I: pbuilder: network access will be disabled during build I: Current time: Tue Feb 18 16:50:53 +14 2025 I: pbuilder-time-stamp: 1739847053 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: using eatmydata during job I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/34481/tmp/hooks/D01_modify_environment starting debug: Running on ionos2-i386. I: Changing host+domainname to test build reproducibility I: Adding a custom variable just for the fun of it... I: Changing /bin/sh to bash '/bin/sh' -> '/bin/bash' lrwxrwxrwx 1 root root 9 Feb 18 02:51 /bin/sh -> /bin/bash I: Setting pbuilder2's login shell to /bin/bash I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other I: user script /srv/workspace/pbuilder/34481/tmp/hooks/D01_modify_environment finished I: user script /srv/workspace/pbuilder/34481/tmp/hooks/D02_print_environment starting I: set BASH=/bin/sh BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="12" [1]="0") BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="i686-pc-linux-gnu") BASH_VERSION='5.2.37(1)-release' BUILDDIR=/build/reproducible-path BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' BUILDUSERNAME=pbuilder2 BUILD_ARCH=i386 DEBIAN_FRONTEND=noninteractive DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=10 ' DIRSTACK=() DISTRIBUTION=trixie EUID=0 FUNCNAME=([0]="Echo" [1]="main") GROUPS=() HOME=/root HOSTNAME=i-capture-the-hostname HOSTTYPE=i686 HOST_ARCH=i386 IFS=' ' INVOCATION_ID=fe424084ccb94f888f815181b7cbfcb0 LANG=C LANGUAGE=de_CH:de LC_ALL=C LD_LIBRARY_PATH=/usr/lib/libeatmydata LD_PRELOAD=libeatmydata.so MACHTYPE=i686-pc-linux-gnu MAIL=/var/mail/root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path PBCURRENTCOMMANDLINEOPERATION=build PBUILDER_OPERATION=build PBUILDER_PKGDATADIR=/usr/share/pbuilder PBUILDER_PKGLIBDIR=/usr/lib/pbuilder PBUILDER_SYSCONFDIR=/etc PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=34481 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix SHLVL=3 SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.2wB8ffzu/pbuilderrc_XADT --distribution trixie --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.2wB8ffzu/b2 --logfile b2/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID=112 SUDO_UID=107 SUDO_USER=jenkins TERM=unknown TZ=/usr/share/zoneinfo/Etc/GMT-14 UID=0 USER=root _='I: set' http_proxy=http://46.16.76.132:3128 I: uname -a Linux i-capture-the-hostname 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Nov 22 14:40 /bin -> usr/bin I: user script /srv/workspace/pbuilder/34481/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: i386 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19795 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 48.5 MB of archives. After unpacking 175 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian trixie/main i386 libpython3.13-minimal i386 3.13.2-1 [859 kB] Get: 2 http://deb.debian.org/debian trixie/main i386 libexpat1 i386 2.6.4-1 [107 kB] Get: 3 http://deb.debian.org/debian trixie/main i386 python3.13-minimal i386 3.13.2-1 [2266 kB] Get: 4 http://deb.debian.org/debian trixie/main i386 python3-minimal i386 3.13.1-2 [27.0 kB] Get: 5 http://deb.debian.org/debian trixie/main i386 media-types all 10.1.0 [26.9 kB] Get: 6 http://deb.debian.org/debian trixie/main i386 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian trixie/main i386 tzdata all 2024b-6 [257 kB] Get: 8 http://deb.debian.org/debian trixie/main i386 libffi8 i386 3.4.6-1 [21.2 kB] Get: 9 http://deb.debian.org/debian trixie/main i386 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian trixie/main i386 libreadline8t64 i386 8.2-6 [173 kB] Get: 11 http://deb.debian.org/debian trixie/main i386 libpython3.13-stdlib i386 3.13.2-1 [1985 kB] Get: 12 http://deb.debian.org/debian trixie/main i386 python3.13 i386 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian trixie/main i386 libpython3-stdlib i386 3.13.1-2 [9952 B] Get: 14 http://deb.debian.org/debian trixie/main i386 python3 i386 3.13.1-2 [28.0 kB] Get: 15 http://deb.debian.org/debian trixie/main i386 libproc2-0 i386 2:4.0.4-7 [66.0 kB] Get: 16 http://deb.debian.org/debian trixie/main i386 procps i386 2:4.0.4-7 [876 kB] Get: 17 http://deb.debian.org/debian trixie/main i386 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian trixie/main i386 libmagic-mgc i386 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian trixie/main i386 libmagic1t64 i386 1:5.45-3+b1 [115 kB] Get: 20 http://deb.debian.org/debian trixie/main i386 file i386 1:5.45-3+b1 [43.2 kB] Get: 21 http://deb.debian.org/debian trixie/main i386 gettext-base i386 0.23.1-1 [245 kB] Get: 22 http://deb.debian.org/debian trixie/main i386 libuchardet0 i386 0.0.8-1+b2 [69.2 kB] Get: 23 http://deb.debian.org/debian trixie/main i386 groff-base i386 1.23.0-7 [1199 kB] Get: 24 http://deb.debian.org/debian trixie/main i386 bsdextrautils i386 2.40.4-3 [96.2 kB] Get: 25 http://deb.debian.org/debian trixie/main i386 libpipeline1 i386 1.5.8-1 [41.2 kB] Get: 26 http://deb.debian.org/debian trixie/main i386 man-db i386 2.13.0-1 [1428 kB] Get: 27 http://deb.debian.org/debian trixie/main i386 libtext-charwidth-perl i386 0.04-11+b4 [9656 B] Get: 28 http://deb.debian.org/debian trixie/main i386 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian trixie/main i386 ucf all 3.0049 [42.5 kB] Get: 30 http://deb.debian.org/debian trixie/main i386 m4 i386 1.4.19-5 [301 kB] Get: 31 http://deb.debian.org/debian trixie/main i386 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian trixie/main i386 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian trixie/main i386 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian trixie/main i386 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian trixie/main i386 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian trixie/main i386 libtool all 2.5.4-3 [539 kB] Get: 37 http://deb.debian.org/debian trixie/main i386 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian trixie/main i386 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian trixie/main i386 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian trixie/main i386 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian trixie/main i386 libelf1t64 i386 0.192-4 [195 kB] Get: 42 http://deb.debian.org/debian trixie/main i386 dwz i386 0.15-1+b1 [116 kB] Get: 43 http://deb.debian.org/debian trixie/main i386 libunistring5 i386 1.3-1 [458 kB] Get: 44 http://deb.debian.org/debian trixie/main i386 libicu72 i386 72.1-6 [9582 kB] Get: 45 http://deb.debian.org/debian trixie/main i386 libxml2 i386 2.12.7+dfsg+really2.9.14-0.2+b1 [734 kB] Get: 46 http://deb.debian.org/debian trixie/main i386 gettext i386 0.23.1-1 [1714 kB] Get: 47 http://deb.debian.org/debian trixie/main i386 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian trixie/main i386 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian trixie/main i386 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian trixie/main i386 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian trixie/main i386 libtcl8.6 i386 8.6.16+dfsg-1 [1103 kB] Get: 52 http://deb.debian.org/debian trixie/main i386 tcl8.6 i386 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian trixie/main i386 tcl-expect i386 5.45.4-3+b1 [134 kB] Get: 54 http://deb.debian.org/debian trixie/main i386 expect i386 5.45.4-3+b1 [159 kB] Get: 55 http://deb.debian.org/debian trixie/main i386 libidn2-0 i386 2.3.7-2+b1 [130 kB] Get: 56 http://deb.debian.org/debian trixie/main i386 libp11-kit0 i386 0.25.5-3 [423 kB] Get: 57 http://deb.debian.org/debian trixie/main i386 libtasn1-6 i386 4.20.0-2 [51.6 kB] Get: 58 http://deb.debian.org/debian trixie/main i386 libgnutls30t64 i386 3.8.9-2 [1462 kB] Get: 59 http://deb.debian.org/debian trixie/main i386 libevent-2.1-7t64 i386 2.1.12-stable-10+b1 [195 kB] Get: 60 http://deb.debian.org/debian trixie/main i386 libunbound8 i386 1.22.0-1+b1 [633 kB] Get: 61 http://deb.debian.org/debian trixie/main i386 libgnutls-dane0t64 i386 3.8.9-2 [453 kB] Get: 62 http://deb.debian.org/debian trixie/main i386 gnutls-bin i386 3.8.9-2 [696 kB] Get: 63 http://deb.debian.org/debian trixie/main i386 libeac3 i386 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [55.7 kB] Get: 64 http://deb.debian.org/debian trixie/main i386 libglib2.0-0t64 i386 2.83.3-2 [1581 kB] Get: 65 http://deb.debian.org/debian trixie/main i386 libnspr4 i386 2:4.36-1 [119 kB] Get: 66 http://deb.debian.org/debian trixie/main i386 libnspr4-dev i386 2:4.36-1 [220 kB] Get: 67 http://deb.debian.org/debian trixie/main i386 libnss3 i386 2:3.107-1 [1503 kB] Get: 68 http://deb.debian.org/debian trixie/main i386 libnss3-dev i386 2:3.107-1 [253 kB] Get: 69 http://deb.debian.org/debian trixie/main i386 libp11-kit-dev i386 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian trixie/main i386 libpkgconf3 i386 1.8.1-4 [38.4 kB] Get: 71 http://deb.debian.org/debian trixie/main i386 softhsm2-common i386 2.6.1-2.2+b1 [12.4 kB] Get: 72 http://deb.debian.org/debian trixie/main i386 libsofthsm2 i386 2.6.1-2.2+b1 [264 kB] Get: 73 http://deb.debian.org/debian trixie/main i386 libssl-dev i386 3.4.0-2 [2842 kB] Get: 74 http://deb.debian.org/debian trixie/main i386 libtommath1 i386 1.3.0-1 [64.8 kB] Get: 75 http://deb.debian.org/debian trixie/main i386 libtomcrypt1 i386 1.18.2+dfsg-7+b2 [407 kB] Get: 76 http://deb.debian.org/debian trixie/main i386 libstoken1t64 i386 0.92-1.1+b2 [31.2 kB] Get: 77 http://deb.debian.org/debian trixie/main i386 libtomcrypt-dev i386 1.18.2+dfsg-7+b2 [1272 kB] Get: 78 http://deb.debian.org/debian trixie/main i386 libstoken-dev i386 0.92-1.1+b2 [8204 B] Get: 79 http://deb.debian.org/debian trixie/main i386 ninja-build i386 1.12.1-1 [153 kB] Get: 80 http://deb.debian.org/debian trixie/main i386 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian trixie/main i386 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian trixie/main i386 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian trixie/main i386 python3-typeguard all 4.4.1-1 [37.0 kB] Get: 84 http://deb.debian.org/debian trixie/main i386 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian trixie/main i386 python3-jaraco.context all 6.0.0-1 [7984 B] Get: 86 http://deb.debian.org/debian trixie/main i386 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian trixie/main i386 python3-pkg-resources all 75.6.0-1 [222 kB] Get: 88 http://deb.debian.org/debian trixie/main i386 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian trixie/main i386 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian trixie/main i386 python3-setuptools all 75.6.0-1 [720 kB] Get: 91 http://deb.debian.org/debian trixie/main i386 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian trixie/main i386 opensc-pkcs11 i386 0.26.0-1 [910 kB] Get: 93 http://deb.debian.org/debian trixie/main i386 opensc i386 0.26.0-1 [415 kB] Get: 94 http://deb.debian.org/debian trixie/main i386 openssl i386 3.4.0-2 [1427 kB] Get: 95 http://deb.debian.org/debian trixie/main i386 p11-kit-modules i386 0.25.5-3 [270 kB] Get: 96 http://deb.debian.org/debian trixie/main i386 p11-kit i386 0.25.5-3 [406 kB] Get: 97 http://deb.debian.org/debian trixie/main i386 pkgconf-bin i386 1.8.1-4 [30.6 kB] Get: 98 http://deb.debian.org/debian trixie/main i386 pkgconf i386 1.8.1-4 [26.2 kB] Get: 99 http://deb.debian.org/debian trixie/main i386 softhsm2 i386 2.6.1-2.2+b1 [177 kB] Fetched 48.5 MB in 3s (15.4 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19795 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_i386.deb ... Unpacking libpython3.13-minimal:i386 (3.13.2-1) ... Selecting previously unselected package libexpat1:i386. Preparing to unpack .../libexpat1_2.6.4-1_i386.deb ... Unpacking libexpat1:i386 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_i386.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:i386 (3.13.2-1) ... Setting up libexpat1:i386 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20129 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.1-2_i386.deb ... Unpacking python3-minimal (3.13.1-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_10.1.0_all.deb ... Unpacking media-types (10.1.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2024b-6_all.deb ... Unpacking tzdata (2024b-6) ... Selecting previously unselected package libffi8:i386. Preparing to unpack .../4-libffi8_3.4.6-1_i386.deb ... Unpacking libffi8:i386 (3.4.6-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:i386. Preparing to unpack .../6-libreadline8t64_8.2-6_i386.deb ... Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8 to /lib/i386-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8.2 to /lib/i386-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8 to /lib/i386-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8.2 to /lib/i386-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:i386 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:i386. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_i386.deb ... Unpacking libpython3.13-stdlib:i386 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_i386.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:i386. Preparing to unpack .../9-libpython3-stdlib_3.13.1-2_i386.deb ... Unpacking libpython3-stdlib:i386 (3.13.1-2) ... Setting up python3-minimal (3.13.1-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21139 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.1-2_i386.deb ... Unpacking python3 (3.13.1-2) ... Selecting previously unselected package libproc2-0:i386. