Y4Wg2L+6V44o4hWlgLmtV7QmS2uD6XuG+mD+5hjmPrm5K KTqRAgMBAAGjaTBnMB0GA1UdDgQWBBTlpWZXTeH7mJ+xv3//vncCBAk7tzAfBgNV HSMEGDAWgBTlpWZXTeH7mJ+xv3//vncCBAk7tzAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAd53YhFeymMeJ XAliKjCqdJGYxURv+zmb3sC5u8IkwCcuKnJAcryytf2uf9wS9YobHnJpH2Aloy5b VNTsv6sMdz3UiJk44YyY88m74OeCQPqPQ5KVHq2EuO68UnFg0ni9SXEFCg6KLHKt cIyS6wK8GRbq+SA3LTXvgQ1omz3VKtbH9/2ziaDPTKp11Dknh7nQoJ+UHionkePZ /voZIX5HmlKmw6djHImKKXDx2ykOkOYQTzYuRxkCyXVaTnTPJz05RQ5ZSvF6eFcw gDosyZbu2+NupBL8QIMznCWpiybs3BByz9KBI95bbyHD7VF/JpV+CPtm8/xd7R+n VBN+CW/grQ== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0B38967D0BD7CADF4193BE3DA8E988B694C2A9E590A8636B6BBDDE097174C950 Session-ID-ctx: Resumption PSK: 38F7280FDA400AD177E794AE2EFD06DFA631FC160595420C6FD32634F9BECDB34B765C461256B4778A41A81BC563277E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 93 e8 3e af 31 0e 18 57-dd 27 90 38 d2 6c 5f e9 ..>.1..W.'.8.l_. 0010 - bc 9b f1 22 b8 bf f5 16-4a 87 c2 71 07 26 f9 a8 ..."....J..q.&.. 0020 - fb 30 d0 7a fd f6 11 c8-4a 02 48 0a df 65 e6 88 .0.z....J.H..e.. 0030 - c8 20 ea 47 25 a7 ad 01-be 3a e1 d9 d4 4c 3f aa . .G%....:...L?. 0040 - f8 a2 f2 fc 3f d7 0c 45-da 8c ce 02 ce 6c 8c 89 ....?..E.....l.. 0050 - 16 a1 14 27 ba f2 89 1b-ba 69 ad 23 1e 60 9c 5d ...'.....i.#.`.] 0060 - c6 0d 22 98 23 ce 7f c2-db a1 80 c5 97 d0 54 58 ..".#.........TX 0070 - 3b 64 90 ca 76 f6 c3 27-4d e1 f3 55 9e 6a 53 c4 ;d..v..'M..U.jS. 0080 - e1 44 39 af 01 19 1d 90-2f 10 f8 55 c0 93 df f8 .D9...../..U.... 0090 - 32 64 e8 77 39 5b f2 c5-d1 e0 79 27 b3 3b 2e 2d 2d.w9[....y'.;.- 00a0 - c2 a0 fb 8b cf 8b 8a 0d-3f e3 79 ff 77 88 87 e6 ........?.y.w... 00b0 - 84 38 1e 49 6a 38 4d fc-63 c1 09 67 3d 61 9a 59 .8.Ij8M.c..g=a.Y 00c0 - b4 e5 75 be 19 95 f8 cd-3c f3 2c aa 02 cb af 96 ..u.....<.,..... Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3ECA527FD18A926FF8E11A9CF65744C62F43C800297AB02101E5283376BFB5EA Session-ID-ctx: Resumption PSK: 3B312AD6E914FCFD465F05C6404C235750CAC58F6CC05F32E9D80AE53A8047835C1CF5264E9F22227F437DB0CB4297A1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 93 e8 3e af 31 0e 18 57-dd 27 90 38 d2 6c 5f e9 ..>.1..W.'.8.l_. 0010 - f1 5d bf 4a 6a c8 56 2b-7b 91 ec f4 70 2b ab 3c .].Jj.V+{...p+.< 0020 - 48 13 43 ee 1e 80 08 6b-f3 86 48 fb b3 da 9e 77 H.C....k..H....w 0030 - 61 19 7d c7 95 a0 e9 26-c2 a8 5f 8c 4a e2 17 1b a.}....&.._.J... 0040 - 7e 1f 97 6e 13 bc 14 6d-cf 54 3d 3e c2 74 34 dc ~..n...m.T=>.t4. 0050 - d4 e3 28 ad f7 e2 75 54-c1 8c 8b 9e 20 79 48 bf ..(...uT.... yH. 0060 - 8b 78 e0 af e6 e6 4a e1-4e a3 cd a3 34 b6 eb 3c .x....J.N...4..< 0070 - 5f 67 d1 e2 ef c0 1e a8-4e fd 12 3b 55 7b 4f 03 _g......N..;U{O. 0080 - f7 c4 6f c0 45 ee bf 30-4f 79 9e b1 47 2f d2 57 ..o.E..0Oy..G/.W 0090 - 39 2e 6d ef b5 d5 f9 58-d1 16 9e 0f 0a c1 0f 70 9.m....X.......p 00a0 - c0 bc 65 ac a9 41 c6 33-90 6a c8 44 25 d1 e3 1b ..e..A.3.j.D%... 00b0 - c5 0b f8 fe c6 55 79 18-1d 60 a8 99 df 15 20 27 .....Uy..