I: pbuilder: network access will be disabled during build I: Current time: Mon Mar 10 12:03:53 +14 2025 I: pbuilder-time-stamp: 1741557833 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/D01_modify_environment starting debug: Running on ionos11-amd64. I: Changing host+domainname to test build reproducibility I: Adding a custom variable just for the fun of it... I: Changing /bin/sh to bash '/bin/sh' -> '/bin/bash' lrwxrwxrwx 1 root root 9 Mar 9 22:04 /bin/sh -> /bin/bash I: Setting pbuilder2's login shell to /bin/bash I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/D01_modify_environment finished I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/D02_print_environment starting I: set BASH=/bin/sh BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=() BASH_ARGV=() BASH_CMDS=() BASH_LINENO=([0]="12" [1]="0") BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='5.2.37(1)-release' BUILDDIR=/build/reproducible-path BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' BUILDUSERNAME=pbuilder2 BUILD_ARCH=amd64 DEBIAN_FRONTEND=noninteractive DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=20 ' DIRSTACK=() DISTRIBUTION=unstable EUID=0 FUNCNAME=([0]="Echo" [1]="main") GROUPS=() HOME=/root HOSTNAME=i-capture-the-hostname HOSTTYPE=x86_64 HOST_ARCH=amd64 IFS=' ' INVOCATION_ID=3e154b800ac84a34bbfb9da5e2d0e304 LANG=C LANGUAGE=et_EE:et LC_ALL=C MACHTYPE=x86_64-pc-linux-gnu MAIL=/var/mail/root OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path PBCURRENTCOMMANDLINEOPERATION=build PBUILDER_OPERATION=build PBUILDER_PKGDATADIR=/usr/share/pbuilder PBUILDER_PKGLIBDIR=/usr/lib/pbuilder PBUILDER_SYSCONFDIR=/etc PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=1896340 PS4='+ ' PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix SHLVL=3 SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.lm4v2gV9/pbuilderrc_Rdj8 --distribution unstable --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.lm4v2gV9/b2 --logfile b2/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID=111 SUDO_UID=106 SUDO_USER=jenkins TERM=unknown TZ=/usr/share/zoneinfo/Etc/GMT-14 UID=0 USER=root _='I: set' http_proxy=http://46.16.76.132:3128 I: uname -a Linux i-capture-the-hostname 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Mar 4 11:20 /bin -> usr/bin I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: amd64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19783 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 47.7 MB of archives. After unpacking 176 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian unstable/main amd64 libpython3.13-minimal amd64 3.13.2-1 [859 kB] Get: 2 http://deb.debian.org/debian unstable/main amd64 libexpat1 amd64 2.6.4-1 [106 kB] Get: 3 http://deb.debian.org/debian unstable/main amd64 python3.13-minimal amd64 3.13.2-1 [2205 kB] Get: 4 http://deb.debian.org/debian unstable/main amd64 python3-minimal amd64 3.13.2-2 [27.1 kB] Get: 5 http://deb.debian.org/debian unstable/main amd64 media-types all 13.0.0 [29.3 kB] Get: 6 http://deb.debian.org/debian unstable/main amd64 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian unstable/main amd64 tzdata all 2025a-2 [259 kB] Get: 8 http://deb.debian.org/debian unstable/main amd64 libffi8 amd64 3.4.7-1 [23.9 kB] Get: 9 http://deb.debian.org/debian unstable/main amd64 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian unstable/main amd64 libreadline8t64 amd64 8.2-6 [169 kB] Get: 11 http://deb.debian.org/debian unstable/main amd64 libpython3.13-stdlib amd64 3.13.2-1 [1979 kB] Get: 12 http://deb.debian.org/debian unstable/main amd64 python3.13 amd64 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian unstable/main amd64 libpython3-stdlib amd64 3.13.2-2 [10.1 kB] Get: 14 http://deb.debian.org/debian unstable/main amd64 python3 amd64 3.13.2-2 [28.1 kB] Get: 15 http://deb.debian.org/debian unstable/main amd64 libproc2-0 amd64 2:4.0.4-7 [64.9 kB] Get: 16 http://deb.debian.org/debian unstable/main amd64 procps amd64 2:4.0.4-7 [878 kB] Get: 17 http://deb.debian.org/debian unstable/main amd64 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian unstable/main amd64 libmagic-mgc amd64 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian unstable/main amd64 libmagic1t64 amd64 1:5.45-3+b1 [108 kB] Get: 20 http://deb.debian.org/debian unstable/main amd64 file amd64 1:5.45-3+b1 [43.3 kB] Get: 21 http://deb.debian.org/debian unstable/main amd64 gettext-base amd64 0.23.1-1 [243 kB] Get: 22 http://deb.debian.org/debian unstable/main amd64 libuchardet0 amd64 0.0.8-1+b2 [68.9 kB] Get: 23 http://deb.debian.org/debian unstable/main amd64 groff-base amd64 1.23.0-7 [1185 kB] Get: 24 http://deb.debian.org/debian unstable/main amd64 bsdextrautils amd64 2.40.4-5 [92.4 kB] Get: 25 http://deb.debian.org/debian unstable/main amd64 libpipeline1 amd64 1.5.8-1 [42.0 kB] Get: 26 http://deb.debian.org/debian unstable/main amd64 man-db amd64 2.13.0-1 [1420 kB] Get: 27 http://deb.debian.org/debian unstable/main amd64 libtext-charwidth-perl amd64 0.04-11+b4 [9476 B] Get: 28 http://deb.debian.org/debian unstable/main amd64 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian unstable/main amd64 ucf all 3.0050 [42.7 kB] Get: 30 http://deb.debian.org/debian unstable/main amd64 m4 amd64 1.4.19-7 [294 kB] Get: 31 http://deb.debian.org/debian unstable/main amd64 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian unstable/main amd64 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian unstable/main amd64 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian unstable/main amd64 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian unstable/main amd64 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian unstable/main amd64 libtool all 2.5.4-4 [539 kB] Get: 37 http://deb.debian.org/debian unstable/main amd64 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian unstable/main amd64 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian unstable/main amd64 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian unstable/main amd64 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian unstable/main amd64 libelf1t64 amd64 0.192-4 [189 kB] Get: 42 http://deb.debian.org/debian unstable/main amd64 dwz amd64 0.15-1+b1 [110 kB] Get: 43 http://deb.debian.org/debian unstable/main amd64 libunistring5 amd64 1.3-1 [476 kB] Get: 44 http://deb.debian.org/debian unstable/main amd64 libicu72 amd64 72.1-6 [9421 kB] Get: 45 http://deb.debian.org/debian unstable/main amd64 libxml2 amd64 2.12.7+dfsg+really2.9.14-0.2+b2 [699 kB] Get: 46 http://deb.debian.org/debian unstable/main amd64 gettext amd64 0.23.1-1 [1680 kB] Get: 47 http://deb.debian.org/debian unstable/main amd64 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian unstable/main amd64 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian unstable/main amd64 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian unstable/main amd64 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian unstable/main amd64 libtcl8.6 amd64 8.6.16+dfsg-1 [1042 kB] Get: 52 http://deb.debian.org/debian unstable/main amd64 tcl8.6 amd64 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian unstable/main amd64 tcl-expect amd64 5.45.4-4 [127 kB] Get: 54 http://deb.debian.org/debian unstable/main amd64 expect amd64 5.45.4-4 [158 kB] Get: 55 http://deb.debian.org/debian unstable/main amd64 libidn2-0 amd64 2.3.8-1 [109 kB] Get: 56 http://deb.debian.org/debian unstable/main amd64 libp11-kit0 amd64 0.25.5-3 [425 kB] Get: 57 http://deb.debian.org/debian unstable/main amd64 libtasn1-6 amd64 4.20.0-2 [49.9 kB] Get: 58 http://deb.debian.org/debian unstable/main amd64 libgnutls30t64 