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_i386.deb ... Unpacking libproc2-0:i386 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_i386.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:i386. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_i386.deb ... Unpacking libmagic1t64:i386 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_i386.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_i386.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:i386. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_i386.deb ... Unpacking libuchardet0:i386 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_i386.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-3_i386.deb ... Unpacking bsdextrautils (2.40.4-3) ... Selecting previously unselected package libpipeline1:i386. Preparing to unpack .../11-libpipeline1_1.5.8-1_i386.deb ... Unpacking libpipeline1:i386 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_i386.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:i386. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_i386.deb ... Unpacking libtext-charwidth-perl:i386 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0049_all.deb ... Moving old data out of the way Unpacking ucf (3.0049) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-5_i386.deb ... Unpacking m4 (1.4.19-5) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-3_all.deb ... Unpacking libtool (2.5.4-3) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:i386. Preparing to unpack .../27-libelf1t64_0.192-4_i386.deb ... Unpacking libelf1t64:i386 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_i386.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:i386. Preparing to unpack .../29-libunistring5_1.3-1_i386.deb ... Unpacking libunistring5:i386 (1.3-1) ... Selecting previously unselected package libicu72:i386. Preparing to unpack .../30-libicu72_72.1-6_i386.deb ... Unpacking libicu72:i386 (72.1-6) ... Selecting previously unselected package libxml2:i386. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_i386.deb ... Unpacking libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_i386.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:i386. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking libtcl8.6:i386 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:i386. Preparing to unpack .../39-tcl-expect_5.45.4-3+b1_i386.deb ... Unpacking tcl-expect:i386 (5.45.4-3+b1) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-3+b1_i386.deb ... Unpacking expect (5.45.4-3+b1) ... Selecting previously unselected package libidn2-0:i386. Preparing to unpack .../41-libidn2-0_2.3.7-2+b1_i386.deb ... Unpacking libidn2-0:i386 (2.3.7-2+b1) ... Selecting previously unselected package libp11-kit0:i386. Preparing to unpack .../42-libp11-kit0_0.25.5-3_i386.deb ... Unpacking libp11-kit0:i386 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:i386. Preparing to unpack .../43-libtasn1-6_4.20.0-2_i386.deb ... Unpacking libtasn1-6:i386 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:i386. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_i386.deb ... Unpacking libgnutls30t64:i386 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:i386. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_i386.deb ... Unpacking libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:i386. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_i386.deb ... Unpacking libunbound8:i386 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:i386. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_i386.deb ... Unpacking libgnutls-dane0t64:i386 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_i386.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:i386. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_i386.deb ... Unpacking libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:i386. Preparing to unpack .../50-libglib2.0-0t64_2.83.3-2_i386.deb ... Unpacking libglib2.0-0t64:i386 (2.83.3-2) ... Selecting previously unselected package libnspr4:i386. Preparing to unpack .../51-libnspr4_2%3a4.36-1_i386.deb ... Unpacking libnspr4:i386 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_i386.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:i386. Preparing to unpack .../53-libnss3_2%3a3.107-1_i386.deb ... Unpacking libnss3:i386 (2:3.107-1) ... Selecting previously unselected package libnss3-dev:i386. Preparing to unpack .../54-libnss3-dev_2%3a3.107-1_i386.deb ... Unpacking libnss3-dev:i386 (2:3.107-1) ... Selecting previously unselected package libp11-kit-dev:i386. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_i386.deb ... Unpacking libp11-kit-dev:i386 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:i386. Preparing to unpack .../56-libpkgconf3_1.8.1-4_i386.deb ... Unpacking libpkgconf3:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b1_i386.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:i386. Preparing to unpack .../59-libssl-dev_3.4.0-2_i386.deb ... Unpacking libssl-dev:i386 (3.4.0-2) ... Selecting previously unselected package libtommath1:i386. Preparing to unpack .../60-libtommath1_1.3.0-1_i386.deb ... Unpacking libtommath1:i386 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:i386. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:i386. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_i386.deb ... Unpacking libstoken1t64:i386 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:i386. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_i386.deb ... Unpacking libstoken-dev:i386 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1_i386.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.1-1_all.deb ... Unpacking python3-typeguard (4.4.1-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.0-1_all.deb ... Unpacking python3-jaraco.context (6.0.0-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.6.0-1_all.deb ... Unpacking python3-pkg-resources (75.6.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.6.0-1_all.deb ... Unpacking python3-setuptools (75.6.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:i386. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_i386.deb ... Unpacking opensc-pkcs11:i386 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_i386.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.0-2_i386.deb ... Unpacking openssl (3.4.0-2) ... Selecting previously unselected package p11-kit-modules:i386. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_i386.deb ... Unpacking p11-kit-modules:i386 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_i386.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_i386.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:i386. Preparing to unpack .../84-pkgconf_1.8.1-4_i386.deb ... Unpacking pkgconf:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (10.1.0) ... Setting up libpipeline1:i386 (1.5.8-1) ... Setting up libtext-charwidth-perl:i386 (0.04-11+b4) ... Setting up libicu72:i386 (72.1-6) ... Setting up bsdextrautils (2.40.4-3) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:i386 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:i386 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-5) ... Setting up libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:i386 (0.192-4) ... Setting up libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2024b-6) ... Current default time zone: 'Etc/UTC' Local time is now: Tue Feb 18 02:51:23 UTC 2025. Universal Time is now: Tue Feb 18 02:51:23 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:i386 (1.22.0-1+b1) ... Setting up libpkgconf3:i386 (1.8.1-4) ... Setting up libnspr4:i386 (2:4.36-1) ... Setting up libproc2-0:i386 (2:4.0.4-7) ... Setting up libunistring5:i386 (1.3-1) ... Setting up libssl-dev:i386 (3.4.0-2) ... Setting up libtcl8.6:i386 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:i386 (3.4.6-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:i386 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:i386 (4.20.0-2) ... Setting up netbase (6.4) ... Setting up openssl (3.4.0-2) ... Setting up readline-common (8.2-6) ... Setting up libxml2:i386 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Setting up libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-3) ... Setting up tcl-expect:i386 (5.45.4-3+b1) ... Setting up libidn2-0:i386 (2.3.7-2+b1) ... Setting up libnss3:i386 (2:3.107-1) ... Setting up pkgconf:i386 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:i386 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:i386 (2.83.3-2) ... No schema files found: doing nothing. Setting up libstoken-dev:i386 (0.92-1.1+b2) ... Setting up libp11-kit0:i386 (0.25.5-3) ... Setting up ucf (3.0049) ... Setting up libreadline8t64:i386 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:i386 (2:3.107-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:i386 (3.13.2-1) ... Setting up libp11-kit-dev:i386 (0.25.5-3) ... Setting up libpython3-stdlib:i386 (3.13.1-2) ... Setting up libgnutls30t64:i386 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-3+b1) ... Setting up python3 (3.13.1-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:i386 (0.26.0-1) ... Setting up p11-kit-modules:i386 (0.25.5-3) ... Setting up libgnutls-dane0t64:i386 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.0-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.1-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.6.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.6.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.40-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: user script /srv/workspace/pbuilder/34481/tmp/hooks/A99_set_merged_usr starting Not re-configuring usrmerge for trixie I: user script /srv/workspace/pbuilder/34481/tmp/hooks/A99_set_merged_usr finished hostname: Name or service not known I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture i386 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/i386-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-16) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86 Host machine cpu: i686 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.0 Run-time dependency libssl found: YES 3.4.0 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.107 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/i386-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-i686-linux-gnu && LC_ALL=C.UTF-8 ninja -j10 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/i386-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=10 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu' [1/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [2/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [3/29] Compiling C object tests/tdigests.p/tdigests.c.o [4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [5/29] Compiling C object tests/tsession.p/tsession.c.o [6/29] Compiling C object tests/tfork.p/tfork.c.o [7/29] Compiling C object tests/tcmpkeys.p/util.c.o [8/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [9/29] Compiling C object tests/tlsctx.p/util.c.o [10/29] Compiling C object tests/tgenkey.p/util.c.o [11/29] Compiling C object tests/tlssetkey.p/util.c.o [12/29] Compiling C object tests/tpkey.p/tpkey.c.o [13/29] Compiling C object tests/tfork.p/util.c.o [14/29] Compiling C object tests/ccerts.p/ccerts.c.o [15/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [16/29] Linking target tests/treadkeys [17/29] Linking target tests/tdigests [18/29] Compiling C object tests/pincache.p/pincache.c.o [19/29] Linking target tests/tsession [20/29] Linking target tests/tcmpkeys [21/29] Compiling C object tests/tpkey.p/util.c.o [22/29] Linking target tests/tlsctx [23/29] Linking target tests/tlssetkey [24/29] Linking target tests/tfork [25/29] Compiling C object tests/ccerts.p/util.c.o [26/29] Linking target tests/tgenkey [27/29] Linking target tests/pincache [28/29] Linking target tests/tpkey [29/29] Linking target tests/ccerts 1/92 pkcs11-provider:softokn / setup RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=148 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ++ exit 0 ######################################## ## Setup NSS Softokn NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.03s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so MALLOC_PERTURB_=191 MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1046699247 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' Creating new Self Sign CA + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Tue Feb 18 02:51:45 UTC 2025 Not After: Wed Feb 18 02:51:45 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:d3:e1:84:a8:cc:97:f0:1c:91:17:ff:22:7e:f6:77 a7:0d:0d:5a:13:02:be:b0:2b:3c:47:7e:5c:78:38:35 7d:dd:78:df:7f:94:5b:9c:fc:0c:65:5f:ea:1e:32:00 ba:55:b2:83:6c:a7:59:75:ff:c1:73:0b:fd:e0:f3:e4 66:15:9b:a0:a1:42:0a:d5:2a:6c:c4:aa:ad:8a:f3:bd fa:4e:f0:a7:62:f5:4e:a9:cb:45:7d:49:f0:9b:6b:56 c0:bb:3e:c7:a0:c8:b8:12:fc:d5:7a:6f:f4:10:93:4a 10:c9:91:2b:f5:42:fc:c2:de:c7:d1:43:d9:03:5a:3a dc:c6:bd:df:c3:b7:b8:09:06:63:71:35:ca:c9:8b:56 c6:f2:07:e2:b0:62:f1:de:84:ec:8a:90:e9:e9:79:3e 20:4e:9c:c6:7c:b0:08:52:b7:10:55:bf:1e:49:76:4f b2:ab:7d:97:db:4c:1e:cf:1a:09:0f:f5:7f:01:53:80 2d:57:1f:36:15:31:0f:3d:36:ca:d5:03:0f:27:ef:dc 7d:07:98:c2:af:8a:5c:26:da:fa:7e:06:f7:44:2b:e2 67:88:7b:6c:a6:df:c1:e6:7b:c0:99:e1:a5:84:89:d7 