`.... ' 00c0 - a6 72 89 91 09 36 f6 dd-69 aa 00 ac 2c 8d 63 26 .r...6..i...,.c& Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 408962F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIGWGYz+5haf3u17fSSBJcMwGYFwrZnNwl4BjIq55pOd2 BDA7MSrW6RT8/UZfBcZATCNXUMrFj2zAXzLp2ArlOoBHg1wc9SZOnyIif0N9sMtC l6GhBgIEacEERqIEAgIcIKQGBAQBAAAArgYCBCYqGwazAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 23 09:13:42 2026 GMT; NotAfter: Apr 22 09:13:42 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUJ2bEmOmMWmhHWGD0k34eUKWq/CUwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzIzMDkxMzQyWhcNMjYwNDIyMDkxMzQyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwszNgDLFyuotuztcMIJ p/XsETACzhj0wOUi8ljkw5AFvTy70+ZvZCkKlaU1yHdUjg9WvCPs7VLQ2LV8HZX8 mAmpnm2WSNR9q2R8O7DSk9c+k/sW+7AvF0SKgqMhBJC0DQCu5Sqlrt0u61LQPnRx z9ybem14HSlJ13bp1QpABWBAlxzch40wrfR6LQXuD+QSYdzMzVeu3dMV9gk4mgVl FfR+GQYE6Qd7sUfm7Hv/3B0BlwZHbPjhnSDNeVgyIvYQ5Iap2A5lGUmDs35ddQOM 0viAdwl6Du/R4SE7QtMpnZkiR4VNdNG/gUMeBA/Bbp0CAwucY9uyXpsREcG1yrbp Hy+2x/SQD4TlUefIlbKIoV/h4gnB2hv39I//ZlH6wRQC61Y3NKX3qW587Qv4TYSz Dv55evm3X4KYZi6Kq3Sz7fUkzolDz80VFTxkfchEMKUha9oTonZoPV8d6sa5OTLv kRBnNJc3Jvx+3jrTULO2P2DITauKWhYerpd5mDcqKUZeFih2AQIDAQABo2kwZzAd BgNVHQ4EFgQUg6Z8gnUBJe4rtOWY9XMCmM8Hy6MwHwYDVR0jBBgwFoAUg6Z8gnUB Je4rtOWY9XMCmM8Hy6MwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAe1tu22KanemCnU7BT6q3HFu5nWn1H+ fSwT4SCqZBD6KcdSxgoDBQJHGKpeUZeVGDOLJcvTJQm4vQVicxgvaTEwK4JcF6VJ AjBjyw4pEyedApyIwIoI/0oFISB9HtLeJmr12k50/vFkkhtHuNluBno6B+lgt/z8 biarw9LNwybM6niG/3Od3vCndkt5vTANuYeF9sxwFJoyt8Ah3b9kAYfOg+kSpoSf qDWTBnjjdvsV3IFTMggSmfni62prrD24YnxCXhaLpxaS90MkDyNG4Jg9B0HFKX/H IAfHIXRkYs2vNNPUXssqDCTZSRvznP+sTE2OYtiQFKSJHrNCcS1E2yT/aFFwlHyt Xxf1dbo2N81XcMIjrGYTEHVRvK1kY1ia4RSnKLKBw3U4eFSgeuE72XKihz0xRlT7 P5TWIDHe/TIYyQr4UyxqZR+6MTfcFkuzonWrJoiQL4MrH9gayT/BOypkB5LAKvit NAYIMuGnYi5Dj+6cYe+4YU3zJr5cqRN7m2DJCw== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9DA823F3A363D22252109440DC5FDC64C84FF1E62EA259A38117D5025F44EC2D Session-ID-ctx: Resumption PSK: 2C83A24483672A870F21CEC8AEE30D99BD6C213FF506C1F9526F483F1B399DCF129983328497C13777C0261A85F912C3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fa 45 c4 31 5a e4 d0 e0-eb d1 28 99 4e 8d aa c6 .E.1Z.....(.N... 0010 - bb d6 11 42 ef 08 1f 38-47 f5 8b cf b3 6b 2a d6 ...B...8G....k*. 0020 - 71 56 bb 5c 24 08 a3 c0-64 07 0d 67 ac 01 fe 86 qV.\$...d..g.... 0030 - eb 06 ce a5 1b 60 81 fe-d3 8b 4e bf 9b 15 ae f7 .....`....N..... 0040 - 73 75 23 b4 ad 72 58 ba-de 97 b2 9c 4a 92 e1 62 su#..rX.....J..b 0050 - df 48 6a e7 2e 13 82 94-70 e2 16 de 1d fb b4 ae .Hj.....p....... 0060 - 1a 96 08 18 b0 e9 b9 e6-57 b1 0b ec dc a3 12 86 ........W....... 0070 - 5a d5 a6 f4 3c 1c 53 de-8c 8e 35 f6 e6 2f 28 7b Z...<.S...5../({ 0080 - f8 fb 30 cf 23 0b b7 b1-91 f0 9d 8f 6b 94 74 e7 ..0.#.......k.t. 0090 - 88 20 db 49 a1 56 66 c3-67 59 89 ca 2a a4 6c 54 . .I.Vf.gY..*.lT 00a0 - e6 d7 1a ad 76 e8 b5 b5-c7 da f4 41 67 05 18 0a ....v......Ag... 00b0 - 63 54 83 e2 e7 cb 7e ca-da b9 5b be 6e 8f d9 10 cT....~...[.n... 00c0 - ad 28 2e 2c 70 a2 d1 8e-4b 77 da c3 a6 19 f1 4a .(.,p...Kw.....J Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F94CAFC6EFC58E63DFD27EB69026203DB1D4EBE2F11D14BB3569366974631CE6 Session-ID-ctx: Resumption PSK: E05BA236449625E1FEACEA813BCD6668DDCD32541B51A5369DFC1C20BF905AFB74635BED3A30F153FC1D4D46748F1E7C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fa 45 c4 31 5a e4 d0 e0-eb d1 28 99 4e 8d aa c6 .E.1Z.....(.N... 0010 - 58 72 29 f7 57 01 90 54-16 a6 d0 f3 fa a1 55 d3 Xr).W..T......U. 0020 - 85 ae 5a 64 ce 7a a6 69-6e 2e af 87 c5 76 3a b6 ..Zd.z.in....v:. 0030 - d8 f4 83 f4 0b 04 35 1c-e6 a4 a9 d1 b9 ca df 47 ......5........G 0040 - 43 87 3e a6 b3 42 3a b5-00 a6 8e 93 21 ab 21 f2 C.