amd64 3.8.9-2 [1464 kB] Get: 59 http://deb.debian.org/debian unstable/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10+b1 [182 kB] Get: 60 http://deb.debian.org/debian unstable/main amd64 libunbound8 amd64 1.22.0-1+b1 [598 kB] Get: 61 http://deb.debian.org/debian unstable/main amd64 libgnutls-dane0t64 amd64 3.8.9-2 [455 kB] Get: 62 http://deb.debian.org/debian unstable/main amd64 gnutls-bin amd64 3.8.9-2 [691 kB] Get: 63 http://deb.debian.org/debian unstable/main amd64 libeac3 amd64 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [51.1 kB] Get: 64 http://deb.debian.org/debian unstable/main amd64 libglib2.0-0t64 amd64 2.83.5-1 [1513 kB] Get: 65 http://deb.debian.org/debian unstable/main amd64 libnspr4 amd64 2:4.36-1 [110 kB] Get: 66 http://deb.debian.org/debian unstable/main amd64 libnspr4-dev amd64 2:4.36-1 [207 kB] Get: 67 http://deb.debian.org/debian unstable/main amd64 libnss3 amd64 2:3.109-1 [1393 kB] Get: 68 http://deb.debian.org/debian unstable/main amd64 libnss3-dev amd64 2:3.109-1 [250 kB] Get: 69 http://deb.debian.org/debian unstable/main amd64 libp11-kit-dev amd64 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian unstable/main amd64 libpkgconf3 amd64 1.8.1-4 [36.4 kB] Get: 71 http://deb.debian.org/debian unstable/main amd64 softhsm2-common amd64 2.6.1-2.2+b1 [12.4 kB] Get: 72 http://deb.debian.org/debian unstable/main amd64 libsofthsm2 amd64 2.6.1-2.2+b1 [252 kB] Get: 73 http://deb.debian.org/debian unstable/main amd64 libssl-dev amd64 3.4.1-1 [2787 kB] Get: 74 http://deb.debian.org/debian unstable/main amd64 libtommath1 amd64 1.3.0-1 [64.3 kB] Get: 75 http://deb.debian.org/debian unstable/main amd64 libtomcrypt1 amd64 1.18.2+dfsg-7+b2 [402 kB] Get: 76 http://deb.debian.org/debian unstable/main amd64 libstoken1t64 amd64 0.92-1.1+b2 [28.6 kB] Get: 77 http://deb.debian.org/debian unstable/main amd64 libtomcrypt-dev amd64 1.18.2+dfsg-7+b2 [1261 kB] Get: 78 http://deb.debian.org/debian unstable/main amd64 libstoken-dev amd64 0.92-1.1+b2 [8196 B] Get: 79 http://deb.debian.org/debian unstable/main amd64 ninja-build amd64 1.12.1-1 [142 kB] Get: 80 http://deb.debian.org/debian unstable/main amd64 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian unstable/main amd64 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian unstable/main amd64 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian unstable/main amd64 python3-typeguard all 4.4.2-1 [37.3 kB] Get: 84 http://deb.debian.org/debian unstable/main amd64 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.context all 6.0.1-1 [8276 B] Get: 86 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian unstable/main amd64 python3-pkg-resources all 75.8.0-1 [222 kB] Get: 88 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian unstable/main amd64 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian unstable/main amd64 python3-setuptools all 75.8.0-1 [724 kB] Get: 91 http://deb.debian.org/debian unstable/main amd64 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian unstable/main amd64 opensc-pkcs11 amd64 0.26.0-1 [923 kB] Get: 93 http://deb.debian.org/debian unstable/main amd64 opensc amd64 0.26.0-1 [411 kB] Get: 94 http://deb.debian.org/debian unstable/main amd64 openssl amd64 3.4.1-1 [1427 kB] Get: 95 http://deb.debian.org/debian unstable/main amd64 p11-kit-modules amd64 0.25.5-3 [271 kB] Get: 96 http://deb.debian.org/debian unstable/main amd64 p11-kit amd64 0.25.5-3 [403 kB] Get: 97 http://deb.debian.org/debian unstable/main amd64 pkgconf-bin amd64 1.8.1-4 [30.2 kB] Get: 98 http://deb.debian.org/debian unstable/main amd64 pkgconf amd64 1.8.1-4 [26.2 kB] Get: 99 http://deb.debian.org/debian unstable/main amd64 softhsm2 amd64 2.6.1-2.2+b1 [169 kB] Fetched 47.7 MB in 7s (7150 kB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19783 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_amd64.deb ... Unpacking libpython3.13-minimal:amd64 (3.13.2-1) ... Selecting previously unselected package libexpat1:amd64. Preparing to unpack .../libexpat1_2.6.4-1_amd64.deb ... Unpacking libexpat1:amd64 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_amd64.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:amd64 (3.13.2-1) ... Setting up libexpat1:amd64 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20117 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.2-2_amd64.deb ... Unpacking python3-minimal (3.13.2-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_13.0.0_all.deb ... Unpacking media-types (13.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025a-2_all.deb ... Unpacking tzdata (2025a-2) ... Selecting previously unselected package libffi8:amd64. Preparing to unpack .../4-libffi8_3.4.7-1_amd64.deb ... Unpacking libffi8:amd64 (3.4.7-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:amd64. Preparing to unpack .../6-libreadline8t64_8.2-6_amd64.deb ... Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8 to /lib/x86_64-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8.2 to /lib/x86_64-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8 to /lib/x86_64-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8.2 to /lib/x86_64-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:amd64 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:amd64. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_amd64.deb ... Unpacking libpython3.13-stdlib:amd64 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_amd64.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:amd64. Preparing to unpack .../9-libpython3-stdlib_3.13.2-2_amd64.deb ... Unpacking libpython3-stdlib:amd64 (3.13.2-2) ... Setting up python3-minimal (3.13.2-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21127 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.2-2_amd64.deb ... Unpacking python3 (3.13.2-2) ... Selecting previously unselected package libproc2-0:amd64. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_amd64.deb ... Unpacking libproc2-0:amd64 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_amd64.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_amd64.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:amd64. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_amd64.deb ... Unpacking libmagic1t64:amd64 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_amd64.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_amd64.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:amd64. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_amd64.deb ... Unpacking libuchardet0:amd64 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_amd64.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-5_amd64.deb ... Unpacking bsdextrautils (2.40.4-5) ... Selecting previously unselected package libpipeline1:amd64. Preparing to unpack .../11-libpipeline1_1.5.8-1_amd64.deb ... Unpacking libpipeline1:amd64 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_amd64.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:amd64. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_amd64.deb ... Unpacking libtext-charwidth-perl:amd64 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0050_all.deb ... Moving old data out of the way Unpacking ucf (3.0050) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-7_amd64.deb ... Unpacking m4 (1.4.19-7) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-4_all.deb ... Unpacking libtool (2.5.4-4) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:amd64. Preparing to unpack .../27-libelf1t64_0.192-4_amd64.deb ... Unpacking libelf1t64:amd64 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_amd64.