68:ee:d6:28:c7:d4:d5:f1:f5:be:28:08:2d:63:d2:00 27 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:046b356478c6a92fa9a26f56c33cdf448cc09876 sha256:f410d11b703979e2cd86daa22885704069ec013fa8f6cd219f3d572e563b87d6 Public Key PIN: pin-sha256:9BDRG3A5eeLNhtqiKIVwQGnsAT+o9s0hnz1XLlY7h9Y= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Tue Feb 18 02:51:45 UTC 2025 Not After: Wed Feb 18 02:51:45 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:c8:9b:4f:9f:96:ab:a1:cf:f7:e3:5b:8b:27:9f:09 e4:70:4a:39:1d:6d:7b:8e:93:e6:af:30:6a:98:98:b8 c5:ba:62:73:d3:06:d2:ac:b8:81:66:e2:96:72:9f:3e 32:1f:fa:bb:d8:21:c1:2d:d8:80:1b:7d:6a:a2:fd:cd 5e:a7:25:cb:22:0a:b9:96:98:5a:13:8a:e7:1a:f1:4c 53:f2:4f:2b:0c:dc:57:b8:cb:e8:89:78:92:93:60:5e 03:3d:95:5b:d2:71:68:e7:f8:70:50:e1:21:f5:a2:0f c0:41:cd:8f:08:d4:5b:eb:98:00:6a:bd:42:d9:85:76 5b:01:21:5d:43:01:06:de:52:b8:06:f5:26:a2:a4:a9 b7:7f:d8:02:91:c1:bb:e3:42:3e:22:5a:c9:19:88:58 77:90:48:49:9b:eb:ce:95:07:e2:49:6e:1f:c6:3c:61 1a:78:e8:10:e4:85:ba:24:eb:f2:97:83:b4:c3:af:cd fd:11:5e:45:62:1f:7f:17:2d:e5:f0:73:ec:b4:b7:25 28:07:d4:a7:25:a9:f1:69:68:6a:3f:3d:b9:32:f6:df a4:f9:7a:70:5c:47:b3:51:82:79:f8:f7:3b:e1:95:d6 73:60:ee:25:64:94:1e:f4:41:6d:3d:7c:da:17:88:9a 57 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 46ce766e540ae6db1b6de488737397493b07e90e Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:46ce766e540ae6db1b6de488737397493b07e90e sha256:c4f6605ecdbcfba6d877d9a2f52397c2dcec9ddfcb0cfbf56919bd91f18c7442 Public Key PIN: pin-sha256:xPZgXs28+6bYd9mi9SOXwtzsnd/LDPv1aRm9kfGMdEI= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410492a3549ad1e942ac04f43012aa0a3a77e99b9d1b52525e28626f91f83f6e269af1fd2f0a19f3108803202dab7d87b0f8526f750081be4547f73a9412e498f4a6 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:46 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Tue Feb 18 02:51:46 UTC 2025 Not After: Wed Feb 18 02:51:46 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:92:a3:54:9a:d1:e9:42:ac:04:f4:30:12:aa:0a:3a 77:e9:9b:9d:1b:52:52:5e:28:62:6f:91:f8:3f:6e:26 9a Y: 00:f1:fd:2f:0a:19:f3:10:88:03:20:2d:ab:7d:87:b0 f8:52:6f:75:00:81:be:45:47:f7:3a:94:12:e4:98:f4 a6 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): d5c59f642a2b98655384e2fbefa650c8d5c9a024 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:d5c59f642a2b98655384e2fbefa650c8d5c9a024 sha256:bc1a5cf22a1a01e4c0d901c723a45e2ef88589b97df059d29dda3b8c702b61ef Public Key PIN: pin-sha256:vBpc8ioaAeTA2QHHI6ReLviFibl98FnSndo7jHArYe8= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104705b334c3910e8e446a4fc15d31b8ef9b117e814cf9563c552566969b1cd5f91ab420769bf339e2ad22e14a9456c7ea45280b834ddab6d1b2a303bd5e7e7a46a EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Tue Feb 18 02:51:46 UTC 2025 Not After: Wed Feb 18 02:51:46 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 70:5b:33:4c:39:10:e8:e4:46:a4:fc:15:d3:1b:8e:f9 b1:17:e8:14:cf:95:63:c5:52:56:69:69:b1:cd:5f:91 Y: 00:ab:42:07:69:bf:33:9e:2a:d2:2e:14:a9:45:6c:7e a4:52:80:b8:34:dd:ab:6d:1b:2a:30:3b:d5:e7:e7:a4 6a Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 9e820f12182e4ecb0aecf7c19038a54ed4a8056a Other Information: Public Key ID: sha1:9e820f12182e4ecb0aecf7c19038a54ed4a8056a sha256:7dfa9b787777c5a4779c19c632794c0a0c00c9fc3c099910958e82b2b6d969d0 Public Key PIN: pin-sha256:ffqbeHd3xaR3nBnGMnlMCgwAyfw8CZkQlY6CsrbZadA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04209b5a03d274145680d69b50bf2bf2ac3e96ed4c7fe6748724461c9fc7aa3655cb EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:46 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Tue Feb 18 02:51:46 UTC 2025 Not After: Wed Feb 18 02:51:46 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 9b:5a:03:d2:74:14:56:80:d6:9b:50:bf:2b:f2:ac:3e 96:ed:4c:7f:e6:74:87:24:46:1c:9f:c7:aa:36:55:cb Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): c4449872751ba66bb7cb888d20c98daf065ff167 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:c4449872751ba66bb7cb888d20c98daf065ff167 sha256:20de52742f0aeddfcebb004cadb7143ad6e8743d5bc17c6156ff23340168ee40 Public Key PIN: pin-sha256:IN5SdC8K7d/OuwBMrbcUOtbodD1bwXxhVv8jNAFo7kA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04393f9e730416c21e124c5d7aa82b9af27d8adab504baeea3e3e933847944a05504433b9ef02bb11b15b704e2119179d666bf8c1f51258ec31080 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:46 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Tue Feb 18 02:51:46 UTC 2025 Not After: Wed Feb 18 02:51:46 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: 3f:9e:73:04:16:c2:1e:12:4c:5d:7a:a8:2b:9a:f2:7d 8a:da:b5:04:ba:ee:a3:e3:e9:33:84:79:44:a0:55:04 43:3b:9e:f0:2b:b1:1b:15:b7:04:e2:11:91:79:d6:66 bf:8c:1f:51:25:8e:c3:10:80 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): feeb9416da3d04d0584d76cca04ae84304cb9ec1 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:feeb9416da3d04d0584d76cca04ae84304cb9ec1 sha256:6f6147069a4ab0c863670d3f395722b1d37e0bad91feeee67b15cf5f69cd996c Public Key PIN: pin-sha256:b2FHBppKsMhjZw0/OVcisdN+C62R/u7mexXPX2nNmWw= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:47 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Tue Feb 18 02:51:47 UTC 2025 Not After: Wed Feb 18 02:51:47 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:8c:af:42:e5:17:84:43:40:3b:f8:07:cf:7d:c3:29 a5:db:87:e3:ac:b7:d6:be:1b:70:e2:68:ec:1c:73:8b 6d:53:ca:e8:71:a3:b2:c3:7e:f3:14:4b:90:04:6a:20 4b:80:13:73:f9:5d:4c:69:d9:5b:7f:db:39:cf:55:0e 26:3c:9d:5c:eb:8c:25:a5:f3:61:f7:74:f4:03:3c:42 85:3b:99:73:47:42:44:3a:da:3e:8a:00:93:eb:51:b2 f4:35:c7:2a:51:07:b9:10:cb:90:70:de:a1:28:ec:ba b3:bb:f8:35:08:6b:8e:d6:5a:8c:c6:56:96:6a:34:34 c4:75:b5:07:22:60:2a:05:7c:6a:b5:2f:8c:f7:64:b7 8f:e3:d8:29:ec:42:93:9c:34:9f:79:71:19:fc:a9:d7 5e:6e:5c:8c:29:32:eb:5d:17:07:08:e1:e6:e3:76:38 10:c4:71:85:b3:d3:9f:4d:8a:3d:cb:de:68:07:4e:84 24:ab:a9:c9:ee:b4:30:ca:c4:43:0f:94:20:6a:51:bb 8c:83:10:9e:98:00:81:21:09:e1:a0:4c:ec:55:de:e0 38:d7:2e:a5:56:be:ee:01:eb:d9:63:fd:4c:27:ff:9c 3d:a0:83:1d:f0:aa:04:9e:7c:92:21:61:6e:6c:11:87 65 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 497b655b5f547d88968a8129c7c828513bf386c5 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:497b655b5f547d88968a8129c7c828513bf386c5 sha256:baaa40a39eda42a343ec21fffb0c40d939b49ee9c8e2522dee81a0cf74835d56 Public Key PIN: pin-sha256:uqpAo57aQqND7CH/+wxA2Tm0nunI4lIt7oGgz3SDXVY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104e65342ad3ac4670ca443aa67b65dd213c51ffda5481182a76a466d35eef15e1118f8a15b619b56ba7f67c81b61ceee0e320c0a6c60fc88b286f520c4b066fe28ffe15273aa726ac0e1eadb791ea450289f02c6e8486104f6fb6368bcde46632a EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:47 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Tue Feb 18 02:51:47 UTC 2025 Not After: Wed Feb 18 02:51:47 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:e6:53:42:ad:3a:c4:67:0c:a4:43:aa:67:b6:5d:d2 13:c5:1f:fd:a5:48:11:82:a7:6a:46:6d:35:ee:f1:5e 11:18:f8:a1:5b:61:9b:56:ba:7f:67:c8:1b:61:ce:ee 0e Y: 32:0c:0a:6c:60:fc:88:b2:86:f5:20:c4:b0:66:fe:28 ff:e1:52:73:aa:72:6a:c0:e1:ea:db:79:1e:a4:50:28 9f:02:c6:e8:48:61:04:f6:fb:63:68:bc:de:46:63:2a Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 826b3b289043a591ca51314b15c36b3ff4c62ae8 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:826b3b289043a591ca51314b15c36b3ff4c62ae8 sha256:aadb6f961f10b1db20d26bf434c65b47cdc8763880bb394dd9441f1b43e0aa26 Public Key PIN: pin-sha256:qttvlh8Qsdsg0mv0NMZbR83IdjiAuzlN2UQfG0PgqiY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850400dfe77f3f1eb2a855ca46a4731a665cf7abaa68d4f10fb2a2b2f3ed8ac62b69bb7c7693e6a375fc1fb40c6e252fd7deee1b48e70b74e37caab5b5d7f8334a9e98b101668f2ce61cb72d67ffecef9f66625c9e00bea69b6e21084cf53183bf25ab1825bb9336cde0d8ab2daacf5772619f48b0dabf1f3ac30475a8b9283140d9d02c8a03 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Feb 18 16:51:47 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Tue Feb 18 02:51:47 UTC 2025 Not After: Wed Feb 18 02:51:47 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 00:df:e7:7f:3f:1e:b2:a8:55:ca:46:a4:73:1a:66:5c f7:ab:aa:68:d4:f1:0f:b2:a2:b2:f3:ed:8a:c6:2b:69 bb:7c:76:93:e6:a3:75:fc:1f:b4:0c:6e:25:2f:d7:de ee:1b:48:e7:0b:74:e3:7c:aa:b5:b5:d7:f8:33:4a:9e 98:b1 Y: 01:66:8f:2c:e6:1c:b7:2d:67:ff:ec:ef:9f:66:62:5c 9e:00:be:a6:9b:6e:21:08:4c:f5:31:83:bf:25:ab:18 25:bb:93:36:cd:e0:d8:ab:2d:aa:cf:57:72:61:9f:48 b0:da:bf:1f:3a:c3:04:75:a8:b9:28:31:40:d9:d0:2c 8a:03 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 1d8dc0c7c23543e5746ba19ff8308aabba5b2f67 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:1d8dc0c7c23543e5746ba19ff8308aabba5b2f67 sha256:c7aa0afcd106730ecf3b41bb1dc3d77d479d1ed1529e26c8f66874889ee8a17e Public Key PIN: pin-sha256:x6oK/NEGcw7PO0G7HcPXfUedHtFSnibI9mh0iJ7ooX4= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Wed Feb 18 16:51:48 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Tue Feb 18 02:51:48 UTC 2025 Not After: Wed Feb 18 02:51:48 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:d6:a6:ff:1f:2e:ce:ca:b8:28:ec:4f:75:d1:af:0c d6:61:75:20:0a:2a:ca:7b:de:78:07:4b:17:4b:22:4c 3e:12:8c:6c:40:82:bf:73:d7:9a:9f:0f:51:11:26:12 53:b8:56:54:68:55:7a:b9:e0:e9:be:85:6d:50:bc:1f 76:9c:88:b7:57:95:89:a8:9f:a6:fa:f6:a8:42:51:79 64:f3:44:d8:44:be:44:16:80:d1:20:69:11:fa:8d:85 49:53:61:d4:13:86:7e:e1:76:a5:59:88:84:50:60:df d4:bd:84:1c:43:f0:6d:8e:03:97:3b:52:21:83:3a:dd 29:d1:02:f5:61:18:92:04:35:98:5e:25:3a:91:83:d0 32:bf:68:36:ee:68:e9:05:98:ed:6a:bd:5f:56:da:54 80:7e:82:4e:84:5d:c4:73:56:45:29:e5:b5:86:71:75 36:6a:df:67:07:1d:3d:36:03:7f:0e:96:ec:db:08:ff de:9d:d6:80:b1:7d:d5:e0:00:90:e4:c8:73:55:0c:5a 23:5d:d8:a0:ca:2b:db:0b:4c:79:88:3a:3f:4f:8f:03 24:81:a3:77:e1:93:30:ab:cc:af:81:53:2d:a9:77:66 f8:92:9d:4a:9e:e6:bc:47:32:1a:0c:3f:81:37:51:4d 09 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 60c30d1910723009da54c1d6e8527509460e0592 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:60c30d1910723009da54c1d6e8527509460e0592 sha256:fdfbf349fab938a709da00dae3efcb62d8f7d4c222d245d2fa1575c0645e6ac9 Public Key PIN: pin-sha256:/fvzSfq5OKcJ2gDa4+/LYtj31MIi0kXS+hV1wGReask= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Wed Feb 18 16:51:48 2026 CA expiration time: Wed Feb 18 16:51:45 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Tue Feb 18 02:51:48 UTC 2025 Not After: Wed Feb 18 02:51:48 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0e:c1:f8:8b:ff:bf:83:99:4e:e5:bc:51:05:34:09:fc ce:42:dc:9f:e3:e9:a9:c5:4c:da:e6:4a:69:38:95:4f c7:b7:27:38:39:5b:9a:91:0a:f7:92:55:a6:3e:72:c5 22:fa:18:9c:83:46:17:f6:39:38:f7:dc:f6:59:8b:fa 76:51:b4:f6:51:29:1f:f0:ea:1d:66:b6:6c:a7:10:47 43:43:7c:8c:f3:02:71:58:1c:7a:24:44:e3:dd:a4:ba bc:fc:9a:36:ee:a9:18:fb:02:2a:29:a5:35:a7:c4:25 ad:44:8c:58:d0:ee:8f:97:20:29:7a:58:43:c9:3c:7c f5:0f:18:34:7c:db:d2:0c:37:44:02:c6:af:7d:30:7b dd:7e:02:76:f3:31:56:a9:c3:f4:14:d1:d2:63:37:2d 45:72:eb:a1:29:ab:3f:62:a5:52:70:1f:02:95:76:d1 51:f8:d1:f4:be:d4:2c:1f:8f:9b:f1:f9:4e:19:12:87 3d:01:56:28:e2:14:32:e6:6d:9c:f3:b4:6d:db:61:d1 e6:ae:23:fb:6f:97:ec:6c:68:f3:39:9a:d4:b9:b3:09 0d:75:fc:e9:da:70:c1:a0:be:f6:cd:43:87:3c:9b:f2 6a:68:4c:49:db:92:28:5a:7d:3f:df:5d:8b:a3:24:17 9e:1e:68:ae:92:8e:82:09:a0:fa:4f:78:62:d9:e1:bb c4:92:ce:52:52:bf:1e:de:61:e1:c9:90:03:44:e0:09 2d:55:10:20:de:35:b1:07:58:69:1a:b7:0b:51:98:82 ad:fa:82:56:85:1c:57:8f:c1:a9:63:fb:86:59:9d:1d 9f:e5:62:20:37:12:48:9d:f8:e8:6b:a6:30:33:5e:00 df:28:64:75:ee:d9:c0:19:97:ed:67:9a:14:1d:dd:7b cb:96:51:e1:a7:bf:ce:1f:f9:35:9b:f0:f0:ff:5c:84 48:82:c6:4a:c0:a4:a8:a3:82:0f:01:5e:e5:73:94:a7 5e:5e:45 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): e779de69a1554646fee17b03d37dee8d5eb12349 Authority Key Identifier (not critical): 046b356478c6a92fa9a26f56c33cdf448cc09876 Other Information: Public Key ID: sha1:e779de69a1554646fee17b03d37dee8d5eb12349 sha256:8497cb4bb50e459ad9b69040e9688899b29b4363707c8cb12e29b24885a22a14 Public Key PIN: pin-sha256:hJfLS7UORZrZtpBA6WiImbKbQ2NwfIyxLimySIWiKhQ= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04393f9e730416c21e124c5d7aa82b9af27d8adab504baeea3e3e933847944a05504433b9ef02bb11b15b704e2119179d666bf8c1f51258ec31080 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04209b5a03d274145680d69b50bf2bf2ac3e96ed4c7fe6748724461c9fc7aa3655cb EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 04410492a3549ad1e942ac04f43012aa0a3a77e99b9d1b52525e28626f91f83f6e269af1fd2f0a19f3108803202dab7d87b0f8526f750081be4547f73a9412e498f4a6 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104705b334c3910e8e446a4fc15d31b8ef9b117e814cf9563c552566969b1cd5f91ab420769bf339e2ad22e14a9456c7ea45280b834ddab6d1b2a303bd5e7e7a46a EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850400dfe77f3f1eb2a855ca46a4731a665cf7abaa68d4f10fb2a2b2f3ed8ac62b69bb7c7693e6a375fc1fb40c6e252fd7deee1b48e70b74e37caab5b5d7f8334a9e98b101668f2ce61cb72d67ffecef9f66625c9e00bea69b6e21084cf53183bf25ab1825bb9336cde0d8ab2daacf5772619f48b0dabf1f3ac30475a8b9283140d9d02c8a03 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 4.63s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=75 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.03s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> MALLOC_PERTURB_=53 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so SHARED_EXT=.so MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.03s 5/92 pkcs11-provider:softokn / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=52 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.01s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=62 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 4049F4F7:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1046699247 - SoftHSM slot ID 0x3e635cef):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1046699247 - SoftHSM slot ID 0x3e635cef):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 8.87s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=178 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.01s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=223 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.01s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=73 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.01s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=101 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.43s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=90 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.01s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=181 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.01s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=118 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.01s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=163 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.30s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=217 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.01s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=236 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.01s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=224 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.01s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=81 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 0.66s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=17 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.01s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=125 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.01s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> MALLOC_PERTURB_=254 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 1.39s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> MALLOC_PERTURB_=56 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.01s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=79 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.01s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=107 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=134 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.01s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=190 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.01s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=136 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.01s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=66 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr ......+++++++++++++++++++++++++++++++++++++++*.......+...+++++++++++++++++++++++++++++++++++++++*.+.+..............+....+..+.......+...+...+..+............+......+.......+..+...+..........+..+.+...............+..+............+..........+........+...+......+.+..+...+....+...+......+..............+.+..+...+.+...+..+....+...............+..............+..........+..+....+..+.........+......+.......+..+....+..+...+.........+.+..+.......+...........+......+.+..+..........+.....+..........+...+........+.......+...+...........+...+...+.......+...+..+............+....+..............+.......+...+...............+........+...+......+..........+.......................+.......+...+...+........+......+.+........+.+......+.....+.............+...........+.+..+.+..+............................+......+........+............+.+............+........+....+.........+............+...++++++ ...+............+.+++++++++++++++++++++++++++++++++++++++*.+...+++++++++++++++++++++++++++++++++++++++*..+...+....+...+............+......+.....+.........+.+..+................+..............+...+.......+...+...+......+.....+.........+....+..+.+........+......+.........+......+...+.......+...+.....+......+.........+.+.....+....+.....+.......+........+.......+.....................+.....+.............+..+.........+...+.+............+..+.+.........+...+..............+.+...+..+.........+......+....+...+......+.........+.....+.+...........+......+...+....+.....+.+......+...+..+.+..............+......+.......+...+.....+...+.......+...+.....+..........+..+....+...............+...++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Feb 18 02:52:02 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 1.90s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> MALLOC_PERTURB_=63 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.01s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=156 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.01s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=131 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.01s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=165 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.07s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=24 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.01s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=218 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.01s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=65 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.01s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=150 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 0.52s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=91 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.03s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=130 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.02s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=167 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.02s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=34 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.03s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=219 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.01s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=127 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.01s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=85 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.01s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=51 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.01s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> MALLOC_PERTURB_=83 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.02s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> MALLOC_PERTURB_=72 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.05s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=163 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.01s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=153 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.01s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=95 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.35s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=18 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.02s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=224 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.02s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> MALLOC_PERTURB_=19 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.27s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=84 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.02s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=105 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.02s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> MALLOC_PERTURB_=164 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.03s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=40 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.02s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> MALLOC_PERTURB_=25 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.02s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=51 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.02s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=239 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.97s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=127 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.02s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=131 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.02s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> MALLOC_PERTURB_=128 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.02s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=162 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.47s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=157 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.02s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=104 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.02s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=251 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.02s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=81 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 4049FAF7:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 4049FAF7:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.09s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=203 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.02s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=195 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.02s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MALLOC_PERTURB_=196 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.02s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=155 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.07s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=147 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.02s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=208 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.01s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=193 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.01s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=120 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:45 2025 GMT; NotAfter: Feb 18 02:51:45 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ1WhcNMjYwMjE4MDI1MTQ1WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMibT5+Wq6HP9+NbiyefCeRwSjkdbXuOk+av MGqYmLjFumJz0wbSrLiBZuKWcp8+Mh/6u9ghwS3YgBt9aqL9zV6nJcsiCrmWmFoT iuca8UxT8k8rDNxXuMvoiXiSk2BeAz2VW9JxaOf4cFDhIfWiD8BBzY8I1FvrmABq vULZhXZbASFdQwEG3lK4BvUmoqSpt3/YApHBu+NCPiJayRmIWHeQSEmb686VB+JJ bh/GPGEaeOgQ5IW6JOvyl4O0w6/N/RFeRWIffxct5fBz7LS3JSgH1KclqfFpaGo/ Pbky9t+k+XpwXEezUYJ5+Pc74ZXWc2DuJWSUHvRBbT182heImlcCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRGznZuVArm2xtt5Ihzc5dJOwfpDjAf BgNVHSMEGDAWgBQEazVkeMapL6mib1bDPN9EjMCYdjANBgkqhkiG9w0BAQsFAAOC AQEAksVbU9qI9rgJ6I/UWyIwlq0Ay0KMVfcvI1OUd91PeCNO8h7H3IffOgs2plse jDuMgsgpqlNv43b2pUDj3BvxepQM+4XNAPTOCe+Hq7leXlTgyEewtodEbrl4WmWJ QlZ8dVqd7v0vI9n2i4Kf2RnzuuZBaFEHeJuGLdX0TOvro+0Otl0FIaULk3d8IkMg eSiHDAGvGWFqfcDHG/aKEnsHCM8WfdcEIS4isImWU6XMyH1tQuiOEdz6PYxG0p/w gX9M00tyPPm5a03LwA3FTXOCv5tGcQ/fF7dsngcj/e8Zy+ff/AupuoV7JaSvXvzW VnMRgaIisTf7THfr597voRbwBA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 45917624DB7C7E5A1DE3373302A2E82DABFE6253207E14858D1A1629F0C591F9 Session-ID-ctx: Resumption PSK: 5CB2CFF9EA567DAE26D320B2D08B25204BCC17F92632D3E18E17BD8C3676D8B46B40CE318122614E2D72E0DAEFD0FDE3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d1 f0 6a ec a7 b4 f5 e9-7b 93 b7 af bb af ea 31 ..j.....{......1 0010 - 4e 12 6f 02 7d 91 29 1e-72 39 7e f7 f9 80 9c 8b N.o.}.).r9~..... 0020 - f2 9b 79 57 06 c3 64 10-a1 e9 83 33 06 4d 18 ba ..yW..d....3.M.. 0030 - d9 b8 02 ed 17 1b 9e 48-8e 5c 1c f6 a3 06 4a 07 .......H.\....J. 0040 - 67 3f 46 17 99 09 e1 da-21 3a 68 62 15 74 7b e1 g?F.....!:hb.t{. 0050 - 66 9c 42 15 bd c5 59 51-5c ea 34 9c 53 93 46 fd f.B...YQ\.4.S.F. 0060 - 20 54 51 33 ec c2 97 82-b2 9f a5 18 28 34 bf 1c TQ3........(4.. 0070 - 47 c5 a2 d6 b8 06 44 b1-f9 57 3f f7 3d f0 a5 ce G.....D..W?.=... 0080 - e5 7c 94 dd 15 70 28 45-ba 96 3b 54 c0 d0 fd 08 .|...p(E..;T.... 0090 - bf 6a a5 7d 19 e6 ba 92-bf 03 1e 76 a2 40 a4 6a .j.}.......v.@.j 00a0 - 80 05 8d 8b a6 37 af 7e-10 51 92 cd 14 fb 5c 68 .....7.~.Q....\h 00b0 - 8a cd f6 af 42 52 82 f4-02 b8 6d 04 05 ca bf ee ....BR....m..... 00c0 - 40 6c 3d 4d da ae 09 2a-44 f1 c3 e9 68 d6 b7 ec @l=M...*D...h... Start Time: 1739847126 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 91C5999F91EB57D131E968B8DDE5CC9F67E29467863106A2072CD9FE99A82FA7 Session-ID-ctx: Resumption PSK: 9AF0631903D9CAEBE19EF94DCB224D3F41553FBB9752AC9F14095DA9C4D757B1D5AAB00D2BD8F30457EE419D9AB853F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d1 f0 6a ec a7 b4 f5 e9-7b 93 b7 af bb af ea 31 ..j.....{......1 0010 - 5a 9a 43 7a c1 aa 43 03-35 51 54 1b 9c cb 1c f4 Z.Cz..C.5QT..... 0020 - 18 cc 53 6e 45 3f b8 e3-78 09 53 1c 4e c4 54 6f ..SnE?..x.S.N.To 0030 - ef 8e 47 c0 0a 15 d4 00-e7 02 a7 c1 06 25 8b 64 ..G..........%.d 0040 - 4e 8c 24 ca d9 78 73 68-6c ca 0c 87 3b da d1 71 N.$..xshl...;..q 0050 - 13 ec 69 d1 28 46 13 08-a2 ba 0c 3d 2c 39 82 6e ..i.(F.....=,9.n 0060 - f8 55 90 05 53 45 88 f5-bb 68 75 f3 81 68 6b fd .U..SE...hu..hk. 0070 - e1 f1 66 7a e0 2f 47 f6-09 d4 eb 33 8e 9c d0 8f ..fz./G....3.... 