>..B:.....!.!. 0050 - de 24 20 80 46 fc cd ac-82 9b 58 c4 1a e9 46 c6 .$ .F.....X...F. 0060 - f6 3e 9d 3e 65 38 8d 76-1b a9 ec ee ea 13 49 3a .>.>e8.v......I: 0070 - 77 6e 56 d5 2f 0c 3c 03-e2 38 f1 52 df c2 d8 1d wnV./.<..8.R.... 0080 - a8 d3 ee e0 12 8c 01 2b-fd dd dd 89 ee 0e 10 c8 .......+........ 0090 - 42 ea cf 4c 67 b9 21 59-84 c8 28 50 5b c8 5c 2d B..Lg.!Y..(P[.\- 00a0 - 58 47 ff a6 e2 1a 7c 2c-11 bb 5c f8 f5 3d f4 71 XG....|,..\..=.q 00b0 - 80 b7 c5 dd dc f5 4f 87-21 12 bc be 0e bd 45 af ......O.!.....E. 00c0 - c2 9b 79 ad 79 6f b0 8b-51 ba 65 d3 e1 f5 35 15 ..y.yo..Q.e...5. Start Time: 1774257222 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C95DF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEINnqOvaRslYg/a13SfAns+uDdnwd9bkE1hisZAeEHp+W BDDgW6I2RJYl4f6s6oE7zWZo3c0yVBtRpTad/Bwgv5Ba+3RjW+06MPFT/B1NRnSP HnyhBgIEacEERqIEAgIcIKQGBAQBAAAArgYCBFW6RXGzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1002 bytes and written 391 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9B3591CC96E0306600AE5A7C71F36448FC5464F2386EA97FA217111CA61B2FC1 Session-ID-ctx: Resumption PSK: 7D15125875C6E0E402158DE1EBD6181D3528620431581667969E7F0671EF21E9A63CA03C04EE4299FBAF967AB6AF10DF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - de 37 59 a4 a1 b8 d7 0c-5e 63 b8 b8 56 76 7f 4b .7Y.....^c..Vv.K 0010 - 20 f4 0b 99 30 f7 a4 27-a2 d0 20 0d ad 69 f2 33 ...0..'.. ..i.3 0020 - 4d f3 8e f6 60 53 6b 03-bf ef 84 af d9 82 86 42 M...`Sk........B 0030 - d3 3f 0c 7c e1 25 e9 8f-60 53 b4 c6 83 f5 a6 38 .?.|.%..`S.....8 0040 - 34 02 d2 98 92 8f 56 fc-70 fe 6a bc ef ee 45 40 4.....V.p.j...E@ 0050 - 3b 83 70 4c e6 4e 2c 35-08 00 3b 6b d0 f5 55 0c ;.pL.N,5..;k..U. 0060 - 92 68 53 75 77 a9 ff f7-d5 6c e8 06 bd fb 7a 91 .hSuw....l....z. 0070 - 1d 4e e9 bb 45 6f 8c 25-7f ac e7 63 99 ac 6f 5e .N..Eo.%...c..o^ 0080 - c5 24 53 d6 1e cd 76 25-3f 14 37 88 96 72 aa 89 .$S...v%?.7..r.. 0090 - 8b 68 20 94 21 09 9b 24-e6 0c ea b7 d5 cf ed 87 .h .!..$........ 00a0 - 32 4a c1 cf 64 ac 63 07-37 25 bf db 86 ec d8 f8 2J..d.c.7%...... 00b0 - b3 12 cb 6e 7d d0 ab 8f-17 60 b5 81 d0 13 c8 0d ...n}....`...... 00c0 - 85 39 12 2b 97 84 c3 d8-81 a8 10 72 2c 60 6f a7 .9.+.......r,`o. Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 23477755F70BD61F9F9F550276658754B572E6BA252443A38725CABB4EBA7844 Session-ID-ctx: Resumption PSK: DB78C66D4485D8C99604F6E6D0F304BC431864BF092171664F585ACBBEA5C210B416ABDF655F3E11D8CB570D6F66B81A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - de 37 59 a4 a1 b8 d7 0c-5e 63 b8 b8 56 76 7f 4b .7Y.....^c..Vv.K 0010 - ca 60 c9 f2 da cf dd f3-d9 c8 2c 69 3e 8b 6f e6 .`........,i>.o. 0020 - 7e 3f 44 68 3e 6e ed 76-fe ba 4d 2e 54 0a 98 e8 ~?Dh>n.v..M.T... 0030 - df 16 d2 0b 5c 88 b7 77-cf 54 fe bf 75 10 51 03 ....\..w.T..u.Q. 0040 - ec fc eb a3 83 6f 06 9c-65 0b 84 64 1f a6 dc 45 .....o..e..d...E 0050 - cc 9d 58 fb 1c c0 f8 72-78 8e 1e 1a 9c 71 22 af ..X....rx....q". 0060 - 92 e2 77 d5 ea 42 f4 6e-26 fd d8 67 45 a6 b2 6f ..w..B.n&..gE..o 0070 - cc 26 cf 42 f5 de 44 34-25 2a 71 34 cd 3b f4 55 .&.B..D4%*q4.;.U 0080 - d0 37 e7 71 fa e5 d2 23-8f 21 1f df e3 a6 ed bb .7.q...#.!...... 0090 - d6 38 89 3a f5 6f 6b e1-39 d2 c9 b6 3d d2 9e 43 .8.:.ok.9...=..C 00a0 - 6f 3e 05 f8 2e a0 fa 51-a5 d4 f5 7c 18 c0 47 79 o>.....Q...|..Gy 00b0 - ca f8 4a a6 66 9c 8a 7e-a8 81 43 3b 3d 21 18 25 ..J.f..