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:amd64. Preparing to unpack .../29-libunistring5_1.3-1_amd64.deb ... Unpacking libunistring5:amd64 (1.3-1) ... Selecting previously unselected package libicu72:amd64. Preparing to unpack .../30-libicu72_72.1-6_amd64.deb ... Unpacking libicu72:amd64 (72.1-6) ... Selecting previously unselected package libxml2:amd64. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b2_amd64.deb ... Unpacking libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.2+b2) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_amd64.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:amd64. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking libtcl8.6:amd64 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:amd64. Preparing to unpack .../39-tcl-expect_5.45.4-4_amd64.deb ... Unpacking tcl-expect:amd64 (5.45.4-4) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-4_amd64.deb ... Unpacking expect (5.45.4-4) ... Selecting previously unselected package libidn2-0:amd64. Preparing to unpack .../41-libidn2-0_2.3.8-1_amd64.deb ... Unpacking libidn2-0:amd64 (2.3.8-1) ... Selecting previously unselected package libp11-kit0:amd64. Preparing to unpack .../42-libp11-kit0_0.25.5-3_amd64.deb ... Unpacking libp11-kit0:amd64 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:amd64. Preparing to unpack .../43-libtasn1-6_4.20.0-2_amd64.deb ... Unpacking libtasn1-6:amd64 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:amd64. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_amd64.deb ... Unpacking libgnutls30t64:amd64 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:amd64. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ... Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:amd64. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_amd64.deb ... Unpacking libunbound8:amd64 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:amd64. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_amd64.deb ... Unpacking libgnutls-dane0t64:amd64 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_amd64.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:amd64. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_amd64.deb ... Unpacking libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:amd64. Preparing to unpack .../50-libglib2.0-0t64_2.83.5-1_amd64.deb ... Unpacking libglib2.0-0t64:amd64 (2.83.5-1) ... Selecting previously unselected package libnspr4:amd64. Preparing to unpack .../51-libnspr4_2%3a4.36-1_amd64.deb ... Unpacking libnspr4:amd64 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_amd64.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:amd64. Preparing to unpack .../53-libnss3_2%3a3.109-1_amd64.deb ... Unpacking libnss3:amd64 (2:3.109-1) ... Selecting previously unselected package libnss3-dev:amd64. Preparing to unpack .../54-libnss3-dev_2%3a3.109-1_amd64.deb ... Unpacking libnss3-dev:amd64 (2:3.109-1) ... Selecting previously unselected package libp11-kit-dev:amd64. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_amd64.deb ... Unpacking libp11-kit-dev:amd64 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:amd64. Preparing to unpack .../56-libpkgconf3_1.8.1-4_amd64.deb ... Unpacking libpkgconf3:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:amd64. Preparing to unpack .../59-libssl-dev_3.4.1-1_amd64.deb ... Unpacking libssl-dev:amd64 (3.4.1-1) ... Selecting previously unselected package libtommath1:amd64. Preparing to unpack .../60-libtommath1_1.3.0-1_amd64.deb ... Unpacking libtommath1:amd64 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:amd64. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:amd64. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_amd64.deb ... Unpacking libstoken1t64:amd64 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:amd64. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_amd64.deb ... Unpacking libstoken-dev:amd64 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1_amd64.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.2-1_all.deb ... Unpacking python3-typeguard (4.4.2-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.1-1_all.deb ... Unpacking python3-jaraco.context (6.0.1-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.8.0-1_all.deb ... Unpacking python3-pkg-resources (75.8.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.8.0-1_all.deb ... Unpacking python3-setuptools (75.8.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:amd64. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_amd64.deb ... Unpacking opensc-pkcs11:amd64 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_amd64.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.1-1_amd64.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:amd64. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_amd64.deb ... Unpacking p11-kit-modules:amd64 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_amd64.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_amd64.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:amd64. Preparing to unpack .../84-pkgconf_1.8.1-4_amd64.deb ... Unpacking pkgconf:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (13.0.0) ... Setting up libpipeline1:amd64 (1.5.8-1) ... Setting up libtext-charwidth-perl:amd64 (0.04-11+b4) ... Setting up libicu72:amd64 (72.1-6) ... Setting up bsdextrautils (2.40.4-5) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:amd64 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:amd64 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-7) ... Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:amd64 (0.192-4) ... Setting up libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025a-2) ... Current default time zone: 'Etc/UTC' Local time is now: Sun Mar 9 22:05:31 UTC 2025. Universal Time is now: Sun Mar 9 22:05:31 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:amd64 (1.22.0-1+b1) ... Setting up libpkgconf3:amd64 (1.8.1-4) ... Setting up libnspr4:amd64 (2:4.36-1) ... Setting up libproc2-0:amd64 (2:4.0.4-7) ... Setting up libunistring5:amd64 (1.3-1) ... Setting up libssl-dev:amd64 (3.4.1-1) ... Setting up libtcl8.6:amd64 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:amd64 (3.4.7-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:amd64 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:amd64 (4.20.0-2) ... Setting up netbase (6.4) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.2+b2) ... Setting up libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-4) ... Setting up tcl-expect:amd64 (5.45.4-4) ... Setting up libidn2-0:amd64 (2.3.8-1) ... Setting up libnss3:amd64 (2:3.109-1) ... Setting up pkgconf:amd64 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:amd64 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:amd64 (2.83.5-1) ... No schema files found: doing nothing. Setting up libstoken-dev:amd64 (0.92-1.1+b2) ... Setting up libp11-kit0:amd64 (0.25.5-3) ... Setting up ucf (3.0050) ... Setting up libreadline8t64:amd64 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:amd64 (2:3.109-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:amd64 (3.13.2-1) ... Setting up libp11-kit-dev:amd64 (0.25.5-3) ... Setting up libpython3-stdlib:amd64 (3.13.2-2) ... Setting up libgnutls30t64:amd64 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-4) ... Setting up python3 (3.13.2-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:amd64 (0.26.0-1) ... Setting up p11-kit-modules:amd64 (0.25.5-3) ... Setting up libgnutls-dane0t64:amd64 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.1-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.2-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.8.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.8.