0080 - fc d6 f7 2c 83 fa e2 89-c2 82 d1 f2 43 fd e9 1f ...,........C... 0090 - 90 cd 20 bd ab 95 c6 e7-b4 58 88 3a 13 3b 07 30 .. ......X.:.;.0 00a0 - d2 01 99 b3 ef 26 26 ef-e4 ec ac ce 0a e3 1e ca .....&&......... 00b0 - aa 67 cd 76 72 3a 8b 7e-43 da 53 86 25 0c a8 13 .g.vr:.~C.S.%... 00c0 - 90 85 d8 9a ce 93 2e e8-e4 34 88 9e c3 a7 cb 21 .........4.....! Start Time: 1739847126 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 0007EEF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIES7BCLHgG1k62vdXpSxKCyhE4etWYR6gtfiekyBrC31 BDCa8GMZA9nK6+Ge+U3LIk0/QVU/u5dSrJ8UCV2pxNdXsdWqsA0r2PMEV+5BnZq4 U/ShBgIEZ7P11qIEAgIcIKQGBAQBAAAArgcCBQDlTVCMswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 18 02:52:07 2025 GMT; NotAfter: Mar 20 02:52:07 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUV9iUgj1DlkImsWHaWsQm3s4roCswPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDI1MjA3WhcNMjUwMzIwMDI1MjA3WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDWpv8fLs7KuCjsT3XR rwzWYXUgCirKe954B0sXSyJMPhKMbECCv3PXmp8PUREmElO4VlRoVXq54Om+hW1Q vB92nIi3V5WJqJ+m+vaoQlF5ZPNE2ES+RBaA0SBpEfqNhUlTYdQThn7hdqVZiIRQ YN/UvYQcQ/BtjgOXO1IhgzrdKdEC9WEYkgQ1mF4lOpGD0DK/aDbuaOkFmO1qvV9W 2lSAfoJOhF3Ec1ZFKeW1hnF1NmrfZwcdPTYDfw6W7NsI/96d1oCxfdXgAJDkyHNV DFojXdigyivbC0x5iDo/T48DJIGjd+GTMKvMr4FTLal3ZviSnUqe5rxHMhoMP4E3 UU0JAgMBAAGjaTBnMB0GA1UdDgQWBBRZ3SDJvnTrpKgdBGS8E3iHGEkc+TAfBgNV HSMEGDAWgBRZ3SDJvnTrpKgdBGS8E3iHGEkc+TAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEACGObnh3rQYqS y8VEZB7jw8UbMeOVyYAUYRIkD4byXS3IAn0HaQCRRyHa7BEV3h+an1sCJHCSdE0U OUtsvRmfpmTcAYQPQ9NbO14BQ0tBSnm/3b3ExRK7ETI1LXvv7bN6Qn45UCvyrYLi 71kjS2ff87484EOyDj5MXa2PZPvuCEGpvoukHrYvVg7QH1QNlX/NxYDSugl2mRrC pYO2N1+WnEmlBv0xsy5CaMzv/ivbM4uYZ9nam2Ctw2XY3v0KYhQZuHntHrR5RmqB Nihe8iYqED96VQfDskclhFG75s7reCrUik2MroeETd6SxWfZNZHPK52v30I65HSw 7+lEZckm6A== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4CD7978212BF72040A0E6213CC86C88F0C32B688C72E4E7CD342B49E5E11F7BD Session-ID-ctx: Resumption PSK: A73ABA00106FA7249C952028C3A4C7AB96A569014B7DA7C5CEB042DBC16B39D6085A504C8B48E205F2A9540A5EAF1205 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 6f e3 4c 6c 74 f6 ad 9d-79 ef a1 9c 86 dc cb 4d o.Llt...y......M 0010 - 65 d4 25 bd 0f 66 93 3d-3b 66 b6 2a 35 3c 4f b7 e.%..f.=;f.*5.....mP..k.? 00c0 - a1 9f 60 f2 d1 26 24 da-c9 43 87 4b de 4d 26 23 ..`..&$..C.K.M&# Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 26FE58AF3A34F3ED450E5B7338C1D7A890CBCC62080E30818CBC6D6F5A46DA01 Session-ID-ctx: Resumption PSK: DDF5F0BA7DBE110A831D2E213899BF9D4B4F935E634DD70A6B2B0C8CE896D864E1492D7DCB01656590775803C63E8965 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 6f e3 4c 6c 74 f6 ad 9d-79 ef a1 9c 86 dc cb 4d o.Llt...y......M 0010 - 4d 05 0d 3d 0c 63 49 ac-28 1f db 42 5e fa 8b 3e M..=.cI.(..B^..> 0020 - 31 46 8b d5 1d b6 d3 53-77 cf 84 81 30 b4 c7 fe 1F.....Sw...0... 0030 - 18 e5 38 38 8a ba 0e f4-6b 87 cd 82 9e 14 98 e5 ..88....k....... 0040 - 7a 3c ed f7 ec ff 38 2a-8b 08 81 ec f3 c6 3f c4 z<....8*......?. 0050 - dd 10 6b aa 6d 9c 3e 79-e4 25 fc 1e 75 a7 30 9e ..k.m.>y.%..u.0. 0060 - 8d fd 6a 8d 2b 8f b7 55-71 72 fc 46 41 15 29 6c ..j.+..Uqr.FA.)l 0070 - ed 49 29 58 71 2c 25 c7-4f 61 8c 5b 73 54 5a ed .I)Xq,%.Oa.[sTZ. 0080 - e0 6d cf 40 7a 1b 37 2b-d0 04 75 a1 a4 49 6e 64 .m.@z.7+..u..Ind 0090 - 3c 32 98 79 d7 ee 15 3e-29 16 a5 d3 c8 23 58 8c <2.y...>)....#X. 00a0 - 17 45 d2 94 70 09 c1 dd-15 a6 ae 39 a8 c8 11 af .E..p......9.... 00b0 - 19 a0 a3 50 d9 25 8f 4c-4f b2 57 53 40 95 97 e0 ...P.%.LO.WS@... 00c0 - bf e9 53 1b f2 d9 d4 3b-2e 01 38 fc 07 45 e6 24 ..S....;..8..E.$ Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4049F4F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIOQv/R94mft0rXlR7glhD5ABcO5ccuKP5aMvQfs9CRw/ BDDd9fC6fb4RCoMdLiE4mb+dS0+TXmNN1wprKwyM6JbYZOFJLX3LAWVlkHdYA8Y+ iWWhBgIEZ7P116IEAgIcIKQGBAQBAAAArgYCBAl+7zezAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 18 02:52:07 2025 GMT; NotAfter: Mar 20 02:52:07 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUIYt0FTfAyg3VtB56ulL/WeW6wJcwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDI1MjA3WhcNMjUwMzIwMDI1MjA3WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgw7B+Iv/v4OZTuW8UQU0 CfzOQtyf4+mpxUza5kppOJVPx7cnODlbmpEK95JVpj5yxSL6GJyDRhf2OTj33PZZ i/p2UbT2USkf8OodZrZspxBHQ0N8jPMCcVgceiRE492kurz8mjbuqRj7AioppTWn xCWtRIxY0O6PlyApelhDyTx89Q8YNHzb0gw3RALGr30we91+AnbzMVapw/QU0dJj Ny1FcuuhKas/YqVScB8ClXbRUfjR9L7ULB+Pm/H5ThkShz0BVijiFDLmbZzztG3b YdHmriP7b5fsbGjzOZrUubMJDXX86dpwwaC+9s1Dhzyb8mpoTEnbkihafT/fXYuj JBeeHmiuko6CCaD6T3hi2eG7xJLOUlK/Ht5h4cmQA0TgCS1VECDeNbEHWGkatwtR mIKt+oJWhRxXj8GpY/uGWZ0dn+ViIDcSSJ346GumMDNeAN8oZHXu2cAZl+1nmhQd 3XvLllHhp7/OH/k1m/Dw/1yESILGSsCkqKOCDwFe5XOUp15eRQIDAQABo2kwZzAd BgNVHQ4EFgQU+gVXXDs3tPVFJSehn0BJRsGwHugwHwYDVR0jBBgwFoAU+gVXXDs3 tPVFJSehn0BJRsGwHugwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAm7NN8RuCj0em3gamum+OxWcmpscRg2 9WhWBoDRIBE3HCrRFVvOVxmemWjCjtxlVGrh2Fzo8ypVAtNmS3//Ooja9Z53rqp5 k0mVl58a8zgJdUYjzLCSwOcBynNCMfrhMLL3NiJgrz2G9rcPwG2yQMSQGqNXNpaE F6bDubAupWM68iRv3xR2YiQ+Uz/h4z2gnzPFs4G45PRoA9bmmM5PucfFDI5wrbnJ t/01wu8qrmru4r8j4cGDzAhjULNP7IjufaddNlaINU93+gOpwJkwMJHhtdl9rRqc VwWJtvcp8PW3vmWu233ZJkDs7384R7O0Y8VCUONja1fi2x+uSEFBAxWGwRF7XVPt gyNljeDvDwoas7jw+pB903p9omWTpvpWFjN1yst0cMH9IbtKaCYxbGd0kGt+ZwSS oj5naGOhqdC982nSMpad50Ia09i5I8Hq7CLujL0L2wktCWBS6kFdSVskDH9A2lvP Di7ZuFTH+8qOdosNYoklDy31nC48dn0x7gsk+w== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 06AF6D18D0A44368A518913AE08571B0DDDC7449C83D976A26C1AA221415BF7E Session-ID-ctx: Resumption PSK: 878AF24EAC558439125C3F83266969E9017D07B0C096AC034D6F6AFDA90A14B2A9C4CA4481F37BCF4FEE905B85D14071 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8b 64 52 4f a0 6c 93 fc-e2 aa cd 5c 32 26 62 de .dRO.l.....\2&b. 0010 - 87 e7 77 33 87 16 30 a5-22 01 0c 32 62 72 7e d4 ..w3..0."..2br~. 0020 - 1e 25 19 09 6b 87 3c 9d-41 33 e6 7c a6 5f 15 9b .%..k.<.A3.|._.. 0030 - fa 73 93 0f 33 1f a0 d0-8b 51 57 2e 12 88 bc 0c .s..3....QW..... 0040 - e8 31 f3 60 e0 ae 62 e4-99 b5 70 05 22 36 54 36 .1.`..b...p."6T6 0050 - 0d 26 1f 87 a6 6e 3a 86-16 e3 b4 bd 3e 8b dc 1c .&...n:.....>... 0060 - 59 7b 45 53 1e 0d e9 90-f5 81 7a a7 d1 49 b1 10 Y{ES......z..I.. 0070 - 05 f7 f7 6f e2 20 3d 97-06 03 7c 33 cd 0b d1 66 ...o. =...|3...f 0080 - 80 76 4e 9b a0 fc 1f 2c-44 70 c9 08 7c cf a0 d1 .vN....,Dp..|... 0090 - 29 47 de 2b 74 86 bd 11-d2 00 d7 20 ad e5 4a 6c )G.+t...... ..Jl 00a0 - d6 99 93 30 5f a7 98 b5-b6 0d c3 05 e4 dd 6c 17 ...0_.........l. 00b0 - 6a 20 3a a2 af 9a a4 07-8d a5 58 93 5f fb 06 eb j :.......X._... 00c0 - 2c 6d db d9 c8 7e a6 49-43 47 87 45 4e 89 6a 8d ,m...~.ICG.EN.j. Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0EEF4CF21E52155CD67B2479DD8992A2ACCC5866924275CA3FE139090E3E67FE Session-ID-ctx: Resumption PSK: 5C03B20AAE966501A0C5767DD2A46B873DAE0FCABAF0078F9FEB1200BC97462CB26822712ED3CDB4D62FA77E2E070D74 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8b 64 52 4f a0 6c 93 fc-e2 aa cd 5c 32 26 62 de .dRO.l.....\2&b. 0010 - 4b f2 13 e2 ad 4d 80 57-0a 14 27 67 fb 61 ce 45 K....M.W..'g.a.E 0020 - ff 41 c4 a2 7d 55 79 8b-54 f5 43 84 05 21 92 7a .A..}Uy.T.C..!.z 0030 - 06 61 ad 86 06 49 65 e5-a2 55 fe 6e c0 6d 93 b5 .a...Ie..U.n.m.. 0040 - 55 bb 07 23 66 54 b9 ca-1e 53 4f 5f f4 26 73 26 U..#fT...SO_.&s& 0050 - 64 f8 86 f1 90 35 64 ad-5c 59 2d 01 e3 3b a3 97 d....5d.\Y-..;.. 0060 - b6 ba b4 ec 60 f3 30 a4-72 41 14 09 9e 1c d9 47 ....`.0.rA.....G 0070 - 1f 90 7a 9d 18 3b c3 fe-b7 3c e9 0f 36 bc 1e f9 ..z..;...<..6... 0080 - fe 82 7d ea 5e 24 b3 97-39 d4 cf e1 1a d7 23 89 ..}.^$..9.....#. 0090 - ec f6 c1 14 4a 88 68 c6-50 cb 42 96 c5 a3 41 37 ....J.h.P.B...A7 00a0 - 50 59 6e e4 5a dc 32 a9-63 80 82 ce f9 88 d7 9d PYn.Z.2.c....... 00b0 - da 21 d2 7a 71 46 ff af-52 67 c0 ae 55 9b 71 98 .!.zqF..Rg..U.q. 00c0 - d9 6e 3a 95 85 f8 c8 73-ed 60 58 d3 c7 84 ce 82 .n:....s.`X..... Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40F9FBF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIOkqw3lIfIxWO1qEJnUk5VJW/t1tPJlNVFbAKI0KvcZT BDBcA7IKrpZlAaDFdn3SpGuHPa4PyrrwB4+f6xIAvJdGLLJoInEu08201i+nfi4H DXShBgIEZ7P116IEAgIcIKQGBAQBAAAArgYCBBh5XOGzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1002 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C1516C112FAA102B0B9CA733A958660CA511BE8ABD5220629E4F6C321D796156 Session-ID-ctx: Resumption PSK: 985D5BABA681D89D532988AD6D6DCF89B1CA1088117F9E84761D1BF891E007D810FFFFC00725915191F48B3BD6ACA9DC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 05 b3 e8 44 2f c6 b0 5f-53 b6 9a 51 6c 77 ba c8 ...D/.._S..Qlw.. 0010 - a3 55 5a 28 a1 19 92 da-b2 f1 83 e0 89 a8 5f 20 .UZ(.........._ 0020 - 17 60 18 fc 4f a0 9a 7b-e2 b1 65 19 34 11 a6 24 .`..O..{..e.4..$ 0030 - 0a a2 06 4e 78 3f ee 19-06 af 57 8d d1 3f 2f 12 ...Nx?....W..?/. 0040 - 3d d6 04 3c 58 90 5b 9e-8a fa af e6 6a ab bf 9f =..j...H.. 0020 - e5 a9 85 5e ec d6 7e 2c-3d 40 ad a0 c8 65 d2 75 ...^..~,=@...e.u 0030 - de 71 be 53 7b a5 ca 3e-f3 e3 c8 73 8f ba 1a e4 .q.S{..>...s.... 0040 - 1a 09 3e 8a 95 5c cc 99-70 93 45 d8 e8 36 31 46 ..>..\..p.E..61F 0050 - 9c 5f 71 75 a8 33 94 f3-ad 34 d3 dd 3c 19 82 52 ._qu.3...4..<..R 0060 - 3b b3 2a 00 b5 92 85 4f-9b 78 a6 6d 46 93 54 2e ;.*....O.x.mF.T. 0070 - a7 9c fd c2 c9 57 df c8-89 64 2f 26 70 b8 30 b9 .....W...d/&p.0. 0080 - 76 91 06 b0 3b a7 ad e6-21 0a 22 7e b9 8b 16 40 v...;...!."~...@ 0090 - d3 96 54 f0 1a 25 f9 a6-92 ee d4 a7 3c 73 8c 0d ..T..%......... 00a0 - 77 b7 09 08 8e 84 9e a7-ad 80 3f 1d d7 96 02 1e w.........?..... 00b0 - d7 93 47 8e c2 0c b1 31-7c d5 12 42 d5 99 88 77 ..G....1|..B...w 00c0 - 06 43 fb 1a d0 6a 8c 91-98 a4 86 0a 81 51 5b 19 .C...j.......Q[. Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIFMK326ANQIN0yUUjUnOFZyROiH25Zmtzcqf3TQLtUT8 BDBV45vgfGSnu1AqEw9jObLbVfhLF67Jp+b5110nWz5fCZFfzSPgwOF3BDamTAWF bf2hBgIEZ7P116IEAgIcIKQGBAQBAAAArgYCBHnKHA2zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:45 2025 GMT; NotAfter: Feb 18 02:51:45 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ1WhcNMjYwMjE4MDI1MTQ1WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMibT5+Wq6HP9+NbiyefCeRwSjkdbXuOk+av MGqYmLjFumJz0wbSrLiBZuKWcp8+Mh/6u9ghwS3YgBt9aqL9zV6nJcsiCrmWmFoT iuca8UxT8k8rDNxXuMvoiXiSk2BeAz2VW9JxaOf4cFDhIfWiD8BBzY8I1FvrmABq vULZhXZbASFdQwEG3lK4BvUmoqSpt3/YApHBu+NCPiJayRmIWHeQSEmb686VB+JJ bh/GPGEaeOgQ5IW6JOvyl4O0w6/N/RFeRWIffxct5fBz7LS3JSgH1KclqfFpaGo/ Pbky9t+k+XpwXEezUYJ5+Pc74ZXWc2DuJWSUHvRBbT182heImlcCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRGznZuVArm2xtt5Ihzc5dJOwfpDjAf BgNVHSMEGDAWgBQEazVkeMapL6mib1bDPN9EjMCYdjANBgkqhkiG9w0BAQsFAAOC AQEAksVbU9qI9rgJ6I/UWyIwlq0Ay0KMVfcvI1OUd91PeCNO8h7H3IffOgs2plse jDuMgsgpqlNv43b2pUDj3BvxepQM+4XNAPTOCe+Hq7leXlTgyEewtodEbrl4WmWJ QlZ8dVqd7v0vI9n2i4Kf2RnzuuZBaFEHeJuGLdX0TOvro+0Otl0FIaULk3d8IkMg eSiHDAGvGWFqfcDHG/aKEnsHCM8WfdcEIS4isImWU6XMyH1tQuiOEdz6PYxG0p/w gX9M00tyPPm5a03LwA3FTXOCv5tGcQ/fF7dsngcj/e8Zy+ff/AupuoV7JaSvXvzW VnMRgaIisTf7THfr597voRbwBA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: D8A524CA899E4F6E4BE048DDF3CBCEB5DF26D05211327A2F60E63E32B0779DBC Session-ID-ctx: Master-Key: 7F390375251A468E25E0B1EE535E6B97AC08B483E191F17DB3885AABFC4819EFFB741F611DDA12EE785F8AFEFDBB0DAE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 03 7e ba 82 a0 25 8f 77-c9 39 f8 0d 26 95 31 37 .~...%.w.9..&.17 0010 - 1d 05 9f 09 23 87 e6 d0-ce 28 54 c7 c8 5b 8d 7a ....#....(T..[.z 0020 - f1 69 d8 57 f7 5e 44 91-58 51 94 8b d7 27 bf a7 .i.W.^D.XQ...'.. 0030 - 4a 75 a3 68 ee 99 13 96-34 bd 08 ad 0b 96 b4 a4 Ju.h....4....... 0040 - 18 ea 89 05 13 6c 84 63-d0 4e 8b 65 e9 0f 4f 1d .....l.c.N.e..O. 0050 - d4 fd 76 05 88 49 80 d3-35 83 7b 1f 1f 25 35 43 ..v..I..5.{..%5C 0060 - c4 37 c6 c2 e8 02 b9 40-71 f1 82 dd ee 4a 90 3d .7.....@q....J.= 0070 - 59 4f 25 60 b7 4f 3a 21-97 b5 32 f1 4d c7 ad 35 YO%`.O:!..2.M..5 0080 - 6e 67 94 b9 0f ff d9 c5-e0 16 36 3a a9 0b 00 e8 ng........6:.... 0090 - 96 2a 08 01 ca 4e d1 33-77 96 e4 c4 9d 9e 5d c8 .*...N.3w.....]. 00a0 - ff 2d 30 3d 64 8f 86 dc-f5 0d 41 18 0e f4 42 e0 .-0=d.....A...B. Start Time: 1739847127 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4089F2F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDB/OQN1JRpGjiXgse5TXmuXrAi0g+GR8X2ziFqr/EgZ 7/t0H2Ed2hLueF+K/v27Da6hBgIEZ7P116IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:45 2025 GMT; NotAfter: Feb 18 02:51:45 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ1WhcNMjYwMjE4MDI1MTQ1WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMibT5+Wq6HP9+NbiyefCeRwSjkdbXuOk+av MGqYmLjFumJz0wbSrLiBZuKWcp8+Mh/6u9ghwS3YgBt9aqL9zV6nJcsiCrmWmFoT iuca8UxT8k8rDNxXuMvoiXiSk2BeAz2VW9JxaOf4cFDhIfWiD8BBzY8I1FvrmABq vULZhXZbASFdQwEG3lK4BvUmoqSpt3/YApHBu+NCPiJayRmIWHeQSEmb686VB+JJ bh/GPGEaeOgQ5IW6JOvyl4O0w6/N/RFeRWIffxct5fBz7LS3JSgH1KclqfFpaGo/ Pbky9t+k+XpwXEezUYJ5+Pc74ZXWc2DuJWSUHvRBbT182heImlcCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRGznZuVArm2xtt5Ihzc5dJOwfpDjAf BgNVHSMEGDAWgBQEazVkeMapL6mib1bDPN9EjMCYdjANBgkqhkiG9w0BAQsFAAOC AQEAksVbU9qI9rgJ6I/UWyIwlq0Ay0KMVfcvI1OUd91PeCNO8h7H3IffOgs2plse jDuMgsgpqlNv43b2pUDj3BvxepQM+4XNAPTOCe+Hq7leXlTgyEewtodEbrl4WmWJ QlZ8dVqd7v0vI9n2i4Kf2RnzuuZBaFEHeJuGLdX0TOvro+0Otl0FIaULk3d8IkMg eSiHDAGvGWFqfcDHG/aKEnsHCM8WfdcEIS4isImWU6XMyH1tQuiOEdz6PYxG0p/w gX9M00tyPPm5a03LwA3FTXOCv5tGcQ/fF7dsngcj/e8Zy+ff/AupuoV7JaSvXvzW VnMRgaIisTf7THfr597voRbwBA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DEE1E6069C99F0CA6FD784B9FE9DC3409F5D22A26C5830617196D687C82B1F4C Session-ID-ctx: Resumption PSK: 6F0FB348B8B81530FD09606716F244A57FF5B9D9E0119000BDD1979EE2597E3A782F7D56DC4A1A90B92D4A274E176E54 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 38 da 89 b6 0a 73 9a 41-bc 57 c1 c5 35 c7 74 c1 8....s.A.W..5.t. 0010 - 16 4f 7f ad c0 ba b5 86-44 95 f0 af 0f b0 07 8e .O......D....... 0020 - 12 5b 47 8e 36 2a 07 ea-6d a0 97 2c d7 f8 7f 77 .