~..C;=!.% 00c0 - 2a 57 51 b4 50 29 47 b2-f2 25 43 e9 70 45 8a 2b *WQ.P)G..%C.pE.+ Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40696BF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIB/ws6UfIKW1uYta3hc6zaq8HZXxf+izXlhabfpd1tKG BDDbeMZtRIXYyZYE9ubQ8wS8QxhkvwkhcWZPWFrLvqXCELQWq99lXz4R2MtXDW9m uBqhBgIEacEER6IEAgIcIKQGBAQBAAAArgYCBDNpgGyzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAE89xuTGL7bDsIFk3gUgz3F0djc3gsGnRdVXp3TOkL4xo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFAaT1XFLD0QXmbTLw1CppGdJguBAMB8GA1UdIwQY MBaAFNdv2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA5/1Nd 5W94a46LaXyibAAokbL6YnuAAMd3uVugD56lWPVLJ/drSbpKNYaSGJ5oWeYUx6PA RSyoDMXb/qZYvAG0XMbooIlJMezLrR3BgiY2orELVUVbpEFGMD69C9gAfqGNtTRc Jk6huEELHG4Es/f5+HJmKGpqWown8LKrTCxTkCggFfYPC2PuRsfnSVEsDVuvSuOK LMFIz2dlmU6Lx4lTaMG8ucwmnoH30qxzS92k3TXMWYbdCfc/WzSK9ViXuVXRs/l8 uVpVbGxVwQk+TPAM2f9SylIbOErtzOE7EVX57J3KrqsckRVAKKgnPqs3A+NCRi43 VEhqRIUxrt94U2/N -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: Ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C9498188983E53CCD81B30ECBC352349F5248AF000413677490EC98AAC1B896B Session-ID-ctx: Resumption PSK: 8DCBE3EFF27281E881F73A1B2C8F546EA467871F7D2BA8FAFA38800604D6E2EA7F58D90861F735D3EAA2A4F2DE465BB6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 81 fa 81 58 88 23 d3 15-91 4d f4 34 6d 80 d5 cf ...X.#...M.4m... 0010 - 78 5e 3f 56 8b ff 78 bb-23 7b 0b f1 93 cc f5 38 x^?V..x.#{.....8 0020 - ec b1 dd 43 66 47 b1 e0-b6 1c 37 ff 8a 51 0e 90 ...CfG....7..Q.. 0030 - c3 8f e7 44 85 e4 55 0d-ff 8e 7e e7 db 5b b5 73 ...D..U...~..[.s 0040 - 6a 8b ee 39 e0 66 6f 0b-c4 11 1a 7f 6f 81 11 f7 j..9.fo.....o... 0050 - 6a 00 cd f7 d6 6d 10 63-d4 0c 77 cc 7a f1 15 71 j....m.c..w.z..q 0060 - 27 bd db 48 e6 6a 6b bc-bf 4f 79 71 63 23 f2 29 '..H.jk..Oyqc#.) 0070 - 2e 36 6e ba 1c 59 4a 48-88 89 cc fb 2d c3 b4 ca .6n..YJH....-... 0080 - 24 c8 c1 21 eb 66 52 09-e7 eb 0b 6c 6a 9f 7d 11 $..!.fR....lj.}. 0090 - c3 f6 2d 95 41 fd 51 6e-37 af 0a 58 63 4f d8 8b ..-.A.Qn7..XcO.. 00a0 - bb a9 89 15 00 4d 66 c0-46 67 16 60 12 88 d6 73 .....Mf.Fg.`...s 00b0 - c6 66 5a 8e 67 8e b1 17-b8 71 dc 0d f8 6c 6d c7 .fZ.g....q...lm. 00c0 - 79 fb 53 4a f9 b2 d1 2f-ef 8a 5e e0 9c 42 0a cc y.SJ.../..^..B.. Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9564C0255D9A09113577484619FA62537605F5EBA7AD94BF0AF4D1CD94557361 Session-ID-ctx: Resumption PSK: 7608ED751C41E6F26045A9C6A369DAD4DAB1707CD7FD5A5F01667C8EA43E7F1E1E58D32C80A1FE3C567DEC666A9FEB9D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 81 fa 81 58 88 23 d3 15-91 4d f4 34 6d 80 d5 cf ...X.#...M.4m... 0010 - dc 7f b5 e6 72 ef 58 81-d8 e0 3c 63 9e ba 78 83 ....r.X........R.E6.@!\d4 00c0 - 60 ed 27 c6 ea ac cf bb-ae 41 8a ce 0e a8 b7 fe `.'......A...... Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4CEF77DFD2ED0798C42382B15DD868BD7C3FA4744F8A9D4244B5F7DBE067204D Session-ID-ctx: Resumption PSK: 0ABE2D04565BAA79ADDADB841EE15BE4002B6004695DA975C1364C1C55207D9EF27CEA02D329B9B0F5AB03B2AD09625A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 7a fa f2 bf 30 42 b5 86-2a 5d f6 e7 b2 af ac 1b z...0B..*]...... 0010 - d2 ba 27 5d 23 ba 5a cd-c0 9f df 66 b1 78 8a 9a ..']#.Z....f.x.. 0020 - 92 e0 d1 54 01 80 86 ad-02 f7 50 18 e1 e2 41 17 ...T......P...A. 0030 - f3 9d 74 53 d3 f1 c1 49-13 b7 50 87 9d 2d 8f 71 ..tS...I..P..