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.41-4) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/A99_set_merged_usr starting Not re-configuring usrmerge for unstable I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/A99_set_merged_usr finished hostname: Name or service not known I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture amd64 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-17) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86_64 Host machine cpu: x86_64 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.109 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/x86_64-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 ninja -j20 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/x86_64-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=20 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu' [1/29] Compiling C object tests/tdigests.p/tdigests.c.o [2/29] Compiling C object tests/tsession.p/tsession.c.o [3/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [5/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [6/29] Compiling C object tests/tgenkey.p/util.c.o [7/29] Compiling C object tests/tfork.p/tfork.c.o [8/29] Compiling C object tests/tlsctx.p/util.c.o [9/29] Compiling C object tests/tpkey.p/tpkey.c.o [10/29] Compiling C object tests/tcmpkeys.p/util.c.o [11/29] Compiling C object tests/tpkey.p/util.c.o [12/29] Compiling C object tests/tfork.p/util.c.o [13/29] Linking target tests/tdigests [14/29] Linking target tests/treadkeys [15/29] Compiling C object tests/pincache.p/pincache.c.o [16/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [17/29] Compiling C object tests/tlssetkey.p/util.c.o [18/29] Compiling C object tests/ccerts.p/ccerts.c.o [19/29] Linking target tests/tsession [20/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [21/29] Compiling C object tests/ccerts.p/util.c.o [22/29] Linking target tests/tcmpkeys [23/29] Linking target tests/pincache [24/29] Linking target tests/tpkey [25/29] Linking target tests/tfork [26/29] Linking target tests/tgenkey [27/29] Linking target tests/ccerts [28/29] Linking target tests/tlssetkey [29/29] Linking target tests/tlsctx 1/92 pkcs11-provider:softokn / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so MALLOC_PERTURB_=162 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src SOFTOKNPATH=/usr/lib/x86_64-linux-gnu MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ######################################## ## Setup NSS Softokn ++ echo 'NSS'\''s certutil command is required' ++ exit 0 NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.04s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src SOFTOKNPATH=/usr/lib/x86_64-linux-gnu MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=77 MESON_TEST_ITERATION=1 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 705325115 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Creating new Self Sign CA Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Sun Mar 09 22:06:42 UTC 2025 Not After: Mon Mar 09 22:06:42 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:c8:ba:51:3c:3b:2e:2a:8c:e4:25:a0:f8:f0:47:06 37:dd:ef:d9:59:3a:cd:5d:08:cd:35:a2:b6:a7:1f:dd 58:c4:df:03:29:15:7f:ae:bd:ff:81:7a:f0:49:5b:63 bc:32:0e:92:df:11:c9:28:70:0d:17:6a:7a:91:21:88 39:bb:d6:bc:b7:0a:b8:de:21:20:26:7a:88:55:5e:04 31:43:1d:0f:06:96:32:78:7a:b2:c4:b0:19:78:e4:a1 2c:f4:50:d8:94:5a:13:b3:aa:fb:35:d1:e9:20:20:db 0b:e3:53:84:4e:8f:73:f8:17:82:88:16:e6:73:41:95 91:16:bb:67:61:5b:bc:e1:21:31:e3:46:e4:86:53:2d 7b:ff:1c:24:19:90:d9:d8:7f:af:87:f6:a7:07:20:b3 24:11:2a:50:f3:99:55:81:3a:dc:0f:2d:70:c6:03:b9 7e:4a:96:f5:ff:5c:ba:23:c4:44:f5:e5:da:c7:0e:10 a1:cf:de:e2:3e:a4:8b:ff:50:b1:e2:27:4c:78:5f:3d 6a:33:20:63:79:58:de:b5:c9:94:01:6b:5a:34:38:7e 08:78:73:67:a1:47:c2:4c:2e:2b:b1:bd:c5:72:e3:af 9b:71:e5:55:0c:ed:0c:cb:69:ff:04:0f:f3:a9:98:36 0d Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:57db0598d52dbdf7691d15252dd839aa1963a4d0 sha256:52bbe44b00b6b9bba21ad8d5e61e03183d63a37de4e61d240d1bb9d278d7359d Public Key PIN: pin-sha256:UrvkSwC2ubuiGtjV5h4DGD1jo33k5h0kDRu50njXNZ0= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:48 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Sun Mar 09 22:06:48 UTC 2025 Not After: Mon Mar 09 22:06:48 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:dd:ae:c2:eb:49:68:20:d0:67:d5:3f:a5:ad:e3:5e 5d:57:1f:b4:09:3a:20:fb:88:09:f9:6a:dc:5b:c1:3f 92:53:2a:70:38:ba:f4:d1:7f:1e:be:5e:0f:5f:49:0a 54:3e:15:c4:bb:df:f8:d7:14:22:9e:8a:89:50:ca:19 92:29:7c:4b:14:25:7f:55:d8:db:ff:73:ab:62:04:12 30:06:df:8f:d0:cf:5c:fe:75:8a:37:6f:68:e6:8c:d2 e8:28:11:fd:bb:45:6b:d0:4e:95:cc:6b:d8:88:f1:f7 1f:29:9a:1b:83:df:43:6f:32:81:40:37:8b:82:c3:7e ad:63:dc:83:f4:cd:5f:ea:6c:d0:bb:33:00:25:03:73 ba:cd:47:8e:e9:8e:c1:21:61:cb:02:40:51:f3:e1:fe 8f:fe:f0:77:b1:60:12:63:5a:e8:b0:8d:03:7f:2e:cf ab:ec:a7:48:35:f2:13:e8:ad:98:63:45:ed:86:e3:26 0e:15:40:b4:46:fa:0e:92:3e:42:b7:ec:c0:a2:a6:a6 83:d5:f8:17:81:91:d1:80:db:e0:57:12:60:c2:ed:91 7c:00:fb:44:ee:58:4c:07:e5:0f:a2:cf:d9:78:b0:56 46:b2:ef:0f:51:d5:04:38:61:f5:a1:85:9d:f9:0a:6f ef Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 113a8c883888d0778fdb73c35ca4574d784fc711 Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:113a8c883888d0778fdb73c35ca4574d784fc711 sha256:53d35048b25d1490f16f2e12256fc125514324e34cce6a69902ec28e5d7567c8 Public Key PIN: pin-sha256:U9NQSLJdFJDxby4SJW/BJVFDJONMzmppkC7Cjl11Z8g= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104520c14dfa89a6aa80faf28fd5d9f47a4d6eca60a932451c54d91102fdd7072b66e15a297e3d277ddd71b6c45cd4e63c648558f7c21a73c77e67edf901add29e4 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:48 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Sun Mar 09 22:06:48 UTC 2025 Not After: Mon Mar 09 22:06:48 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 52:0c:14:df:a8:9a:6a:a8:0f:af:28:fd:5d:9f:47:a4 d6:ec:a6:0a:93:24:51:c5:4d:91:10:2f:dd:70:72:b6 Y: 6e:15:a2:97:e3:d2:77:dd:d7:1b:6c:45:cd:4e:63:c6 48:55:8f:7c:21:a7:3c:77:e6:7e:df:90:1a:dd:29:e4 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 532ba87004d91eb1333a005fef325b4327866e2d Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:532ba87004d91eb1333a005fef325b4327866e2d sha256:6f6ade0fed356074f8331203d770c3fb78636a916a3eee620522904825145586 Public Key PIN: pin-sha256:b2reD+01YHT4MxID13DD+3hjapFqPu5iBSKQSCUUVYY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104f0a5b2dc98c408d8da1a7164565874944b1c910da293a8735fb6bf1ac6c2cc24190b7425de72621e64080705fd25d2e1e6973265f6db35e5a661ea41cef574fd EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Sun Mar 09 22:06:48 UTC 2025 Not After: Mon Mar 09 22:06:48 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:f0:a5:b2:dc:98:c4:08:d8:da:1a:71:64:56:58:74 94:4b:1c:91:0d:a2:93:a8:73:5f:b6:bf:1a:c6:c2:cc 24 Y: 19:0b:74:25:de:72:62:1e:64:08:07:05:fd:25:d2:e1 e6:97:32:65:f6:db:35:e5:a6:61:ea:41:ce:f5:74:fd Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 619746eb3bcdffde92f552f7a3cee27f33e44bf8 Other Information: Public Key ID: sha1:619746eb3bcdffde92f552f7a3cee27f33e44bf8 sha256:bb7b6b8d7cdd3428670982d646682c62a576212edbdbcc56e9492685744771db Public Key PIN: pin-sha256:u3trjXzdNChnCYLWRmgsYqV2IS7b28xW6UkmhXRHcds= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 042072137e6250eeb91d443f4781114c6b835f60c5b538e05d1171ae57b2211b3353 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:49 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Sun Mar 09 22:06:49 UTC 2025 Not After: Mon Mar 09 22:06:49 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 72:13:7e:62:50:ee:b9:1d:44:3f:47:81:11:4c:6b:83 