[G.6*..m..,...w 0030 - ce 6a 80 29 09 fa 50 ed-a1 e0 7e ba 85 d8 e5 b3 .j.)..P...~..... 0040 - 39 e6 25 fc 15 28 67 43-ab 1a c6 bf fc d5 ed da 9.%..(gC........ 0050 - 66 21 14 61 fb 8c 5f eb-11 55 8a ff bd 5e 98 1d f!.a.._..U...^.. 0060 - cc 45 94 f9 bb 86 bd 75-e9 bd ab 51 51 5b 19 6e .E.....u...QQ[.n 0070 - 56 5d 73 59 30 e9 af 85-c0 1b bb 55 5a e2 3f 49 V]sY0......UZ.?I 0080 - 1f e6 c6 fa 19 45 d4 80-d8 8e 91 a7 20 c2 e1 2f .....E...... ../ 0090 - eb be fe 06 91 4b f6 0d-4f 73 53 f5 99 ef 83 be .....K..OsS..... 00a0 - 21 52 b5 dd be 16 ff 98-99 cd 7d ea 8c 8a 2d b8 !R........}...-. 00b0 - 6c 7d 07 59 67 b7 25 b5-69 5b f3 60 a3 24 5d 02 l}.Yg.%.i[.`.$]. 00c0 - d2 ca 5b 52 11 9a df 70-95 e1 c0 de 78 c1 cc 4d ..[R...p....x..M Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 53DD0427350A775C4ECAFAD9C405FAF1423230EA24F859F27198D5E64D48A0B1 Session-ID-ctx: Resumption PSK: A7D3F67F17B224B9C6672A3551FF21CFF234A135CB420DA2478CC11857B484F74DBBA0894EB95F4E3A186498245DCF42 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 38 da 89 b6 0a 73 9a 41-bc 57 c1 c5 35 c7 74 c1 8....s.A.W..5.t. 0010 - 45 6f 41 1e 7c cd e0 09-a7 5c c3 7c f8 4c db 3d EoA.|....\.|.L.= 0020 - 04 a0 e8 b7 a4 9f 2d f4-84 78 57 83 b1 ba 59 98 ......-..xW...Y. 0030 - 7c 1e 37 93 ef fb 73 f1-c6 a3 b1 99 d9 fd da 17 |.7...s......... 0040 - 10 51 86 e2 e2 bd ab cf-17 f7 e2 5e c9 20 33 a1 .Q.........^. 3. 0050 - 34 1c ce 9c 13 09 db ac-df 9d 84 24 c6 99 fd 1e 4..........$.... 0060 - 74 7e b4 6c 95 8a 38 9c-4e 04 3e a6 4a 13 15 7c t~.l..8.N.>.J..| 0070 - cd a7 e7 5c d9 a2 95 09-69 da 9c 79 d6 9c ea 30 ...\....i..y...0 0080 - e9 7f 03 d1 8c d3 e8 c8-4e de 52 b6 ca 0c 8e 55 ........N.R....U 0090 - bb 83 0d 4f 0e 2e e5 52-1a fc 70 46 99 f6 df 77 ...O...R..pF...w 00a0 - 61 5f b8 8e 4e 84 28 4e-c3 ff 19 cd f8 bb 12 ba a_..N.(N........ 00b0 - b4 d9 74 ff ca d1 0d d6-03 52 b7 d4 5f 08 03 98 ..t......R.._... 00c0 - f4 a6 62 ce c3 0f 3c 22-a9 d1 cb 49 d8 fe e7 a0 ..b...<"...I.... Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4049F1F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIIAs9oMXnXNWhL+qgjLcp/z8YO2xP/EGTn3Y1K91xBt9 BDCn0/Z/F7IkucZnKjVR/yHP8jShNctCDaJHjMEYV7SE9027oIlOuV9OOhhkmCRd z0KhBgIEZ7P12KIEAgIcIKQGBAQBAAAArgcCBQDcrQTBswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 884FA54E2DA3B5ECA20BD9EA36A17EDF09BF2ED9258E5D45EC4BB8E9B4DA9D2F Session-ID-ctx: Master-Key: AA31E7DB7A93451111806FA69D2B18150502D54A542AA3BBFAD70AF6BC1B85436470F5A92FFB82F21302669159833ED5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f5 ca fc 0f 5f 1d 4e c6-4c d2 56 01 51 b4 b1 1f ...._.N.L.V.Q... 0010 - f9 63 a9 30 05 16 ee 92-06 7f 44 f1 c7 4d 83 60 .c.0......D..M.` 0020 - 27 06 74 2a 1d 44 c6 72-41 06 ed 1c e7 e5 7b 75 '.t*.D.rA.....{u 0030 - 7e 5e 19 e6 87 b2 15 e9-b8 c2 bb bc 39 f6 84 e3 ~^..........9... 0040 - 97 47 6a 6d b5 d9 d5 9d-da b1 b5 b3 30 95 96 bf .Gjm........0... 0050 - f6 9c 9c a9 97 c0 0f 29-bb cb 72 a4 c1 f6 38 1b .......)..r...8. 0060 - 79 8a 66 d5 e9 fd 1c 51-1a bb 5a 13 f2 6f 9a a5 y.f....Q..Z..o.. 0070 - 31 d8 b2 f5 42 52 81 27-e3 58 c4 89 73 34 88 38 1...BR.'.X..s4.8 0080 - 2d d6 ae 19 a6 f4 84 06-27 74 57 42 b7 ae f2 e1 -.......'tWB.... 0090 - 37 7e 7c c7 59 c5 16 bc-2e ee d5 3b ba de a9 f7 7~|.Y......;.... 00a0 - 15 ba 75 c0 ae c8 12 d7-2a 48 be 6c ff d5 b7 04 ..u.....*H.l.... Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 0087EEF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDCqMefbepNFERGAb6adKxgVBQLVSlQqo7v61wr2vBuF Q2Rw9akv+4LyEwJmkVmDPtWhBgIEZ7P12KIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: BC8C219753BAFC6807D8A30646DD2D706413A53DE939436285A49FB3B994A2B9 Session-ID-ctx: Master-Key: A4F8CFCE120F069ECE594C054329B7D6B367AB5ED009D43FBB76A59D6F780EBC47BCC5BF8CEAE1548D3E7CFDE26C0BB6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 18 44 4d dd 03 d0 05 5c-02 21 08 43 03 51 b6 cf .DM....\.!.C.Q.. 0010 - a5 71 64 f1 d1 28 87 92-21 33 62 de 7e 93 c6 1a .qd..(..!3b.~... 0020 - 63 60 06 e8 c3 4d 2a e2-49 a6 80 43 96 b7 cc df c`...M*.I..C.... 0030 - d1 a2 4a 8d 48 ff b9 26-07 12 83 6b 20 18 b2 d8 ..J.H..&...k ... 0040 - e9 4f ab 74 0d 71 94 0d-00 26 5f a9 07 01 23 26 .O.t.q...&_...#& 0050 - 79 94 78 1f 47 5d 0d ac-3f 47 05 be ae de 62 ec y.x.G]..?G....b. 0060 - c8 25 3e 71 4a 98 21 27-51 64 a3 79 68 71 91 ce .%>qJ.!'Qd.yhq.. 0070 - f2 5f bd 7c 65 c2 47 f2-5e 80 be 19 ee 96 1f 12 ._.|e.G.^....... 0080 - d9 c9 70 24 c9 dc 0f 55-d2 ce 90 3a 60 ff 46 2c ..p$...U...:`.F, 0090 - 94 4f 34 a5 f6 a4 d5 09-61 fe 47 2f 11 93 74 a4 .O4.....a.G/..t. 00a0 - 95 bd eb 6e 84 88 d2 bc-d0 f9 fe 00 56 30 cd c4 ...n........V0.. Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40F9F0F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDCk+M/OEg8Gns5ZTAVDKbfWs2erXtAJ1D+7dqWdb3gO vEe8xb+M6uFUjT58/eJsC7ahBgIEZ7P12KIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1059 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 5D34E22A1843B8D75D524D54578176517E87186395205090F46773C741AB2BCB Session-ID-ctx: Resumption PSK: 0AF730827309AA58D33CD493030797BFF6384DBE27F2EF5A4BC5231A7B8C5D42521FC316A355AEEC327DE4B46C9699A3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b2 97 79 22 43 f9 f1 3a-0e 08 29 4d ea 8f de 47 ..y"C..:..)M...G 0010 - f9 38 01 73 0f 11 90 4b-92 21 8e bc 80 fe 72 8d .8.s...K.!....r. 0020 - 93 b7 e9 c7 aa f4 23 a8-c4 3a 51 8f 12 c0 19 25 ......#..:Q....% 0030 - 95 7b 44 ee 81 3f 32 cf-bf b2 f5 77 6e 3c a7 54 .{D..?2....wn<.T 0040 - d9 fc 7a 8b a3 1a 9b 5a-9a eb 3a 66 89 ce 00 14 ..z....Z..:f.... 0050 - c9 c1 6e fd a2 9f 65 99-10 a1 ab b7 18 13 fc 08 ..n...e......... 0060 - 3d d1 93 64 1d fc 2b da-d2 80 73 86 76 15 17 29 =..d..+...s.v..) 0070 - 02 dc 59 1b 93 6e 9c 7c-fc 8a c5 44 4c 6e 8d 95 ..Y..n.|...DLn.. 0080 - 44 87 c4 58 d8 65 29 d0-af 18 9c ab ef 99 24 82 D..X.e).......$. 0090 - 6d f5 81 bd 0c 0a d0 cd-a7 96 72 8b 2e 0d fd 16 m.........r..... 00a0 - 4e 6d b6 d0 68 72 dd f8-a8 4c a9 1e 4f bf 17 d2 Nm..hr...L..O... 00b0 - e4 1b 5d 50 33 76 be 48-63 78 7f 99 45 ec e9 5a ..]P3v.Hcx..E..Z 00c0 - fc 45 6d 94 b9 83 f9 ac-b7 da c7 4c 05 d0 7f 26 .Em........L...& Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2435C7F6E7E7890DC51694E2167C02EE49B2CEEA0260D5A1A2CEE62557FBC714 Session-ID-ctx: Resumption PSK: F161A6CF0E1B8B93B0382740D2A4A8A82AE14312A79C8806F01B1021BCF527D0273CED6D84FF0256EC5921F39F165170 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b2 97 79 22 43 f9 f1 3a-0e 08 29 4d ea 8f de 47 ..y"C..:..)M...G 0010 - 06 a3 21 07 5a df 03 cc-af d3 87 b0 41 87 15 2f ..!.Z.......A../ 0020 - 30 bf ef e6 f3 27 43 2c-16 e1 2f fb bf b1 7e c8 0....'C,../...~. 0030 - 29 75 53 d1 da 9f f9 73-ca d6 c9 45 68 8a f4 96 )uS....s...Eh... 0040 - 76 cd 47 d4 ad 19 cb 08-b2 02 1d 4e 72 74 3c 4d v.G........Nrt 00c0 - aa 99 a6 5a 5b 26 79 d7-88 8d 79 bc a0 de 6e bd ...Z[&y...y...n. Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4049F0F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIApgt5kCYFbOe9IU9vXav1nW9Fq0DmWHByknE45b5gJG BDDxYabPDhuLk7A4J0DSpKioKuFDEqeciAbwGxAhvPUn0Cc87W2E/wJW7Fkh858W UXChBgIEZ7P12KIEAgIcIKQGBAQBAAAArgcCBQCnEDwRswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:45 2025 GMT; NotAfter: Feb 18 02:51:45 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ1WhcNMjYwMjE4MDI1MTQ1WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMibT5+Wq6HP9+NbiyefCeRwSjkdbXuOk+av MGqYmLjFumJz0wbSrLiBZuKWcp8+Mh/6u9ghwS3YgBt9aqL9zV6nJcsiCrmWmFoT iuca8UxT8k8rDNxXuMvoiXiSk2BeAz2VW9JxaOf4cFDhIfWiD8BBzY8I1FvrmABq vULZhXZbASFdQwEG3lK4BvUmoqSpt3/YApHBu+NCPiJayRmIWHeQSEmb686VB+JJ bh/GPGEaeOgQ5IW6JOvyl4O0w6/N/RFeRWIffxct5fBz7LS3JSgH1KclqfFpaGo/ Pbky9t+k+XpwXEezUYJ5+Pc74ZXWc2DuJWSUHvRBbT182heImlcCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRGznZuVArm2xtt5Ihzc5dJOwfpDjAf BgNVHSMEGDAWgBQEazVkeMapL6mib1bDPN9EjMCYdjANBgkqhkiG9w0BAQsFAAOC AQEAksVbU9qI9rgJ6I/UWyIwlq0Ay0KMVfcvI1OUd91PeCNO8h7H3IffOgs2plse jDuMgsgpqlNv43b2pUDj3BvxepQM+4XNAPTOCe+Hq7leXlTgyEewtodEbrl4WmWJ QlZ8dVqd7v0vI9n2i4Kf2RnzuuZBaFEHeJuGLdX0TOvro+0Otl0FIaULk3d8IkMg eSiHDAGvGWFqfcDHG/aKEnsHCM8WfdcEIS4isImWU6XMyH1tQuiOEdz6PYxG0p/w gX9M00tyPPm5a03LwA3FTXOCv5tGcQ/fF7dsngcj/e8Zy+ff/AupuoV7JaSvXvzW VnMRgaIisTf7THfr597voRbwBA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6F42CD2A753D8DBF4FD31DDE07417C9B404735954A75AD7F2FF8391694FC2BEA Session-ID-ctx: Resumption PSK: 43C3A94FEC7E69C5C12D644331E929850CCD44141B598425864C894388715FF5CF97112E10EE08988D8EF02B24C0C9D6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 1a e8 41 e5 6b ad c2 b4-ca db 7a 2c 27 51 67 d7 ..A.k.....z,'Qg. 0010 - d1 ae c5 6d 78 08 9d 05-e7 8d 03 2b ba fe 33 46 ...mx......+..3F 0020 - 6f aa ee 18 95 af 76 fa-71 31 1b e5 62 fc ce fb o.....v.q1..b... 0030 - 01 81 f2 49 f2 74 0e 56-6f b9 9b af 8c db 7f 65 ...I.t.Vo......e 0040 - 44 f9 4f 46 5c 49 05 f2-90 c9 c4 3e 4b 5b 45 8c D.OF\I.....>K[E. 0050 - 00 12 47 a0 13 cf f8 b7-63 fc b9 fa 8e d5 38 28 ..G.....c.....8( 0060 - 09 8b 5b 33 b4 51 be 04-cb de cd f0 fd 7d b0 3b ..[3.Q.......}.; 0070 - f5 c7 4d 9d 03 1e c6 35-52 68 12 79 33 ad fc 84 ..M....5Rh.y3... 0080 - ee 76 a0 ca 3d 60 e3 5a-2b 7f a2 54 99 01 b5 f1 .v..=`.Z+..T.... 0090 - 7c 26 20 80 d5 e8 c9 1f-61 3b e9 24 2c bb 08 4f |& .....a;.$,..O 00a0 - 48 d3 5a 25 2f 2f 9a 1f-9d 64 33 12 06 c3 57 73 H.Z%//...d3...Ws 00b0 - 6f 0d 33 1c 9f f6 b4 9d-48 d5 e6 9a 6f fb 88 f2 o.3.....H...o... 00c0 - ba 6b 6d 7f ab cc 84 00-e7 ac 83 5a 40 2e 4c d4 .km........Z@.L. Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: BA3D91330F84AAF85F26A1ACDE061C986E97502382FA40B8F877E0E0BBB2317A Session-ID-ctx: Resumption PSK: 5D10EC694BFD12B2960B28C93912FFDF50B757D5E82BA0B7AFCE925D3C41561FEE0F94433502FA3266F8953FA43BBC4C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 1a e8 41 e5 6b ad c2 b4-ca db 7a 2c 27 51 67 d7 ..A.k.....z,'Qg. 0010 - 16 32 ba d3 ee 8e dc 11-4f 96 6b e5 60 ed ca c6 .2......O.k.`... 0020 - 8b fa 24 e8 14 b5 c3 f1-2c f2 47 69 30 c7 54 eb ..$.....,.Gi0.T. 0030 - a5 3e 25 23 87 97 94 bc-03 e9 ce 30 91 75 66 74 .>%#.......0.uft 0040 - d6 65 ff 2d bd 6f c3 44-64 55 a1 4e 52 1f f1 9a .e.-.o.DdU.NR... 0050 - 80 7f d1 7a 90 e2 df 9a-05 28 14 59 a8 31 b3 9a ...z.....(.Y.1.. 0060 - 5c 3a bf 6b 3c f3 e8 5a-6e ab 6d 3c b5 fc 43 b3 \:.k<..Zn.m<..C. 0070 - 95 b9 b6 a9 71 3a db 2c-2a d7 fb 7f 07 1e f2 71 ....q:.,*......q 0080 - 43 51 64 9a 70 e1 32 26-90 b6 7e 1d 3a 84 3e fd CQd.p.2&..~.:.>. 0090 - e9 48 d5 99 50 3b 70 0d-40 93 9c 75 c9 9e fa 44 .H..P;p.@..u...D 00a0 - c2 4f b4 12 f5 1c c3 2e-24 57 d5 60 db 75 57 5c .O......$W.`.uW\ 00b0 - 65 fe c7 1d 6a c6 a0 f7-7d 81 84 97 54 33 5c 49 e...j...}...T3\I 00c0 - 07 c0 d6 36 cd f1 e8 c2-01 1b 7c 7f 00 98 b2 86 ...6......|..... Start Time: 1739847128 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40E9F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIAS3MeT2wSOlogofUj2MX7lxBmy2La7Ql1AxjlSMF4SF BDBdEOxpS/0SspYLKMk5Ev/fULdX1egroLevzpJdPEFWH+4PlEM1AvoyZviVP6Q7 vEyhBgIEZ7P12KIEAgIcIKQGBAQBAAAArgcCBQCpk1qDswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 18 02:52:08 2025 GMT; NotAfter: Mar 20 02:52:08 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUbViz76sWNqyD7YI70tmEHZ91r/owPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDI1MjA4WhcNMjUwMzIwMDI1MjA4WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDWpv8fLs7KuCjsT3XR rwzWYXUgCirKe954B0sXSyJMPhKMbECCv3PXmp8PUREmElO4VlRoVXq54Om+hW1Q vB92nIi3V5WJqJ+m+vaoQlF5ZPNE2ES+RBaA0SBpEfqNhUlTYdQThn7hdqVZiIRQ YN/UvYQcQ/BtjgOXO1IhgzrdKdEC9WEYkgQ1mF4lOpGD0DK/aDbuaOkFmO1qvV9W 2lSAfoJOhF3Ec1ZFKeW1hnF1NmrfZwcdPTYDfw6W7NsI/96d1oCxfdXgAJDkyHNV DFojXdigyivbC0x5iDo/T48DJIGjd+GTMKvMr4FTLal3ZviSnUqe5rxHMhoMP4E3 UU0JAgMBAAGjaTBnMB0GA1UdDgQWBBRZ3SDJvnTrpKgdBGS8E3iHGEkc+TAfBgNV HSMEGDAWgBRZ3SDJvnTrpKgdBGS8E3iHGEkc+TAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAnh+KtG935qzy WBDIlOPnDcVATSGymB+OR6nYcHWtfC2HoqADrPRFUCpKVUYp9BNmrGyoBSRJnVt9 Xt3VebB1AcLsc+PYFjhtfgPCOQAjjxhks7OreR5oPzuzkIQe+ySGttG0cO7e7JI+ UhoePFhGs9x0CZs7tpZjZOVqlnroQslqvf5qg9eUil0gLB6NXI6s5pln1qSaN017 gcZFl9LkUwfiyZqqS4eLe71gxKxIKVbFPyLuxqXUjBmeMIU5g2cOfjCaqDds0DpP KeXtq/QlUwAXdSN2BrYlgO8rXCFVHxnXXM/sCUANZ62j2Mkqc/tq3QZ4NArrPh8S S8UbMSqZWA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2C68ED6A3F7B050F82D4AFEEC65B11764F81AB49E213D49E321C9969E6859AB2 Session-ID-ctx: Resumption PSK: 8E4D7D12DD5A086B9170E051C9AF269569F2A21C7E5100CD206AC3E36513A9F2605DC8801F310EA5B5F9B1CDD4E0ADD2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 35 b2 27 ee 78 20 92 23-31 40 59 1c fb 6f f6 fc 5.'.x .#1@Y..o.. 0010 - a7 11 04 b8 50 13 c8 b9-e5 36 87 f3 a9 a4 ad dd ....P....6...... 0020 - 1f 41 30 1a fc 12 ef 21-ab be ab 4e e2 06 18 bc .A0....!...N.... 0030 - 29 e1 cd 63 c5 26 2f f4-8a 5b f3 16 b1 46 77 f0 )..c.&/..[...Fw. 0040 - ea 6a 26 70 68 ee 0d ea-e8 ce 15 04 5a d1 a6 ac .j&ph.......Z... 0050 - 2d ec 9d 7c 53 b0 89 97-e4 98 ea c2 7f 9b dc cb -..|S........... 0060 - f1 61 c7 45 7f da e7 1a-1c 68 9b a5 7b 36 1a 47 .a.E.....h..{6.G 0070 - 4b f9 27 52 1c 9a d2 3e-ea af 09 a8 9b 0e 78 b8 K.'R...>......x. 0080 - 03 ce 9f 14 43 92 50 19-bd e0 bb 8e 14 40 c9 5b ....C.P......