-.q 0040 - 5c dc 58 ef ac e6 2d df-28 5e 05 eb a1 e4 0e 3e \.X...-.(^.....> 0050 - 15 db e5 21 5b 71 62 74-b6 50 ae 39 b4 9b bc 48 ...![qbt.P.9...H 0060 - 5b ba bc 39 be 5b 6c 2c-d3 21 9f 12 35 7e 82 36 [..9.[l,.!..5~.6 0070 - 47 39 9d cb 7d e5 a7 86-72 d0 1f c8 d0 c9 8f e6 G9..}...r....... 0080 - c2 64 d3 d1 95 16 47 6d-be 91 b8 8a 1f 8c dc 3f .d....Gm.......? 0090 - 02 ce ba 18 3d c2 4e 2b-d5 b3 26 f8 ec 07 9e c2 ....=.N+..&..... 00a0 - d7 db 2c 65 84 89 fa 10-7f 84 fc 3b 6e 0b 3c f3 ..,e.......;n.<. 00b0 - 55 7e b2 f7 7e 01 80 ce-7f e3 8a d3 fe df 59 19 U~..~.........Y. 00c0 - 6b d3 0f f0 22 9f a6 90-50 5d 4a f6 ee 33 07 83 k..."...P]J..3.. Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40D965F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIA+pdiEKSE6buTGNux9nFlmzfiW3U44/X3dA2X+Hm4aL BDAKvi0EVluqea3a24Qe4VvkACtgBGldqXXBNkwcVSB9nvJ86gLTKbmw9asDsq0J YlqhBgIEacEER6IEAgIcIKQGBAQBAAAArgYCBF9Bk5ezAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 003AC28217AFA5C9E8ECE1AB335130DA03224B124180CE78B150EB0FD60128F7 Session-ID-ctx: Master-Key: C39076D0CAF32A4FDD7961C3132201E416C50F94FBA11BDEDCB398CEAF92A0C1C76FDCB29647792577893EFA7D4B02CC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d2 e8 ef 06 29 4a b7 7b-a4 04 60 4e 15 68 07 68 ....)J.{..`N.h.h 0010 - dc d1 aa dc b2 f4 1f 76-83 fc b4 24 32 17 aa 69 .......v...$2..i 0020 - f2 b1 65 88 16 21 59 aa-e7 9e e6 02 3b 90 40 ac ..e..!Y.....;.@. 0030 - 9c 30 c3 a4 72 64 ce 1f-57 58 c5 a3 a5 01 b1 7e .0..rd..WX.....~ 0040 - 84 45 8b 41 8a 45 45 86-73 75 82 45 a0 25 80 53 .E.A.EE.su.E.%.S 0050 - c8 0a a4 56 fc 76 ec 5a-41 17 80 e0 ab 92 a0 3b ...V.v.ZA......; 0060 - 09 9b e0 a1 fd 72 b6 aa-2d b3 6b e2 42 a9 2f 07 .....r..-.k.B./. 0070 - 90 8d 5d e2 f0 8f 2d f1-d5 19 09 95 0d 25 0f d5 ..]...-......%.. 0080 - 0b f8 fb 3f 61 31 dc fa-e3 f8 47 f6 c7 f7 47 94 ...?a1....G...G. 0090 - 7c 4a 6a 03 cc 00 34 72-ad 5d 66 9f 60 ba ad 39 |Jj...4r.]f.`..9 00a0 - f4 b2 16 63 fc 4b 92 ed-31 34 f9 f5 35 ef 59 57 ...c.K..14..5.YW Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40F96BF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDDDkHbQyvMqT915YcMTIgHkFsUPlPuhG97cs5jOr5Kg wcdv3LKWR3kld4k++n1LAsyhBgIEacEER6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKYIBPI8FXqB41QkdE2YwQGMMzLOYm2x/DDv ZBM1RpDEsnyhmUlXXsauiB6Tu46+9pUnbw7UBhNBrZgCPhdID3FryuZc1aMBshmB F+f0QrM3RArVOpMdXJr4m4h+tiH1u8RqJVuArkqLoioG9lodx1jfIjNtvL7AjMxn 41ebPvnDvVcP/d+3D2rIojQZhaI87jpqqu3SjXWnCBzDOUgBiq9YM0pXpTwoj355 apfgEA0XhUmQWiCBB1m5lG2PK1I8eq8v6LOXBfJfL+avPqji16ALDKfJLBbsm8Xz vkzeP28FBIhUooTGuuV0sFmGxZF0aVuxsGxy3/z2yhlMFCIppckCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRb6ovCiIzwjQFnEmN09aTrRakeaDAf BgNVHSMEGDAWgBTXb9mFxvJXeIVBAkKitJ3tnZnjDDANBgkqhkiG9w0BAQsFAAOC AQEAKW9hH2itf/PySnb+PZAAINdkfDnnrwAHokslvlzsq6GnEyi//youiFYDStOM qUbkOlUxqpEIFbnxbk2MMGkg4QvLh5BbcjhwVdStqfHsqUIqXP/GciW3mdO+Q+qr k/JZlBIZRwiyPLA1L1Tuq/XTAA50NxaMZQrVBxPSDN7n/kfNR5K6jOgvuM7qkb0w XJtgHns2VtlaPGSvFDL4Kr4tTQbvquuhzMEPzoL3X/fvflgL3eyub8GjwmzCgT5r jziQrY9c/AgAGlUI3lfmdjlVdkkIOub7LbJ8h/9/84TXR6ct1bfKVenm/HMaTyHO qNj7I9KuaK4eBJhbeETg3F+SIw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3DE53D671C160A3F7AA0DD4B394EBC9E213B558C2C862D1D7A533ABB4A5B9CA6 Session-ID-ctx: Resumption PSK: 6A2816D3FB866D9DEE901B3152220EDF3D2EF0F9EBC547418578B0BE79DC1AA6C9E993D348C02512165F8CD9C603E372 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 53 df e5 8c 30 8e 18 6b-69 6c 1d 75 8c 04 a3 d5 S...0..kil.u.... 0010 - ef 3d c4 aa 3e cc 19 31-58 44 57 5b 8e 97 54 a3 .