5f:60:c5:b5:38:e0:5d:11:71:ae:57:b2:21:1b:33:53 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 65e9a6d0ca7c70b92f50e620077fc6607885e67c Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:65e9a6d0ca7c70b92f50e620077fc6607885e67c sha256:5096b90539f64db0fd98125c576635d247d91cdad0803e9ea0be019fec7749b9 Public Key PIN: pin-sha256:UJa5BTn2TbD9mBJcV2Y10kfZHNrQgD6eoL4Bn+x3Sbk= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 043917c1c9d571732a55efb76ff34f7a5b8799bc7cb5e8d257b22a59cc8bfd44dbb4cb2c29d5833b538618cc1ca51813dab090d7db9a0caeedba80 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:50 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Sun Mar 09 22:06:50 UTC 2025 Not After: Mon Mar 09 22:06:50 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: 17:c1:c9:d5:71:73:2a:55:ef:b7:6f:f3:4f:7a:5b:87 99:bc:7c:b5:e8:d2:57:b2:2a:59:cc:8b:fd:44:db:b4 cb:2c:29:d5:83:3b:53:86:18:cc:1c:a5:18:13:da:b0 90:d7:db:9a:0c:ae:ed:ba:80 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): d128b7cf0bbbb56145673d26309852a5225a3d66 Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:d128b7cf0bbbb56145673d26309852a5225a3d66 sha256:6eb7efa98263ed35dc0012dd32cd2171b811c40996cf60ae272c268f547beb56 Public Key PIN: pin-sha256:brfvqYJj7TXcABLdMs0hcbgRxAmWz2CuJywmj1R761Y= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:50 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Sun Mar 09 22:06:50 UTC 2025 Not After: Mon Mar 09 22:06:50 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:dc:24:2b:01:65:3b:e3:5e:48:ad:d3:69:62:ea:43 93:73:07:64:1f:81:4d:8c:b7:45:82:8d:0d:4f:ab:d8 bd:c3:b2:8d:df:4e:23:50:f9:f3:d0:6f:66:80:5d:fd c9:b1:54:2f:c9:e6:44:e2:1b:03:ee:17:7a:77:d3:28 ec:85:47:32:04:f1:e7:a9:54:dc:af:4f:6d:97:29:7e 8b:88:47:49:3e:f5:79:cf:df:72:9a:ad:01:77:e8:ac aa:1e:27:c5:a1:d1:12:9e:f0:51:7b:98:e3:83:b3:05 5c:d1:69:02:7e:8a:7c:a7:41:e7:b7:bf:44:08:ad:da 92:65:0a:6f:fb:a4:df:76:4f:56:e5:b3:ca:eb:a9:43 ab:db:45:06:b7:b4:f7:a1:96:59:20:5f:ee:64:ce:0b 5f:dc:f7:e8:20:5e:c1:72:7e:b4:56:cc:b2:ac:da:43 a1:02:1f:09:f6:87:a8:b6:49:f8:54:5e:18:99:37:63 41:a3:b6:35:10:db:04:5e:b3:3f:82:27:db:cb:3e:9d b8:7a:c7:64:4e:b7:ca:57:0b:54:a2:c8:df:a8:29:c7 fc:98:cf:01:2c:83:79:8a:68:aa:ac:93:b4:c7:2e:8f 34:01:af:c5:ec:90:fa:50:5b:46:46:b1:11:16:30:ef b5 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): a5908ea1b61df51931d9d97b84a929c3d4c0ac57 Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:a5908ea1b61df51931d9d97b84a929c3d4c0ac57 sha256:0e52f5907ec51994f4f73e39c4607ba9341e12a46dfb3116269989da7736ad82 Public Key PIN: pin-sha256:DlL1kH7FGZT09z45xGB7qTQeEqRt+zEWJpmJ2nc2rYI= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104e84e88e78779419cb65bc6e672b90aca034d7769bc8d6b7c747b76578304a6964f150af899893c4e3eaa774cc26c106c7d99d3685d807acc335fe3eb7ee89fcf968d51f0192d31a9c6713e6ac761748ed8d89245ceee8617a59ee64526a3616f EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:50 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Sun Mar 09 22:06:50 UTC 2025 Not After: Mon Mar 09 22:06:50 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:e8:4e:88:e7:87:79:41:9c:b6:5b:c6:e6:72:b9:0a ca:03:4d:77:69:bc:8d:6b:7c:74:7b:76:57:83:04:a6 96:4f:15:0a:f8:99:89:3c:4e:3e:aa:77:4c:c2:6c:10 6c Y: 7d:99:d3:68:5d:80:7a:cc:33:5f:e3:eb:7e:e8:9f:cf 96:8d:51:f0:19:2d:31:a9:c6:71:3e:6a:c7:61:74:8e d8:d8:92:45:ce:ee:86:17:a5:9e:e6:45:26:a3:61:6f Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): b0c83dcad83e5c93ad0d035ca756da4dccbe4813 Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:b0c83dcad83e5c93ad0d035ca756da4dccbe4813 sha256:74b1294828a162b28341b43760ee0808157d31b5f32b9065609266bc4babff94 Public Key PIN: pin-sha256:dLEpSCihYrKDQbQ3YO4ICBV9MbXzK5BlYJJmvEur/5Q= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401a21f87ef0871427752df57d12ce4e9ab0d3f1463036a26357f7a1fe58aafa75e1ea2fd4b2aadf65d9aee61764a7d85f05266d1c2af1f56df39cbfd662b074823ab005c760f20e30b3b0840cf636431cfe5d1f799699bdf1e1a5620e053f4324ea26a9282416b1399a108c2550edff8b665dd7df5b972e9ce648ff8ec5586b2a7084226 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Tue Mar 10 12:06:51 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Sun Mar 09 22:06:51 UTC 2025 Not After: Mon Mar 09 22:06:51 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 01:a2:1f:87:ef:08:71:42:77:52:df:57:d1:2c:e4:e9 ab:0d:3f:14:63:03:6a:26:35:7f:7a:1f:e5:8a:af:a7 5e:1e:a2:fd:4b:2a:ad:f6:5d:9a:ee:61:76:4a:7d:85 f0:52:66:d1:c2:af:1f:56:df:39:cb:fd:66:2b:07:48 23:ab Y: 5c:76:0f:20:e3:0b:3b:08:40:cf:63:64:31:cf:e5:d1 f7:99:69:9b:df:1e:1a:56:20:e0:53:f4:32:4e:a2:6a 92:82:41:6b:13:99:a1:08:c2:55:0e:df:f8:b6:65:dd 7d:f5:b9:72:e9:ce:64:8f:f8:ec:55:86:b2:a7:08:42 26 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): d041498fac54f62529fe3f49602d5a5cae7a925b Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:d041498fac54f62529fe3f49602d5a5cae7a925b sha256:eec3f97db221943865214d3a575b2baee0105af0a747c4539907ca748a16912d Public Key PIN: pin-sha256:7sP5fbIhlDhlIU06V1srruAQWvCnR8RTmQfKdIoWkS0= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Tue Mar 10 12:06:51 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Sun Mar 09 22:06:51 UTC 2025 Not After: Mon Mar 09 22:06:51 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:9f:0b:01:97:f7:be:5d:26:ac:8a:bb:f6:28:21:e3 18:fa:93:77:91:aa:1f:ef:46:e2:a1:cc:83:f1:9c:4f 04:f3:2e:f5:4a:9d:65:ee:e0:f7:6b:87:7d:bd:04:c9 7c:b4:92:83:1b:1f:75:b6:d6:26:97:01:d4:3e:62:85 79:46:56:e9:11:8b:93:aa:b2:a8:54:a2:f5:fb:1a:df 2e:aa:7e:90:88:2c:03:d9:d0:63:9a:ea:4d:96:ec:1b 8a:f8:3b:c9:3a:35:5e:1c:eb:be:eb:48:5e:6e:d1:33 e4:62:5e:1c:b5:21:b8:5a:7b:ad:50:bd:d5:11:e4:22 2c:3d:74:7d:ef:01:f8:93:d1:f9:ce:81:e7:3b:d1:b8 31:48:73:48:db:95:dc:fb:11:e6:65:64:d0:80:20:ca 44:4f:76:8e:61:8a:2d:01:d7:cb:6e:6e:6f:bd:23:d0 74:00:d1:b4:47:25:9d:80:fd:ba:c2:04:3f:fc:da:6f 04:c2:71:03:96:55:a9:0e:5f:3a:8e:c0:39:a6:7f:df 24:49:fe:55:f6:5b:86:52:2b:4f:3f:da:a9:a4:80:26 60:8c:73:d9:4e:a8:b4:64:df:dc:b7:02:24:48:1a:c6 20:2e:a8:33:5e:97:e4:20:f7:d8:35:61:8b:02:97:49 05 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 8a4dda17febe6cf1e8d1346e3fbabb2688d8782d Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:8a4dda17febe6cf1e8d1346e3fbabb2688d8782d sha256:8b80c53c8da5e6053e89a436c317b36ee778c7e0b5b12797638b112f1730152b Public Key PIN: pin-sha256:i4DFPI2l5gU+iaQ2wxezbud4x+C1sSeXY4sRLxcwFSs= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Tue Mar 10 12:06:52 2026 CA expiration time: Tue Mar 10 12:06:42 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Sun Mar 09 22:06:52 UTC 2025 Not After: Mon Mar 09 22:06:52 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0a:5c:1e:15:8a:54:d6:30:20:02:2d:45:45:85:cd:f1 f9:ec:b5:18:b8:60:74:94:c4:c8:1f:42:f6:7e:57:3b 0d:0e:96:1e:eb:89:82:c3:e8:de:66:a5:1b:6e:70:c1 18:59:44:34:08:5f:97:fa:7e:57:ee:b4:05:73:7c:77 c4:34:e1:03:b8:a2:63:51:21:6e:f6:ec:76:e2:bd:51 0e:c5:5a:07:a8:15:35:43:26:be:3c:33:f3:fe:10:f9 93:60:af:6f:9e:ad:07:44:24:13:1a:52:43:de:d1:88 e0:4e:c2:88:4f:ef:e4:ba:ed:ca:8a:f0:9e:a7:de:df 42:d3:33:e7:38:d6:a7:8e:ca:cb:6e:6b:dc:82:e5:81 47:c0:fd:6a:44:1d:91:57:2d:6f:b9:c0:cf:52:8c:b1 0e:d4:d2:72:c5:94:6f:19:f5:33:40:85:55:93:f8:1d 9c:a0:7c:07:68:12:26:7a:74:90:94:00:f6:e4:19:a5 cc:64:6d:12:49:27:d6:5d:46:4d:c7:e2:25:19:59:a4 18:49:7f:86:5c:8d:22:24:c5:40:ec:87:54:66:d3:af 3a:72:c3:46:bf:31:b9:3f:a3:55:10:c4:64:45:e0:9f e1:3c:c0:48:e2:ac:7e:17:a1:59:49:31:d4:9e:84:2d ac:c8:57:74:6a:63:7a:95:28:a8:8b:c7:b3:cb:07:e3 b4:c4:4a:c4:fe:53:df:c3:8d:a7:28:37:7d:7a:44:ee 73:fb:2b:30:12:ab:8f:d4:e1:7a:f1:af:67:7d:88:cf 8a:33:2b:63:f0:4d:c0:0c:cd:a5:3e:95:28:4f:8f:9e 08:d2:b5:c0:cb:60:ca:a0:f6:88:8c:bb:62:cb:95:c6 