@.[ 0090 - 5c 91 de 06 16 06 5e 47-27 38 83 b5 72 f4 68 02 \.....^G'8..r.h. 00a0 - 69 e9 a8 11 1b 5a ba 0a-1f f7 c1 0c 1c 9f e7 55 i....Z.........U 00b0 - b2 59 88 c9 b1 b8 e2 83-19 55 7a 74 92 7c 3a 46 .Y.......Uzt.|:F 00c0 - f2 cb 7d 24 5f e1 f6 43-76 f0 56 ed 3d 07 12 d0 ..}$_..Cv.V.=... Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9CA7950136AFC11798C643C77EF03096A2F9726554A2E494D2B84F6B57FA29B6 Session-ID-ctx: Resumption PSK: 80CD90067B8903B10D6A34D7AAB1181712285923D63A948A22689FB6784769D214878A53200B427C0345A1E50C8BB920 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 35 b2 27 ee 78 20 92 23-31 40 59 1c fb 6f f6 fc 5.'.x .#1@Y..o.. 0010 - af b6 ec f9 f6 ef d9 97-de 90 10 60 7a a6 48 93 ...........`z.H. 0020 - f9 52 2c a2 e9 c9 e6 e6-eb 31 b1 fd c3 fd 7a 18 .R,......1....z. 0030 - 72 6e 1e 96 4b d3 5f 8b-17 32 16 5a 07 b9 51 34 rn..K._..2.Z..Q4 0040 - 3e 9e b5 7b e0 12 f3 26-09 27 42 d5 0a 9b 11 7e >..{...&.'B....~ 0050 - 38 38 e3 04 de 89 e5 18-78 75 78 62 7a 05 c6 41 88......xuxbz..A 0060 - b1 aa 62 22 c3 87 2d 12-2f 35 9f f0 8d d8 a9 31 ..b"..-./5.....1 0070 - 7b 42 1b 4b 64 4b a6 a8-e9 a8 3e a6 8f 9a 3c cc {B.KdK....>...<. 0080 - f8 ad e6 8d d1 c5 cd c1-4c 39 64 12 af ef eb 27 ........L9d....' 0090 - 19 cb 70 4d e2 70 fb f1-98 2f c4 83 76 88 d8 25 ..pM.p.../..v..% 00a0 - 86 83 28 0a 1e 45 c4 1b-90 27 53 58 45 9d 56 8d ..(..E...'SXE.V. 00b0 - 10 07 af cf a9 6a 69 ac-f1 7a 2e 68 90 15 b0 e1 .....ji..z.h.... 00c0 - 32 45 8c bf 4e 22 8e 1a-7c 50 ec f3 c9 7b 80 51 2E..N"..|P...{.Q Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEICVecS+1ofzcCHRq6ct4MqNBopXyvEXY4YKjtK3yYcvp BDCAzZAGe4kDsQ1qNNeqsRgXEihZI9Y6lIoiaJ+2eEdp0hSHilMgC0J8A0Wh5QyL uSChBgIEZ7P12aIEAgIcIKQGBAQBAAAArgcCBQDCWtyPswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS v:NotBefore: Feb 18 02:52:09 2025 GMT; NotAfter: Mar 20 02:52:09 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUDR9YXxFxSwoMwRJVL6Dlv0LW4b4wPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMjE4MDI1MjA5WhcNMjUwMzIwMDI1MjA5WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgw7B+Iv/v4OZTuW8UQU0 CfzOQtyf4+mpxUza5kppOJVPx7cnODlbmpEK95JVpj5yxSL6GJyDRhf2OTj33PZZ i/p2UbT2USkf8OodZrZspxBHQ0N8jPMCcVgceiRE492kurz8mjbuqRj7AioppTWn xCWtRIxY0O6PlyApelhDyTx89Q8YNHzb0gw3RALGr30we91+AnbzMVapw/QU0dJj Ny1FcuuhKas/YqVScB8ClXbRUfjR9L7ULB+Pm/H5ThkShz0BVijiFDLmbZzztG3b YdHmriP7b5fsbGjzOZrUubMJDXX86dpwwaC+9s1Dhzyb8mpoTEnbkihafT/fXYuj JBeeHmiuko6CCaD6T3hi2eG7xJLOUlK/Ht5h4cmQA0TgCS1VECDeNbEHWGkatwtR mIKt+oJWhRxXj8GpY/uGWZ0dn+ViIDcSSJ346GumMDNeAN8oZHXu2cAZl+1nmhQd 3XvLllHhp7/OH/k1m/Dw/1yESILGSsCkqKOCDwFe5XOUp15eRQIDAQABo2kwZzAd BgNVHQ4EFgQU+gVXXDs3tPVFJSehn0BJRsGwHugwHwYDVR0jBBgwFoAU+gVXXDs3 tPVFJSehn0BJRsGwHugwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAZGYvrB1+XURSNBaWPLib7pMPkfqDwl EGPJlB/RpNWToKZW62MwlQuI6CjPM6hh0ey7vq2edg+WEVUKnli99CzqpSTZqdsW h4C1G7HZObOhuWCDhJmNIAdLQr94npP5Qbjm5pqkOG8wLllqJOP2DQpHQd6VR0wg vFb7D4fathXid9CCIFZAohYlhbgTzaYDfKMwWZmySDTlhblN7P+5f4t22ME9kVGH qtEQF4ZxuJROwiOQVUQhf9MEuC5R1rxjR9+DnfoUPhSB34sTVLp37pOqtbMO8MxW p/xLZgn1VcIMY4z4taqOCxC325PpqgsGSnxj/WZkjXHAQlxie5i1gj+yF44dhDvN TxhaPVUlop7lOUg7Io3m/xnLLUwqUsApaHT37QDekQa63wDWOAljmBeHhInTe0Rw gW6ikfE0ckqmUCVzB8Jpn69TRrg06o9UHrZosNav4YwvVFdcQxJjbCxMSIQosPQw LCHuSiwcNQVFuuLMxP64zovyYzvPE33RP2ZK1Q== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 033450806F780274BF79333314F8660F40631F6AC583E64F38AF454C902EB080 Session-ID-ctx: Resumption PSK: 25285175A1756FEDCAA790FD21F5910C2DD7C1C915FE3C5F8B05CB6BA52749A01E91C5B723BE528CF275ADE53938E2C6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ad ad 94 aa 44 7f 0a fe-13 a3 6d 22 e9 ab 00 52 ....D.....m"...R 0010 - eb c6 ca e2 65 b7 7c 57-ee 63 09 70 00 e4 a3 ef ....e.|W.c.p.... 0020 - 75 17 5e e3 2b 60 b5 20-85 aa b4 7f e8 ea da 45 u.^.+`. .......E 0030 - e5 53 e8 37 d6 75 d2 bd-34 ff 37 25 be 61 76 da .S.7.u..4.7%.av. 0040 - c4 99 b1 7e 7c 2b 2f 77-c4 35 f6 87 b1 4c e2 89 ...~|+/w.5...L.. 0050 - 7b cf ac d8 7a 18 95 00-d0 fd 54 41 a9 e1 5a da {...z.....TA..Z. 0060 - be ee bf eb 8c ca 2d 43-70 26 3b 83 81 a8 35 2a ......-Cp&;...5* 0070 - 81 e8 9a 50 86 e8 c7 e3-3e 17 04 09 10 d3 a7 30 ...P....>......0 0080 - fa 5e 4c 96 6d d1 b5 02-ae a2 fe b6 d1 67 0d a2 .^L.m........g.. 0090 - ce 86 4b d7 57 df d8 cb-b4 27 15 30 9b 34 d3 06 ..K.W....'.0.4.. 00a0 - 95 78 23 73 e3 85 53 60-1e 98 c4 1a 10 af 92 51 .x#s..S`.......Q 00b0 - 23 91 29 87 71 79 1f 82-ef 28 14 f5 9c 80 9b 3b #.).qy...(.....; 00c0 - 58 bf 71 6f 9a aa 3a b8-3e 0e 71 cd 44 72 c8 5f X.qo..:.>.q.Dr._ Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9C874F34338BB7C145EE2F2A7B27F93195F01E9E41E9159EBE12AAC43FD484D4 Session-ID-ctx: Resumption PSK: 7C3FB07A06D5A77D141AE7F033C6BB85FA8AA63649913B335633F1C58F0C821A48916106A24502C9F3A532CE799528F8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ad ad 94 aa 44 7f 0a fe-13 a3 6d 22 e9 ab 00 52 ....D.....m"...R 0010 - 0d 18 bb 9f f7 5a 81 00-7e 63 b2 74 55 bf 8e fe .....Z..~c.tU... 0020 - 72 80 16 ae d2 39 30 49-7c e9 b6 6e 42 b3 3f 9d r....90I|..nB.?. 0030 - 65 52 95 66 9d 71 38 1d-37 3f cc c9 4d 41 49 ba eR.f.q8.7?..MAI. 0040 - bd bd 41 c0 f7 b2 b3 f1-67 3c 92 1e 87 fe 40 fa ..A.....g<....@. 0050 - 9d 2e 27 47 75 dc 9d 8a-87 e9 23 84 fe 65 4a 92 ..'Gu.....#..eJ. 0060 - f0 b7 cf 79 01 6d 93 6a-12 b2 eb 4d 5e d6 2d c4 ...y.m.j...M^.-. 0070 - 26 48 17 36 75 83 b0 3c-d1 91 3d 71 fd 4e 7b ac &H.6u..<..=q.N{. 0080 - 3b 69 51 02 80 65 77 72-88 60 dc e6 ba 0e 41 19 ;iQ..ewr.`....A. 0090 - 19 97 1a 85 0e af 61 5b-03 9c 77 5b 30 63 57 c8 ......a[..w[0cW. 00a0 - a8 fe 25 60 74 99 33 50-c9 6c dd 74 0f 70 65 44 ..%`t.3P.l.t.peD 00b0 - 6e ad 5e f3 d6 47 28 5f-7f 98 1e 65 10 3b e9 6e n.^..G(_...e.;.n 00c0 - d5 1e 96 ce 63 19 14 59-a0 cb 8e 7f 73 a9 e8 d6 ....c..Y....s... Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIHQTom8M4T7VG4+RW5UWQePpAKnaHvJeVIuKFINiZDrr BDB8P7B6BtWnfRQa5/AzxruF+oqmNkmROzNWM/HFjwyCGkiRYQaiRQLJ86UyznmV KPihBgIEZ7P12aIEAgIcIKQGBAQBAAAArgcCBQDzEG1aswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6634356C1F59B9F592C44DB2185C4DFBBD8ADC0AE0B3B99A0777A86630E56B1A Session-ID-ctx: Resumption PSK: 18113A79C1F2EDC51F2D7227C103B4229636E0D092D957466B4D3D9BFBAEE1A309B01DC9545F68894AE1F89700DCCDC3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 17 93 76 84 55 ba 02 0f-3f 19 26 d0 39 7c 97 6e ..v.U...?.&.9|.n 0010 - ea a2 83 47 e9 23 a0 a4-ec ff ea af 75 6c 08 2c ...G.#......ul., 0020 - a9 11 8e 04 10 4e 43 8e-ae 8c da 3d b8 19 55 d8 .....NC....=..U. 0030 - c8 4f c8 74 6e 15 22 f0-6c 27 b5 3b b4 80 b7 65 .O.tn.".l'.;...e 0040 - 02 ba b6 e2 46 fd 60 84-3e 04 7b 6e c5 e0 1a 47 ....F.`.>.{n...G 0050 - a6 a4 8e 5a 6b 76 73 e2-34 ba f7 6c a2 a8 c5 7f ...Zkvs.4..l.... 0060 - a0 60 d9 1b 91 92 15 3d-82 45 17 49 81 d9 44 7b .`.....=.E.I..D{ 0070 - ec 3d 21 45 3d 66 fa ad-d1 0f df 1b 7a ac c3 ee .=!E=f......z... 0080 - 7e d7 55 88 bc ca 4f 78-fe a9 76 90 71 88 2c 86 ~.U...Ox..v.q.,. 0090 - ab 22 f2 ea c3 d1 ea 6d-59 ad 94 f9 81 d7 c5 0d .".....mY....... 00a0 - a2 62 5b 71 3a 4d c4 cf-0f 77 b4 f4 bf b8 f5 19 .b[q:M...w...... 00b0 - 60 e4 85 e6 c8 05 a9 e2-46 be f1 6d 5d 1c 3c f3 `.......F..m].<. 00c0 - b1 2b 14 1f c7 00 09 a7-f0 49 f0 68 78 53 49 61 .+.......I.hxSIa Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 824764F0A5398DA62914896183F04016705098CE42D28E69EF29B00C30117460 Session-ID-ctx: Resumption PSK: 53D7C192BAF28B783E2791BB646A67BB8B934081032CF00C544B2C4A7DEC6BFBEAF17C956DEADC45DCD9313B35F72317 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 17 93 76 84 55 ba 02 0f-3f 19 26 d0 39 7c 97 6e ..v.U...?.&.9|.n 0010 - 90 4b 62 a2 22 b9 95 b3-6f 54 a3 de a3 06 87 9a .Kb."...oT...... 0020 - 04 d8 af ae 1c 50 f5 8b-8d c2 a8 bd 5d 6f ae 7e .....P......]o.~ 0030 - e7 4b cc ef 67 63 f4 8b-c8 8a fd 2a f4 a8 b1 65 .K..gc.....*...e 0040 - 9b ed 44 df 19 0f af a8-2d 7c 0c 91 7b 2b 32 e4 ..D.....-|..{+2. 0050 - 8a d3 9d 04 43 ba c5 c5-8a 7d fc 06 c6 da 35 90 ....C....}....5. 0060 - 01 6c 34 e1 25 43 28 68-fe 3f e4 a2 c6 bc 38 f8 .l4.%C(h.?....8. 0070 - 94 85 72 f0 63 4c a1 c6-06 7e 69 b5 29 92 29 d3 ..r.cL...~i.).). 0080 - 42 92 d0 9a 48 3a 66 3c-e7 83 34 6e f7 52 c0 0b B...H:f<..4n.R.. 0090 - 87 40 8a bc bb 6c 8b 2f-a3 3c b5 1e 10 06 14 94 .@...l./.<...... 00a0 - 45 46 53 a6 6c 23 7c 94-06 76 4c 3a bf 74 00 52 EFS.l#|..vL:.t.R 00b0 - 20 5d b3 de f7 33 13 78-e2 2d 51 07 60 85 2e ea ]...3.x.-Q.`... 00c0 - de a4 1c 50 48 70 3b b7-0b aa 56 09 b7 ee 5e bd ...PHp;...V...^. Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4049ECF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIGdsfVt7BRIjcoy1PQPI/29F/suMgN+4fVDkOKqazjow BDBT18GSuvKLeD4nkbtkame7i5NAgQMs8AxUSyxKfexr++rxfJVt6txF3NkxOzX3 IxehBgIEZ7P12aIEAgIcIKQGBAQBAAAArgYCBCmF+GCzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAJtaA9J0FFaA1ptQvyvyrD6W7Ux/5nSHJEYcn8eqNlXLo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFMREmHJ1G6Zrt8uIjSDJja8GX/FnMB8GA1UdIwQY MBaAFARrNWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQBE7wTf r489RhhUhAOeCr9u2vG+0ZyKTbAtwFtvQesYzNATB2s7eTFyzDchlY7H9jmSSxMZ 0YL4vKW6XdokSXUkeJc7QZyghKr6NovFGWF55fWBnc/dneFZus5HYv0mDDWLIpZ7 vb9wStStHpyTJvi5Lku8Xro7h7HbY6ecZI7YFBwKTO7ZsmpLuEMxJD+A9Xv5jK66 rdum6PfSy+SszvKbMbZEUhpT4jxN7kdgLfpqxSJZCRyFluYvNcjjJVI380kgrOMZ Z0A1Htq2RNoIcVd0DyBp59ErAbXPsK108Grn9m/t16m6k1gViQxMl12r1W61ghXE 6ktam7S8mzeVgQGG -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: Ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 93CE3DB81D2F0EA66D299DAD5B374A8652E4DBD5077EA26C69D94D75DCF77A60 Session-ID-ctx: Resumption PSK: E82F6D5981371025D326816C5EF9B7E6BA99F5918DA9A56AE40973EB55A9EC38CF74372B3367D5A1D542CD0B7BB40E33 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2d 9a f5 a2 2b 84 68 e0-43 ee 5e 14 f3 ce 40 d4 -...+.h.C.^...@. 0010 - 0f 3a 7d 90 74 51 d1 b3-c1 a5 df 67 f0 f8 42 5b .:}.tQ.....g..B[ 0020 - 1d 71 01 15 65 46 03 2d-e9 60 ef 16 2e 11 45 4e .q..eF.-.`....EN 0030 - 93 6d 91 45 a7 70 90 78-47 44 8d 07 c8 00 58 00 .m.E.p.xGD....X. 0040 - b3 6f f8 c3 63 3e ab f3-aa 61 88 9f 49 f4 82 04 .o..c>...a..I... 0050 - dd 4e 33 f9 a8 e4 43 0c-56 cd ff 1f 9b 8f f8 ac .N3...C.V....... 0060 - 84 a1 d1 68 9c ba 6a c9-40 6b 96 87 bb 44 dd 55 ...h..j.@k...D.U 0070 - d2 85 0e 1b 20 34 41 03-3f fc d5 f5 14 13 8b 35 .... 4A.?......5 0080 - ab 00 6a df f7 94 fc a5-8e 79 a1 89 ab a7 85 c6 ..j......y...... 0090 - 19 6d f3 64 f8 fd 2d 11-6b 18 6c 44 48 72 f4 cb .m.d..-.k.lDHr.. 00a0 - c2 5e d1 a1 41 b5 75 8f-3a 27 1e 25 b0 2f 40 75 .^..A.u.:'.%./@u 00b0 - bf 03 99 7f 4a 4f db 22-eb b5 77 c6 73 a4 35 f8 ....JO."..w.s.5. 00c0 - 09 57 94 36 e8 c5 46 a9-5e c4 ea f2 c4 fd eb 58 .W.6..F.^......X Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8426FC51F7C29AC001510D18499835DA2DCD9CB51BE9CE8478692B0AAEFAE03F Session-ID-ctx: Resumption PSK: F81B75066EC1B05FF8E6B10CF9EE073071AEC20CDD7E0E01D1EEAD41177AFB9DAB03543733702243A09A80890CA9D905 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2d 9a f5 a2 2b 84 68 e0-43 ee 5e 14 f3 ce 40 d4 -...+.h.C.^...@. 0010 - 14 d6 a0 eb 31 51 4b d0-0c 94 39 1e ac 3f f3 47 ....1QK...9..?.G 0020 - 41 7a 95 c0 34 68 49 1d-31 f9 70 c7 8e 4a b5 4e Az..4hI.1.p..J.N 0030 - 72 d8 7f bd 9b d6 26 16-13 88 59 01 ec b0 00 00 r.....&...Y..... 0040 - 15 a1 51 62 33 9f 0c 9d-3f d2 71 88 db 23 9c 6d ..Qb3...?.q..#.m 0050 - 7d 7c 34 64 a5 4f b9 63-e6 6f 03 ea c0 a9 e6 25 }|4d.O.c.o.....% 0060 - 17 21 ce c0 2b 70 ae bc-95 e1 60 3c 8b bb 7e 0d .!..+p....`<..~. 0070 - b9 7d 4c a5 11 2a 26 34-3c f1 e6 f2 f9 88 90 09 .}L..*&4<....... 0080 - 83 30 53 ed cf a5 44 74-f7 72 7a b0 71 9c 76 6e .0S...Dt.rz.q.vn 0090 - 15 6f 4f bb 70 fb 99 b1-4f a8 c7 11 93 a4 58 85 .oO.p...O.....X. 00a0 - e8 a6 10 b0 b2 36 dc 9c-e0 20 70 2c 27 59 4a c1 .....6... p,'YJ. 00b0 - c4 ae 49 e6 e0 2c df 12-1b b3 35 3c 87 05 35 91 ..I..,....5<..5. 00c0 - 5c 4a ec 72 1a 8c 88 1a-1b fc 9e 30 b4 67 1c 95 \J.r.......0.g.. Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4049FBF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEICB9frhJvdkOmfeJLdOQQ+Cxk2rw/ZY3rwZWQ9S3b+Ey BDD4G3UGbsGwX/jmsQz57gcwca7CDN1+DgHR7q1BF3r7nasDVDczcCJDoJqAiQyp 2QWhBgIEZ7P12aIEAgIcIKQGBAQBAAAArgYCBD3aqNyzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgA/nnMEFsIeEkxdeqgrmvJ9itq1BLruo+PpM4R5RKBVBEM7nvArsRsVtwTiEZF5 1ma/jB9RJY7DEICjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU/uuUFto9 BNBYTXbMoEroQwTLnsEwHwYDVR0jBBgwFoAUBGs1ZHjGqS+pom9WwzzfRIzAmHYw DQYJKoZIhvcNAQELBQADggEBADPi/xo2M6oFYyguIUzYar80L8RIn2JW/8rh4UNg MZv8j0wT+0tjYopba/RmFED8RTsbpVClSEVfVGUdjBnb1tLzOUxDQ403Weo4OVwD lZ4Sxc5AujbyPaQyy2M2DWBHi3lKw1zPAPXysGFmHivdmvtDI6Icx5DyITMynknp xyhwNWBAR7WJPew/kTaYq4N/2h3rkQS1mlJkAqXACP9u78uGkYezROoW85lrpQ1o whjH6NcLD6fCmI0zdphtBeS/Bn7HN6H9E5+pwDhoBk3+Jc+KlTMFuDc6dtbBIdGc v/kpAMSe1iT8A6YpAMQmwFISQS+z1zd8lKvgIn0JzOlJ5E8= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: Ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A9A4DAED9323C21C83C636B678B520D7B8490919E2D5DE8F1E21766EFD6387B5 Session-ID-ctx: Resumption PSK: A6C7254D0C9DDBE655A1B1B5EB72744F24DACF793C786B8CA511B0876565DBEB2C904EE9FA466DFBE46EA65F892D51EF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - cb 48 18 ad 76 a1 9a 9e-bc ca 34 88 39 fb b6 91 .H..v.....4.9... 0010 - b4 41 88 c2 f9 a0 e3 00-be a9 cd 8b 5d 5a 1f 43 .A..........]Z.C 0020 - 4c d8 30 56 d8 93 be b3-59 af fa cd 2f 51 96 c9 L.0V....Y.../Q.. 0030 - 67 8f 45 57 6d 3d 6c d5-25 74 8b b5 4d 89 45 f9 g.EWm=l.%t..M.E. 0040 - 62 02 24 59 d9 2d 3f ba-74 17 9b 8a 40 f9 c0 9e b.