=..>..1XDW[..T. 0020 - 87 48 8c f1 92 ec 97 c5-ec 4c b4 7e b4 87 96 88 .H.......L.~.... 0030 - f0 31 1e 57 5a a5 bc 83-3d 58 59 b5 f0 75 3d bf .1.WZ...=XY..u=. 0040 - a9 48 35 bb 15 4a 05 90-37 a5 9a fc df 26 78 ed .H5..J..7....&x. 0050 - f3 67 c8 90 00 00 59 b5-2b a2 a6 28 d0 4f d7 19 .g....Y.+..(.O.. 0060 - 43 99 b6 5d f9 de fb 05-ba 2f 7f a3 8a 86 bc fe C..]...../...... 0070 - 35 9d 2e 03 53 62 fd ac-d2 7e c7 7f 37 af bf cb 5...Sb...~..7... 0080 - 82 cf 2f f3 b0 64 44 99-52 22 e0 25 c3 16 58 6a ../..dD.R".%..Xj 0090 - 60 ca 08 35 43 69 63 da-b4 8a b7 4d 1a 9d be 1f `..5Cic....M.... 00a0 - 53 2e 4a 97 54 1f 70 ac-b8 33 75 f5 be 3c 78 16 S.J.T.p..3u.........p..Zd... 0080 - 0d e7 02 a6 74 50 ab cc-c4 16 9d 4e 45 12 6c 2c ....tP.....NE.l, 0090 - 49 03 e7 f8 04 9a c3 94-0a 92 b5 f3 0b 3e 63 97 I............>c. 00a0 - 07 38 5e 29 ea f9 86 7e-30 b8 14 09 e6 39 0e 32 .8^)...~0....9.2 Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 40195DF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDCqvbDF2J1HdAn68fChhLArApDL8Q656Su9VGR7FTzh UtZh/dByoH8eo07TEKRgstShBgIEacEER6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 TLS SUCShared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CESSFUL CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Q Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: ED4297499189BBAB06172C37AFA23B43614C1A3397865A9417A03381952D0E5A Session-ID-ctx: Master-Key: 1B3F1B426DAD79CEB97A541881282DFE7A0AA920EB36B402F2C8C001DCFCF40C1B743388E77A9C40E2E5EDCF4E3F1FF9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - db 4f d0 6f 52 46 32 2d-d9 77 11 39 b7 5e 29 21 .O.oRF2-.w.9.^)! 0010 - bb b7 b8 ec e0 cb 3d 60-67 82 c5 0d d4 bf 87 b9 ......=`g....... 0020 - 7d 1a 2a 9c ca bc 55 e3-2e 43 5d 31 d0 04 aa 13 }.*...U..C]1.... 0030 - 99 95 78 b1 e8 82 8a 13-bd fe 91 6b 95 b0 6c e3 ..x........k..l. 0040 - 14 ca a0 bf 5e 34 32 08-2f 5a c9 3d 35 de 15 54 ....^42./Z.=5..T 0050 - 54 51 23 52 8e 28 7b 33-bf 14 8d 19 c0 3b 68 4f TQ#R.({3.....;hO 0060 - c6 d0 a7 9a 2c f5 87 c6-af 19 f3 3a fd 48 63 3b ....,......:.Hc; 0070 - 3c 97 ab 0b 1c a3 21 bb-5c fb 69 8b 60 67 9f fb <.....!.\.i.`g.. 0080 - df 72 b9 01 a9 92 57 25-b1 8d 91 fa 6c 3f df 14 .r....W%....l?.. 0090 - 24 08 06 6b 69 1e 60 c0-ec 7a 86 ab fe cb f1 70 $..ki.`..z.....p 00a0 - ea da 6c 22 66 f2 f5 a3-15 ee 1b 3c 8d 7c 06 05 ..l"f......<.|.. Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 401969F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDAbPxtCba15zrl6VBiBKC3+egqpIOs2tALyyMAB3Pz0 DBt0M4jnepxA4uXtz04/H/mhBgIEacEER6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 TLS SUCCESSFUL Q Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 23 09:13:22 2026 GMT; NotAfter: Mar 23 09:13:22 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzIzMDkxMzIyWhcNMjcwMzIzMDkxMzIyWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQH9G9He/3eOL/sVpRaT9gco/9OT5ba8dmUSxnMP7U3Wn+J 7szhF1dH7nYF/LmtREckg6df0l5x0Cq6EE/J1w9vo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFEZuZ47o5henj0tO2nxpYdbNRAxpMB8GA1UdIwQYMBaAFNdv 2YXG8ld4hUECQqK0ne2dmeMMMA0GCSqGSIb3DQEBCwUAA4IBAQA2KVSgvQzndU3P