31:cd:24:51:46:a0:17:a7:35:a3:f0:ed:55:b1:f1:f6 64:d8:1e:42:91:a6:a2:a9:77:93:88:2e:8d:f3:ba:b9 53:f7:fe:93:4f:64:e8:bb:b4:93:09:5c:53:5f:7f:7a cc:4d:cd Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): ee6c0a72673403a04c94e5a08d62d9abfe85e939 Authority Key Identifier (not critical): 57db0598d52dbdf7691d15252dd839aa1963a4d0 Other Information: Public Key ID: sha1:ee6c0a72673403a04c94e5a08d62d9abfe85e939 sha256:ebc70cf60c925c95ba8db6fb74b416dbaf71fcca239921e6a1e31138486ec213 Public Key PIN: pin-sha256:68cM9gySXJW6jbb7dLQW269x/MojmSHmoeMROEhuwhM= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104520c14dfa89a6aa80faf28fd5d9f47a4d6eca60a932451c54d91102fdd7072b66e15a297e3d277ddd71b6c45cd4e63c648558f7c21a73c77e67edf901add29e4 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 042072137e6250eeb91d443f4781114c6b835f60c5b538e05d1171ae57b2211b3353 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104f0a5b2dc98c408d8da1a7164565874944b1c910da293a8735fb6bf1ac6c2cc24190b7425de72621e64080705fd25d2e1e6973265f6db35e5a661ea41cef574fd EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850401a21f87ef0871427752df57d12ce4e9ab0d3f1463036a26357f7a1fe58aafa75e1ea2fd4b2aadf65d9aee61764a7d85f05266d1c2af1f56df39cbfd662b074823ab005c760f20e30b3b0840cf636431cfe5d1f799699bdf1e1a5620e053f4324ea26a9282416b1399a108c2550edff8b665dd7df5b972e9ce648ff8ec5586b2a7084226 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 043917c1c9d571732a55efb76ff34f7a5b8799bc7cb5e8d257b22a59cc8bfd44dbb4cb2c29d5833b538618cc1ca51813dab090d7db9a0caeedba80 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 19.89s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src SOFTOKNPATH=/usr/lib/x86_64-linux-gnu MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=70 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ######################################## ## Searching for Kryoptic module ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.05s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src SOFTOKNPATH=/usr/lib/x86_64-linux-gnu MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=196 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' ######################################## ## Searching for Kryoptic module +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.04s 5/92 pkcs11-provider:softokn / basic RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=44 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.02s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=92 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 40C7EF1F6B7F0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 705325115 - SoftHSM slot ID 0x2a0a683b):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 705325115 - SoftHSM slot ID 0x2a0a683b):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 7.10s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> MALLOC_PERTURB_=124 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.02s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=237 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.02s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=157 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.02s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=109 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.63s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=172 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.02s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=249 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.02s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=78 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.02s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=95 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.35s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=131 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.02s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=70 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.02s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=105 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.02s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=110 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 0.94s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=224 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.02s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=222 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.02s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=134 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 2.25s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=195 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.02s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.02s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=189 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=251 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.02s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=66 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.02s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.02s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> MALLOC_PERTURB_=16 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr ...+..+...+....+...............+...........+....+++++++++++++++++++++++++++++++++++++++*.+......+.....+...+......+.+..+.......+...+.....+...+....+++++++++++++++++++++++++++++++++++++++*..+...+..........++++++ .+.......+..+...+...+....+...+++++++++++++++++++++++++++++++++++++++*...+...+..+...+..........+............+..+..........+++++++++++++++++++++++++++++++++++++++*..........+.............+........+.........+.+.........+..+.+.........+....................+.+..............+...+..........+.....+...+...+......+.+..+.+.....+......+...............+.+..+...+.......+......+.....................+.....+....+..+....+...+......++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 9 22:07:05 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 1.21s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=59 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.02s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=49 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.02s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=175 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.01s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=213 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.09s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=219 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.02s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> MALLOC_PERTURB_=76 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.02s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=207 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.02s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> MALLOC_PERTURB_=101 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 1.32s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=238 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.01s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=183 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.01s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=50 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.02s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=86 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.02s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> MALLOC_PERTURB_=69 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.02s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=93 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.02s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=186 