$Y.-?.t...@... 0050 - a6 b3 51 8d 59 df ce 97-d9 6d ab f8 5e 3c b8 1a ..Q.Y....m..^<.. 0060 - 00 5b 41 fc 51 b0 66 f6-61 68 67 d4 22 ca 18 52 .[A.Q.f.ahg."..R 0070 - cb 8f 97 9f 79 69 9b c3-ce e4 47 42 72 a0 0e ca ....yi....GBr... 0080 - c1 b3 5d 93 c4 a1 ee 7a-a7 1d b9 6a ad ed b0 26 ..]....z...j...& 0090 - 0f 1d 90 83 87 df fd 1d-f1 52 73 e9 a1 35 e2 94 .........Rs..5.. 00a0 - 06 df 4b a2 1f 74 da 86-e0 5f 46 98 65 0d 22 c4 ..K..t..._F.e.". 00b0 - 98 5b e3 2b 3c 6d 60 c6-2f 61 e2 89 be 4a 1f fb .[.+.jA. 0040 - bc ee 95 c5 15 53 36 2b-19 10 9c 33 8d 4e 76 e0 .....S6+...3.Nv. 0050 - 72 8d d8 03 5d d5 2c 4d-6d 4e 06 fe 30 ce 65 1e r...].,MmN..0.e. 0060 - e7 26 e1 e2 2b ec 13 1b-22 6d 2d 5a 88 bb 80 db .&..+..."m-Z.... 0070 - a2 a1 f5 37 ed 07 f3 d6-6d ef e6 84 fd 01 4a eb ...7....m.....J. 0080 - 05 c6 12 ba 2f 0b 08 18-50 2c c8 b4 ee 94 ad 4d ..../...P,.....M 0090 - b7 c5 65 8c 4d fc 98 5d-9e f7 a9 fc a4 73 4f 01 ..e.M..].....sO. 00a0 - 6f 43 4f 2a 94 69 57 07-cf b3 70 63 59 32 d3 5c oCO*.iW...pcY2.\ 00b0 - 44 48 f0 77 13 45 ec 75-03 6e 73 9c c2 d3 f1 e3 DH.w.E.u.ns..... 00c0 - 9a e7 4c c8 65 f4 e9 a6-18 db e6 46 e2 1c 68 e5 ..L.e......F..h. Start Time: 1739847129 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIJq7uFjfGq24dyycoVVxRWgKAO0KzpXUq5INo7Z/i4/a BDDfHFZ+nl9YZrlZIutv1CbU6qRXXe8x6wfwLEW/zuQO4Khs8jPtqoBOFkSkKCSn OE+hBgIEZ7P12aIEAgIcIKQGBAQBAAAArgcCBQCyFGjDswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:45 2025 GMT; NotAfter: Feb 18 02:51:45 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ1WhcNMjYwMjE4MDI1MTQ1WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMibT5+Wq6HP9+NbiyefCeRwSjkdbXuOk+av MGqYmLjFumJz0wbSrLiBZuKWcp8+Mh/6u9ghwS3YgBt9aqL9zV6nJcsiCrmWmFoT iuca8UxT8k8rDNxXuMvoiXiSk2BeAz2VW9JxaOf4cFDhIfWiD8BBzY8I1FvrmABq vULZhXZbASFdQwEG3lK4BvUmoqSpt3/YApHBu+NCPiJayRmIWHeQSEmb686VB+JJ bh/GPGEaeOgQ5IW6JOvyl4O0w6/N/RFeRWIffxct5fBz7LS3JSgH1KclqfFpaGo/ Pbky9t+k+XpwXEezUYJ5+Pc74ZXWc2DuJWSUHvRBbT182heImlcCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBRGznZuVArm2xtt5Ihzc5dJOwfpDjAf BgNVHSMEGDAWgBQEazVkeMapL6mib1bDPN9EjMCYdjANBgkqhkiG9w0BAQsFAAOC AQEAksVbU9qI9rgJ6I/UWyIwlq0Ay0KMVfcvI1OUd91PeCNO8h7H3IffOgs2plse jDuMgsgpqlNv43b2pUDj3BvxepQM+4XNAPTOCe+Hq7leXlTgyEewtodEbrl4WmWJ QlZ8dVqd7v0vI9n2i4Kf2RnzuuZBaFEHeJuGLdX0TOvro+0Otl0FIaULk3d8IkMg eSiHDAGvGWFqfcDHG/aKEnsHCM8WfdcEIS4isImWU6XMyH1tQuiOEdz6PYxG0p/w gX9M00tyPPm5a03LwA3FTXOCv5tGcQ/fF7dsngcj/e8Zy+ff/AupuoV7JaSvXvzW VnMRgaIisTf7THfr597voRbwBA== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 8520C41BDC452D4F2B301BCF525970BFEFBD7BE72C85997A5A1A9C8E10C2535B Session-ID-ctx: Master-Key: 61C6CDD9D55F7B37D4FD51E8DF7D03011C48F5F04E471A9AB63E94BFBE03D1A43758EC3A94D77F8712BB7DA380488269 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - df e5 59 0a e8 d7 2f 5b-02 2a 12 ad 81 87 cf fb ..Y.../[.*...... 0010 - 69 c9 5d 35 ac 47 f0 79-01 69 ce 0d 75 e4 13 86 i.]5.G.y.i..u... 0020 - 0f 38 a4 af bc e0 0d d0-44 1b 99 43 b2 91 de 8e .8......D..C.... 0030 - 20 21 b6 62 ea ca c9 65-ac 54 85 1d 96 c7 fc 99 !.b...e.T...... 0040 - 03 03 55 d3 6c bd 04 b8-fb ba b9 c4 2e 29 e8 e5 ..U.l........).. 0050 - d4 b5 f0 65 15 d2 42 78-ef b3 6a 78 d4 9b 05 a8 ...e..Bx..jx.... 0060 - 81 5e 74 d9 54 c0 11 82-13 12 99 71 80 d5 42 05 .^t.T......q..B. 0070 - f1 63 1e 86 98 dd 89 25-f0 7c 0a 72 5d 7d 8b 17 .c.....%.|.r]}.. 0080 - aa 36 76 60 c0 26 f1 04-29 17 12 a0 9d 39 99 db .6v`.&..)....9.. 0090 - df 84 3c 63 e7 64 ac fe-c2 c8 88 80 8d 07 83 83 ..*...U4...}.\ 0020 - a7 43 50 8b 14 9f c2 aa-1a b7 72 eb b1 53 58 02 .CP.......r..SX. 0030 - ed 74 3a 48 df 26 ed 71-fa f4 b8 b1 f7 27 50 32 .t:H.&.q.....'P2 0040 - a9 a8 ae 86 36 8e e9 31-eb c8 a2 2a cf b9 7d cb ....6..1...*..}. 0050 - c2 80 1d 7f d0 f2 f8 7d-4d cd 0c de 49 da 30 66 .......}M...I.0f 0060 - eb d9 df 59 4b b0 38 c8-7c 00 34 38 d8 1a 43 c1 ...YK.8.|.48..C. 0070 - c3 30 c2 3d a4 74 47 30-83 a1 d1 a1 ce 45 d9 04 .0.=.tG0.....E.. 0080 - d7 3e 68 49 c0 28 6c 3d-8c 55 e5 a9 ca 53 f5 62 .>hI.(l=.U...S.b 0090 - a0 90 47 78 04 87 f0 72-7d 7b ef 94 82 aa 63 8d ..Gx...r}{....c. 00a0 - a2 e4 ce 1c fa f4 b4 b5-0b fd 31 85 a2 0a d0 4f ..........1....O 00b0 - 42 74 f0 af da 3c 3f 50-c8 f1 47 b7 c3 f9 45 d6 Bt...O......n%0* 0010 - b2 f7 10 ea 15 47 dd 7e-df 02 6e 39 35 3e 2f bc .....G.~..n95>/. 0020 - 58 be 02 3f 9c d4 f3 c5-a7 44 0c 56 4c 88 8d c1 X..?.....D.VL... 0030 - 84 03 57 6f 7d 47 b7 3c-33 44 47 d9 4c c5 b2 3e ..Wo}G.<3DG.L..> 0040 - 96 a3 1a 96 35 be 8a f3-90 ed b7 9d 98 ad 77 bb ....5.........w. 0050 - b0 79 b6 f8 c4 26 a6 a4-c8 d4 a6 4f a0 a4 a8 57 .y...&.....O...W 0060 - 3f 55 eb 29 4c 30 82 3e-74 7c 4b cb ab 01 18 9d ?U.)L0.>t|K..... 0070 - 42 43 2f 7e 8e fa ac f0-e3 58 d6 d1 38 09 1b 57 BC/~.....X..8..W 0080 - 7c db cd 16 cd 71 ca f5-a9 ff 35 09 0f ef be 05 |....q....5..... 0090 - 6c c6 a1 0b b3 5d f4 cc-8d f5 3d 7f cc 96 3d 32 l....]....=...=2 00a0 - 57 71 d1 b6 66 4d da 58-2e 6b 83 4a d9 60 bc ca Wq..fM.X.k.J.`.. Start Time: 1739847131 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4069FEF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDCa4/dQq027nr2ziCHH2fxJG+mbbQZ3ah6EUpMxsyIG Tk+qGGIg5VrMuNwjI3YgESmhBgIEZ7P126IEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 18 02:51:46 2025 GMT; NotAfter: Feb 18 02:51:46 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMjE4MDI1MTQ2WhcNMjYwMjE4MDI1MTQ2WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASSo1Sa0elCrAT0MBKqCjp36ZudG1JSXihib5H4P24mmvH9 LwoZ8xCIAyAtq32HsPhSb3UAgb5FR/c6lBLkmPSmo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFNXFn2QqK5hlU4Ti+++mUMjVyaAkMB8GA1UdIwQYMBaAFARr NWR4xqkvqaJvVsM830SMwJh2MA0GCSqGSIb3DQEBCwUAA4IBAQCVvTgUAoVO1U4N CX3+LvwKP7mJgc1Pr4n2LRLdXAfEShYc1/Ff3rITMAky18/jHcq/hiReyDXEWZJs VQDygSaerMDe8OgZ0SDkyF/gBK12XaiQpDvvJmXMNCv4NufllcsACIB975N1jGwF E70qMq90ygEV0IBbXTrc1mDHqZmvnpMzr4nPrWhR9Ymsxp7yMbcejZ6IhmdCzm7Z r8aSCKt5K/J58IztzUvQO0TG1gJ6X4xqbouojyN4u/Er0Kw3iKepKINPu33vh5xQ nj5I7Ouogn02a+h5vU/b/T1lyxGL/WX9FM9XTtCo3LL2iYQzBYMBQWyaZEEdoUJh MH+XrDVm -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 111459D92AD568508B5ECC982D39859FC9A503CCFFDB98D32FAF07EB6646CE5C Session-ID-ctx: Resumption PSK: 731F415110673E8A36DF36AFC12D27FF8FC675652BB1368122CE9A7B1D7C6FF930E556436839809B3E34CB81DBFE8584 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a9 0d 21 9c 05 45 df 31-53 82 6b cc aa fd 29 05 ..!..E.1S.k...). 0010 - cf 62 4d 4b 28 32 aa b2-af 4a 8d b7 77 62 ec 2a .bMK(2...J..wb.* 0020 - ca 7a 4d 94 4d 41 89 69-4e 25 b7 2d 40 d3 71 1c .zM.MA.iN%.-@.q. 0030 - 1d e3 0e 82 33 f7 a9 87-75 ab 38 77 d2 34 6c 4a ....3...u.8w.4lJ 0040 - 88 ae 5c 89 74 18 f4 c9-34 2d f5 88 6c db 00 70 ..\.t...4-..l..p 0050 - cd 35 f5 20 ad ea a0 b9-20 ab 98 71 bc 80 ee 83 .5. .... ..q.... 0060 - 1d 43 62 a9 33 26 b6 f6-9c 9f ff a8 d6 35 70 33 .Cb.3&.......5p3 0070 - a8 ff 05 aa a8 3f 63 c1-d6 15 55 41 1a d2 9b 66 .....?c...UA...f 0080 - dc 24 f4 dc 7e 62 be 44-ad ce 5a e6 4d 97 dd 64 .$..~b.D..Z.M..d 0090 - 2a d3 e4 f3 da 67 47 52-6a 18 26 2b 0d d7 53 88 *....gGRj.&+..S. 00a0 - 5d 27 2a 72 ec 15 fa 06-26 78 af 09 c2 57 d8 42 ]'*r....&x...W.B 00b0 - 0e db c0 69 07 e2 af 94-fc a1 b0 7f ff b4 75 44 ...i..........uD 00c0 - 71 44 7f 06 74 11 b8 ef-eb c7 ae 04 15 e5 63 5d qD..t.........c] Start Time: 1739847132 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 89597FC8B198C50AA0E4FC5C51B42EA55B969951B92A8F02378F3F7A0268A3CE Session-ID-ctx: Resumption PSK: C3D0178D4A7EF755A9C46872A975C5891352C17042C8D93DE32FBA00A17EBB75DBD33AA52AB17EFC72771D665BF43CFE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a9 0d 21 9c 05 45 df 31-53 82 6b cc aa fd 29 05 ..!..E.1S.k...). 0010 - 27 7b 38 0c 02 83 d8 5c-74 61 2f 34 3b cd 91 f3 '{8....\ta/4;... 0020 - c2 5e 50 3f e4 08 5e f5-55 75 90 e5 ac 26 19 f0 .^P?..^.Uu...&.. 0030 - 6d fb 64 2b 57 1f db 90-31 e1 22 bd 1a b2 b5 ac m.d+W...1."..... 0040 - 9f 25 44 78 cb 71 42 26-4b b6 07 9b 8a 94 1d 78 .%Dx.qB&K......x 0050 - 77 a1 1e 65 04 e9 88 77-19 4d 53 1b b5 a7 7f 5a w..e...w.MS....Z 0060 - 18 40 7f 1b c7 35 b8 7a-3a a8 91 6e 43 29 0d 64 .@...5.z:..nC).d 0070 - 58 02 9b 79 cc 08 83 a5-dd ec bb 1b 54 e8 a9 40 X..y........T..@ 0080 - 6f 5d 9f a2 a4 2f 2e da-aa 60 97 17 f6 37 a9 9a o].../...`...7.. 0090 - 87 e4 ee ec 8c df db ff-05 60 a2 63 eb 36 8d 1a .........`.c.6.. 00a0 - 95 82 e0 4c 7e 3e bf ae-d5 a7 82 80 fb aa 14 88 ...L~>.......... 00b0 - 95 0a 85 e4 e3 38 b8 ac-40 59 fc d8 5b ba e7 e2 .....8..@Y..[... 00c0 - 11 5c 8f 1e 94 2a 1c d9-69 05 39 a0 3b b2 ca c1 .\...*..i.9.;... Start Time: 1739847132 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 0007F9F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIE8FR7lEdYZX4E2l/iqu2nHJ7pQMl94yG5qRRwROby5Y BDDD0BeNSn73VanEaHKpdcWJE1LBcELI2T3jL7oAoX67ddvTOqUqsX78cncdZlv0 PP6hBgIEZ7P13KIEAgIcIKQGBAQBAAAArgYCBASDDAezAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIE8FR7lEdYZX4E2l/iqu2nHJ7pQMl94yG5qRRwROby5Y BDDD0BeNSn73VanEaHKpdcWJE1LBcELI2T3jL7oAoX67ddvTOqUqsX78cncdZlv0 PP6hBgIEZ7P13KIEAgIcIKQGBAQBAAAArgYCBASDDAezAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 6.18s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=36 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.08s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=211 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.06s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=209 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.11s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=142 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.17s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=154 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.05s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=146 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.07s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=12 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.06s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=156 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%CE%B7%42%11%6B%1A%A3%34%B7%44%EC%8C%2C%D7%77%DD;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%15%9F%10%2E%5D%0B%EE%15%A6%69%F8%C1%70%13%74%66;object=Test-RSA-Key-Usage-159f102e;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%BA%72%D4%76%3B%8C%07%BE%6D%88%0B%D4%7E%C8%C8%CA;object=Test-Ed-gen-ba72d476;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%40%1C%F7%DA%6C%9E%DF%13%BA%DE%E5%43%F2%6C%FF%90;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%EC%3C%6F%EB%EA%DE%25%C5%74%6B%32%E9%C6%82%2F%77;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%8F%EE%E7%D1%B5%17%89%0C%80%16%2C%29%FA%BC%C8%3D;object=Test-Ed-gen-8feee7d1;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%7B%EA%D3%E3%7B%91%FD%83%ED%37%05%16%6F%CA%CD%25;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%B8%6E%C3%7B%21%7B%A4%77%F4%BD%5F%DF%FF%5C%D7%8B;object=Test-RSA-PSS-gen-b86ec37b;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%15%D4%B7%B4%81%FE%E7%18%C7%E3%81%A0%0A%5C%5E%FF;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%7C%7D%F6%BB%CC%72%7F%CE%88%A1%52%F0%CD%0C%D5%40;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%C8%9F%5E%1C%E7%A0%37%7C%C9%36%79%2D%69%07%C2%5C;object=Test-RSA-gen-c89f5e1c;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6283ef2be635cef;token=SoftHSM%20Token;id=%4C%1A%48%8B%29%A2%8D%36%6D%CE%BD%0E%DD%65%18%0F;object=Test-EC-gen-4c1a488b;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=c6283ef2be635cef openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%CE%B7%42%11%6B%1A%A3%34%B7%44%EC%8C%2C%D7%77%DD openssl storeutl -text "pkcs11:${cmp}" $cmp=object=Fork-Test openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 6.95s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=232 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.07s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=241 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.07s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=69 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.11s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=203 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.06s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=31 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.07s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=235 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.07s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=184 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.07s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=76 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.06s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=234 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.06s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-i686-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/i386-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_i386.deb'. dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_i386.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_i386.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_i386.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: user script /srv/workspace/pbuilder/34481/tmp/hooks/B01_cleanup starting I: user script /srv/workspace/pbuilder/34481/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/34481 and its subdirectories I: Current time: Tue Feb 18 16:52:39 +14 2025 I: pbuilder-time-stamp: 1739847159