AFVnzZD47O5of1iV1ArD14DTbeKzhpPXoWkM6cycOiFgnH9fXQLelOxMC1G0si6K ayzYPL/PGOrCaAEFeiJXeyYr8/djw+p2DS/J8FImVDvH5vFv0t9dQOAmhRuWspny ExZ5KoHGEQaDARam9WU95GUVLn6M+/1///Q2bEf+pkeaxyXU0/CK1MgrDugGeuhE zcGn/9uTlxUhCLizlihGzOSScTT8+5Z/oaz6XUbGpXv9J/D5QWAFw/bBAviG4GUI fn2N1B8TSnVQeK7HZ5Pyrb5FeaehkVTTLGh8HhmaZr/vmSX05B1k5mPF8RJFfOuY wKSmQ/ia -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 5DD12AE0C36F455D190D0C8E22793E49F020D47DB865F7593C98E2C2C9F53A2C Session-ID-ctx: Resumption PSK: 5EE01F531F33B3ED2B9D76C9E928F3C1C8B5DE5B8B4B622236492E8571F9D631A8CACCC8CA188D8D1511BBF4DAC2E59C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ad b6 3c 92 9d e7 a9 2c-e5 f8 dd 92 8c 3a bf 0c ..<....,.....:.. 0010 - 08 58 89 68 b9 f1 75 0c-bb 0f ff 15 db 54 b9 07 .X.h..u......T.. 0020 - 31 ee 2b 8b ab f2 73 c6-23 46 fd 97 df e3 c3 0f 1.+...s.#F...... 0030 - c1 2b 96 d5 95 29 77 10-12 0d c0 f3 99 b9 58 fb .+...)w.......X. 0040 - 57 65 e3 c3 56 4f 45 5d-33 cc ab 4a f4 6a 3f 8e We..VOE]3..J.j?. 0050 - 5f 6c 04 36 db bd a7 28-2a 31 b2 d0 f1 d0 62 5d _l.6...(*1....b] 0060 - a5 35 e1 21 b1 fd de 8f-c9 b2 e7 30 83 77 21 8c .5.!.......0.w!. 0070 - f3 40 af 61 15 e2 23 50-c4 70 34 b9 f0 04 20 46 .@.a..#P.p4... F 0080 - ae e3 9b 78 63 cf 95 72-22 62 30 f8 1f 32 d6 78 ...xc..r"b0..2.x 0090 - 11 3d 9d e8 ca da 54 df-91 a8 b0 bc f9 c2 66 4f .=....T.......fO 00a0 - 44 ab dd 66 06 2b 06 cf-56 e2 42 de 10 14 1b 7e D..f.+..V.B....~ 00b0 - ac 70 76 ec 7e a6 f8 0b-f3 8d f2 81 4b 0a df ad .pv.~.......K... 00c0 - 55 46 6f 21 7f d5 77 12-9a c3 4b 42 c4 ef c2 2c UFo!..w...KB..., Start Time: 1774257223 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 914D969F97ED1B96B1FF1690825503C2AF167C599880357F70C717605E26A026 Session-ID-ctx: Resumption PSK: 0666FE01891348670680517E9D10191AC5D6645CAAF8D803337ECDF70802B6A15E0CFEBA4D40E44905CBA397AB4A7C54 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ad b6 3c 92 9d e7 a9 2c-e5 f8 dd 92 8c 3a bf 0c ..<....,.....:.. 0010 - 17 b3 72 ee 03 28 71 e4-58 9a f4 b8 e3 a3 46 3c ..r..(q.X.....F< 0020 - 9b 48 17 fc 61 d3 35 f8-cd 8c 93 01 24 c9 31 b1 .H..a.5.....$.1. 0030 - f9 a8 55 44 62 d9 de 49-ad 95 7d 8d ec 01 15 16 ..UDb..I..}..... 0040 - a9 3c 28 29 20 a1 80 79-3f 0b d9 68 23 32 4f 8e .<() ..y?..h#2O. 0050 - 5b 9a 91 ba 01 69 28 2f-c2 6c 85 4b 03 53 c6 63 [....i(/.l.K.S.c 0060 - 3e e1 6d 42 43 be 9b 1d-69 ac df 8b 5e 12 0c 41 >.mBC...i...^..A 0070 - ec 38 86 fd 2c 69 e5 5e-fe 3d 4d 0a 11 3c 44 5a .8..,i.^.=M..>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=48 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.01s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=231 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.01s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=71 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.01s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=101 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.01s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> MALLOC_PERTURB_=245 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.01s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=26 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.01s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=226 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.01s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=97 