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.02s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=173 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.02s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=7 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.02s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> MALLOC_PERTURB_=255 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.01s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=222 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.02s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> MALLOC_PERTURB_=32 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.02s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=123 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.26s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=156 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.02s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=64 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.01s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=139 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.19s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=247 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.02s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=109 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.02s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.06s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=83 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.01s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=122 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.02s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=156 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.02s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=151 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.44s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=89 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.02s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> MALLOC_PERTURB_=16 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.02s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=216 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.02s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> MALLOC_PERTURB_=255 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.19s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=196 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.02s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=72 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.02s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=158 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.01s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=26 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 40F74934C47F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 40F74934C47F0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 / ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.08s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=58 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.02s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> MALLOC_PERTURB_=226 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.02s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MALLOC_PERTURB_=11 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.02s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=151 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.06s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> MALLOC_PERTURB_=11 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.02s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=18 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.02s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> MALLOC_PERTURB_=187 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.02s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=169 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN2uwutJaCDQZ9U/pa3jXl1XH7QJOiD7iAn5 atxbwT+SUypwOLr00X8evl4PX0kKVD4VxLvf+NcUIp6KiVDKGZIpfEsUJX9V2Nv/ c6tiBBIwBt+P0M9c/nWKN29o5ozS6CgR/btFa9BOlcxr2Ijx9x8pmhuD30NvMoFA N4uCw36tY9yD9M1f6mzQuzMAJQNzus1HjumOwSFhywJAUfPh/o/+8HexYBJjWuiw jQN/Ls+r7KdINfIT6K2YY0XthuMmDhVAtEb6DpI+QrfswKKmpoPV+BeBkdGA2+BX EmDC7ZF8APtE7lhMB+UPos/ZeLBWRrLvD1HVBDhh9aGFnfkKb+8CAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQROoyIOIjQd4/bc8NcpFdNeE/HETAf BgNVHSMEGDAWgBRX2wWY1S2992kdFSUt2DmqGWOk0DANBgkqhkiG9w0BAQsFAAOC AQEAqtHVZjoVXZi6w1ZJiksWBAdUB4la82c3jNdbYy/42stRa1k3jfp8KqN7nogk xtFrxnQtkIxDoLFYD5HvjTgZ7SOjH6oPVnOvRrVsoDJY5RM5cXWzq1CXXKIr9h3q g2wqwWObVVAU79pSZiXt14TA+Blu3iHQqPw7JGnUrgahdhiJeJ2p6iR/Eg1OSw7Q B8ND2xwmQqhxi6A//zCdd1mZW5X1v9TLWdbs9DkrhcYpE/FTeCOXi7Y6K7ntYv5n FSr8MN+ZMzwOYFPgnmydjrMBcZWSV/LoY+zzannEoush/R7HTy2qeGjj748Xzvf/ 8P4Gljz38kt8IqqP4RoWGpRv2g== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6CEAF0BBBB24007A229FF7344EFBCCE0576AD4970F5B63265DD36710ACBE9DC5 Session-ID-ctx: Resumption PSK: 18881F1FA8E3932D35D60874C0985EFCCCA9EE630C25EF2D0D4669BE5097B3F912609F96D0C33647AFB6B7B27F94158C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - bc 42 32 ea 12 bc 4a 9e-b4 9d 36 ac cb 9b 99 ce .B2...J...6..... 0010 - c2 b0 cd 71 0b 49 21 73-0e 48 b5 10 29 ae 79 5a ...q.I!s.H..).yZ 0020 - 05 bc 23 0f 29 70 b9 09-a3 78 4c b0 d0 8a c3 5a ..#.)p...xL....Z 0030 - 50 ad 34 35 c2 6c 3a 8e-7f fd 46 d5 32 45 4c 33 P.45.l:...F.2EL3 0040 - 6b 15 32 7c 82 27 2c 08-a1 4d d6 95 f9 be 8f b7 k.2|.',..M...... 0050 - 9b b9 16 cd e3 4f c6 be-b8 03 94 ad 9e 23 10 64 .....O.......#.d 0060 - b2 4b 39 ed a7 3c 9e 03-f4 4b 56 3c 4f c7 11 4b .K9..<...KV...... 0040 - 1a b2 48 7f a3 3d 26 c7-ff a7 08 e1 3a dd 68 d4 ..H..=&.....:.h. 0050 - 60 3e 42 9c 90 d8 ab c4-1c 6a 50 1a 9f 56 c3 e8 `>B......jP..V.. 0060 - 32 4c da a8 d1 e9 04 a5-e5 ed be 69 f4 6f b9 f5 2L.........i.o.. 0070 - 93 ed 9c f7 76 85 4a f0-15 4e 88 fc 0e 3e 53 0f ....v.J..N...>S. 0080 - b6 9c 04 70 37 9e 7a fa-bb 6b 72 62 4e 80 a3 8f ...p7.z..krbN... 0090 - b7 8e ec d8 1e ca ce dd-91 be 38 f4 89 e2 22 e7 ..........8...". 00a0 - c7 87 cf c2 cf 00 eb fb-f8 92 1d c8 98 40 62 6a .............@bj 00b0 - 8a 95 f9 21 9a 86 bc fa-62 20 4e f3 f0 2a 28 d4 ...!....b N..*(. 00c0 - 2c 82 6a 26 0a f5 72 d0-e8 7f 1e 8d 2b 7c 30 9b ,.j&..r.....+|0. Start Time: 1741558029 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7363DFA129AB66545DA4237C238E9703E7641DE5332609D7A8C010313E3BDA7E Session-ID-ctx: Resumption PSK: 9412699E0FD464ECF2851260972FA18F1793B92A50EEEF2EDD45FE11B35CDB7A768C1683A7659B50E5C73F662B078935 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 78 2b a3 09 5b 49 e2 1d-b1 dd be be bc e1 a3 4a x+..[I.........J 0010 - 89 77 09 d1 3b 61 7f dc-12 c9 58 dd 97 2b 4c c5 .w..;a....X..+L. 0020 - 54 57 47 30 3f 58 a1 c0-de 85 6c c1 01 1a bb d6 TWG0?X....l..... 0030 - b0 bf 95 2c 4c 5e 16 52-ab 7e 55 6b 41 ff af 59 ...,L^.R.~UkA..Y 0040 - a3 95 a1 7c 00 46 06 35-1e 43 bb 07 bb 18 ed 18 ...|.F.5.C...... 0050 - ab 1e 8c 6d fb 52 38 52-31 7b 30 72 b4 23 13 5f ...m.R8R1{0r.#._ 0060 - 72 5c 0e 1b f2 f0 c6 83-c1 58 2a 94 a1 a9 3b ef r\.......X*...;. 0070 - 4a 45 bf a1 60 cb e4 a7-44 a4 9a 75 df 85 7b 12 JE..`...D..u..{. 0080 - f9 db 2d 35 93 02 e1 31-b1 ac e0 d5 57 fd 57 82 ..-5...1....W.W. 0090 - cf d5 bf b5 f8 e4 26 c4-4f c3 c2 4b 50 9e ae 60 ......&.O..KP..` 00a0 - e7 2c 38 76 32 67 47 1a-13 81 3f 73 22 43 db 11 .,8v2gG...?s"C.. 00b0 - 53 94 99 12 8a bc fb 27-e9 9a 30 a8 49 7b 5e 61 S......'..0.I{^a 00c0 - bb db 07 b6 e1 b8 11 e7-a3 a9 f7 2d 2a e7 bf 48 ...........