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%04%69%F5%4C%39%28%AE%F2%E6%40%12%31%CC%CD%99%72;object=Test-Ed-gen-0469f54c;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%13%B8%E3%8E%6D%72%44%68%DF%46%A9%83%CA%5A%E5%D2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%11%BB%74%E1%7D%78%66%8B%DD%63%2E%A8%A0%13%0E%C1;object=Test-RSA-Key-Usage-11bb74e1;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%C5%DA%5E%C0%0A%A3%AC%BF%F1%5D%53%4D%1C%8C%AB%09;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%B2%95%E0%73%90%5E%38%53%1A%8E%76%04%C7%B0%7D%E1;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%37%E8%06%AD%5B%69%46%B3%75%3F%23%00%84%0A%8D%3B;object=Test-EC-gen-37e806ad;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%F7%45%6A%5B%9A%39%E5%F6%7E%CC%1F%B6%CD%26%75%79;object=Test-Ed-gen-f7456a5b;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%72%8B%82%D9%EA%1A%36%FA%CF%D7%16%11%16%D9%83%B9;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%CB%66%6E%31%33%B5%2D%1F%E9%19%66%44%EF%FF%C8%5D;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%B9%58%F0%D5%EF%6C%EC%4C%62%9D%D4%1B%D1%57%52%75;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%BC%01%51%AF%53%9A%21%6D%14%C7%E4%81%13%FB%7F%EB;object=Test-RSA-PSS-gen-bc0151af;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%F3%5F%D9%84%A2%D6%C8%7C%94%33%F3%4F%F5%DA%4C%03;object=Test-RSA-gen-f35fd984;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=31b036afc510d43a;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=31b036afc510d43a openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%00%11 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=testRsaPss2Cert openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 1.32s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=32 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.01s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> MALLOC_PERTURB_=91 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.01s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=249 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.01s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> MALLOC_PERTURB_=58 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.01s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=219 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.01s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=93 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.01s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=149 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.01s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=168 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.01s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> MALLOC_PERTURB_=192 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.01s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-i686-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/i386-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_i386.deb'. dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_i386.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_i386.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_i386.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/121922 and its subdirectories I: Current time: Sun Mar 22 21:13:49 -12 2026 I: pbuilder-time-stamp: 1774257229