-*..H Start Time: 1741558029 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4077CA01097F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIK1MFENisGVy971DJD57bZLn5CdElre99o05BKXtz9l6 BDCUEmmeD9Rk7PKFEmCXL6GPF5O5KlDu7y7dRf4Rs1zbenaMFoOnZZtQ5cc/ZisH iTWhBgIEZ84RDaIEAgIcIKQGBAQBAAAArgYCBC9+AMazAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 9 22:07:09 2025 GMT; NotAfter: Apr 8 22:07:09 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUb076HGtklr8ympfSXoRsw/MiqowwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzA5MjIwNzA5WhcNMjUwNDA4MjIwNzA5WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwpcHhWKVNYwIAItRUWF zfH57LUYuGB0lMTIH0L2flc7DQ6WHuuJgsPo3malG25wwRhZRDQIX5f6flfutAVz fHfENOEDuKJjUSFu9ux24r1RDsVaB6gVNUMmvjwz8/4Q+ZNgr2+erQdEJBMaUkPe 0YjgTsKIT+/kuu3KivCep97fQtMz5zjWp47Ky25r3ILlgUfA/WpEHZFXLW+5wM9S jLEO1NJyxZRvGfUzQIVVk/gdnKB8B2gSJnp0kJQA9uQZpcxkbRJJJ9ZdRk3H4iUZ WaQYSX+GXI0iJMVA7IdUZtOvOnLDRr8xuT+jVRDEZEXgn+E8wEjirH4XoVlJMdSe hC2syFd0amN6lSioi8ezywfjtMRKxP5T38ONpyg3fXpE7nP7KzASq4/U4Xrxr2d9 iM+KMytj8E3ADM2lPpUoT4+eCNK1wMtgyqD2iIy7YsuVxjHNJFFGoBenNaPw7VWx 8fZk2B5CkaaiqXeTiC6N87q5U/f+k09k6Lu0kwlcU19/esxNzQIDAQABo2kwZzAd BgNVHQ4EFgQUoWWmRL+FklA1j0ws0wm3DrB9D0gwHwYDVR0jBBgwFoAUoWWmRL+F klA1j0ws0wm3DrB9D0gwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAABaz/j4RKs8YwDn7jeSEAEcHp/v9kX/ 2Q826X1qOYNVZPaKF5ggsdYEPNWdqKKeVYSNoRxVsainEJtYirM1Hw52kD/Moknv LuR6FldYnsgMuj8omtfFeFZm8QRqAVYKTs2bU9CGCMayuPhZWYKghEopF7vzKQYj yO681fAj1uQ/ku67AqDLPcLmLu1L2EdJIfllQvrrXRRCh72xQx2xZrFVY2Lyx/th xPIMuzflTk3rSfKADXR51KjZB52BG4pw1FtZ/CWGKhh0tNSTVyax5oGC8gvEltrH kfv9K+R8b0Pt6etuuNbl4jf8ipZ5Npu7JgcnCI0vhJuevPqe5rY1AnsT1aRBrKAt Ycxsqq7BZxulVynrLZjicgjJjPnjiYqHkG0yC+FVlOz62tU7OQJwe+TBk+GzmGO3 QkeYpwQqOJXE/ozVZFCyHUOM8yhadiavaWiPaNnYF4wKRolWPSztnPArkn5iryuF 5rAzTtqQhQqG2zAYkozOS/zGGO/ohh7H684kwg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 1D01A08C001CFC3F2CF7A8C343C0C54347AA1D71F3CC1E76A74BE2F57BED285A Session-ID-ctx: Resumption PSK: 2AC4D85CC62E68D873B190FD80DC8DA9CB060B6DCAB60CA91F6371CBD4587F5CB5692E1586D280F0C472C97BC05BBE5C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 95 e6 e3 34 cf 23 1a 67-ee 86 94 6a 7e 16 6b fd ...4.#.g...j~.k. 0010 - bb f1 6b 29 6a c1 c0 2d-ec ad 99 89 ee 40 36 9e ..k)j..-.....@6. 0020 - da b4 cd c8 14 a0 c0 b5-f5 f9 9e 84 09 78 b6 45 .............x.E 0030 - 17 d4 6b 51 e7 57 18 40-01 32 99 50 82 76 8c 44 ..kQ.W.@.2.P.v.D 0040 - cd bc 5e 16 96 b5 29 58-00 ba 05 2d cc 0f 1c 8f ..^...)X...-.... 0050 - 8f 26 79 ea ae 1c 76 2c-7f 25 f4 72 0d 1d 84 eb .&y...v,.%.r.... 0060 - 27 53 8b ad bb 1b db c4-33 42 cb 97 81 1e 4a 6b 'S......3B....Jk 0070 - 70 a8 55 67 c0 2c 4f 72-ce 65 52 c5 d7 6a 24 7e p.Ug.,Or.eR..j$~ 0080 - e1 7f 50 4c 66 27 25 c3-fb ee 85 4b d2 f9 52 a8 ..PLf'%....K..R. 0090 - c1 12 b9 69 f6 60 4f 6e-f0 7b 4c 6d 91 cd 0b 2a ...i.`On.{Lm...* 00a0 - 40 37 3f 7d 1b a8 56 70-fa 4d 26 bd e4 ed e4 5b @7?}..Vp.M&....[ 00b0 - 4d b9 1e f9 14 b3 a8 3f-ec 0b fd ba dd ca 9d d4 M......?........ 00c0 - e1 d8 21 ca fa da f0 d2-12 04 ff e0 5c 30 17 3a ..!.........\0.: Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3E98B02C301898ED74B2151E568B99ADCE1E24043AA4035B4F312BFFB00E5A22 Session-ID-ctx: Resumption PSK: 3339446954F2C1F1F9C725DEF460DCF1032245114DC65BDB08B988F030692252BBF6C107B9F98A0FF84AFD6131A1D272 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 95 e6 e3 34 cf 23 1a 67-ee 86 94 6a 7e 16 6b fd ...4.#.g...j~.k. 0010 - b9 6f 23 35 25 a7 b3 35-a3 e5 c7 95 35 75 e5 73 .o#5%..5....5u.s 0020 - 8b 5e 42 94 61 09 fc 12-95 fa 13 1a 3d 89 f3 de .^B.a.......=... 0030 - ff 63 ae 51 68 be 26 8d-1c 2d c4 0f 67 5a 69 ee .c.Qh.&..-..gZi. 0040 - 01 41 9a c8 ec 5a 0f 4c-2d 25 8c e5 7f 41 15 c1 .A...Z.L-%...A.. 0050 - 7c cf ca d7 19 b8 0f 38-c1 92 d4 1f 92 7b 39 ef |......8.....{9. 0060 - 3d 79 66 f2 67 59 e7 d7-d1 cb 2e ef cb c9 fc 9b =yf.gY.......... 0070 - 62 3d 46 31 3c 57 0b 78-cd 6a 9f 0a 84 ff cb 5c b=F1k..8 0010 - cf 37 89 e7 81 b7 77 46-7e 42 f8 38 66 ac ec d9 .7....wF~B.8f... 0020 - 54 93 9d 08 09 88 56 d4-95 6d d8 f2 8f f6 68 5a T.....V..m....hZ 0030 - b3 64 04 67 e0 6b 0c cc-30 fb 6b cc 25 e4 3c 9a .d.g.k..0.k.%.<. 0040 - e4 3f 9e 84 94 6a 8c e7-f2 50 b4 a9 28 70 a9 5f .?...j...P..(p._ 0050 - 80 6f fb 56 73 e9 8d a4-9e 77 1d a0 5b 30 f1 38 .o.Vs....w..[0.8 0060 - 02 be 2f 3e df 18 d6 c9-51 89 b1 bc 2a fa 16 89 ../>....Q...*... 0070 - ad 25 62 56 84 a3 09 d5-c9 b8 0e 44 bd da 50 d6 .%bV.......D..P. 0080 - a2 39 7c 09 68 12 e4 ce-14 1f cb 31 53 e9 81 f3 .9|.h......1S... 0090 - 85 cd ae fa fd f6 f0 d6-ad 5c 21 f7 25 92 01 22 .........\!.%.." 00a0 - 7b 10 2a 05 f8 e9 84 f2-f7 87 f4 de a6 08 21 b3 {.*...........!. 00b0 - c6 5d 74 90 32 42 65 69-26 0a b5 8d f7 4f a7 9c .]t.2Bei&....O.. 00c0 - 6c f9 7f 77 e6 4c ed bd-d1 5c 92 8e f7 90 33 05 l..w.L...\....3. Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2A50B5ED2EE3B7E96CD11FDFD20A1557B572E012400D3750EE65391154F331FE Session-ID-ctx: Resumption PSK: BCC2277C5808E68A7916CF9A4919B6B1F58AB70151C3DD9B0B0D95EC9D404DEC1DD8BBC55FBCF1D496CDCE9E6B6BAA71 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0f 7a f2 3d d5 0e 25 e5-1e c4 19 3e 6b 90 d6 38 .z.=..%....>k..8 0010 - 44 4b a6 bc 73 63 36 cc-e6 7e 43 b5 f6 48 2c 89 DK..sc6..~C..H,. 0020 - 82 34 ad 29 92 a0 df 04-90 43 bb c3 fc 48 df 3e .4.).....C...H.> 0030 - 37 42 f3 97 25 e2 42 7a-52 72 c4 88 f8 bb 1d 35 7B..%.BzRr.....5 0040 - 15 71 d2 d2 02 68 a5 2b-48 58 eb 8e 3d e9 d9 62 .q...h.+HX..=..b 0050 - 1b 60 c7 87 77 e9 f8 72-5b c0 fd bb 7e 35 26 2a .`..w..r[...~5&* 0060 - 62 a5 58 7a 51 2f 12 de-d3 2a 9f 24 a8 b3 18 60 b.XzQ/...*.$...` 0070 - 56 0f 42 9c d7 6a f6 6d-be 90 1b 8e a5 ed 8e 2f V.B..j.m......./ 0080 - 9c ed b6 d7 37 4b 5a cc-3a e8 24 4d 8b bb 78 35 ....7KZ.:.$M..x5 0090 - 44 48 67 fb 73 4c 0c cd-62 ff cd 83 ad 80 a5 54 DHg.sL..b......T 00a0 - 0d c6 8d b6 c3 78 e1 06-4e e7 2e eb 40 a4 5d 3a .....x..N...@.]: 00b0 - db 73 f6 c1 e2 8e 5f 8a-80 97 2b 4f 0c 25 7d 41 .s...._...+O.%}A 00c0 - a2 ae 63 06 73 5a f8 ea-fd 12 54 68 43 65 95 0e ..c.sZ....ThCe.. Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C7581CD77F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIPdCUOmeXKmCIFhsvAL0Dh/JSuoUxLM1x3HvcSN0Ch8i BDC8wid8WAjminkWz5pJGbax9Yq3AVHD3ZsLDZXsnUBN7B3Yu8VfvPHUls3Onmtr qnGhBgIEZ84RDqIEAgIcIKQGBAQBAAAArgYCBHvCTwSzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN2uwutJaCDQZ9U/pa3jXl1XH7QJOiD7iAn5 atxbwT+SUypwOLr00X8evl4PX0kKVD4VxLvf+NcUIp6KiVDKGZIpfEsUJX9V2Nv/ c6tiBBIwBt+P0M9c/nWKN29o5ozS6CgR/btFa9BOlcxr2Ijx9x8pmhuD30NvMoFA N4uCw36tY9yD9M1f6mzQuzMAJQNzus1HjumOwSFhywJAUfPh/o/+8HexYBJjWuiw jQN/Ls+r7KdINfIT6K2YY0XthuMmDhVAtEb6DpI+QrfswKKmpoPV+BeBkdGA2+BX EmDC7ZF8APtE7lhMB+UPos/ZeLBWRrLvD1HVBDhh9aGFnfkKb+8CAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQROoyIOIjQd4/bc8NcpFdNeE/HETAf BgNVHSMEGDAWgBRX2wWY1S2992kdFSUt2DmqGWOk0DANBgkqhkiG9w0BAQsFAAOC AQEAqtHVZjoVXZi6w1ZJiksWBAdUB4la82c3jNdbYy/42stRa1k3jfp8KqN7nogk xtFrxnQtkIxDoLFYD5HvjTgZ7SOjH6oPVnOvRrVsoDJY5RM5cXWzq1CXXKIr9h3q g2wqwWObVVAU79pSZiXt14TA+Blu3iHQqPw7JGnUrgahdhiJeJ2p6iR/Eg1OSw7Q B8ND2xwmQqhxi6A//zCdd1mZW5X1v9TLWdbs9DkrhcYpE/FTeCOXi7Y6K7ntYv5n FSr8MN+ZMzwOYFPgnmydjrMBcZWSV/LoY+zzannEoush/R7HTy2qeGjj748Xzvf/ 8P4Gljz38kt8IqqP4RoWGpRv2g== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: F8E0F419ED18D62D809307434679E29ACDC190BAFD053437ED197455D036C177 Session-ID-ctx: Master-Key: 9AAE6FF32A865E1D330923DF5CC60CED3F34FE886E3726D61AC2A5A92950391F14736B024E1AF59164DC874FF7EBB5AC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d3 95 a7 d5 0f 9a 6f bd-88 94 4f e0 29 43 d7 fc ......o...O.)C.. 0010 - d2 cf ed 17 dd 36 68 3f-2b 55 45 f2 5a 41 0d 97 .....6h?+UE.ZA.. 0020 - ff 42 69 65 52 28 af 56-a6 13 bc 7f 62 c8 9b ea .BieR(.V....b... 0030 - a2 f7 95 b1 3d 14 e0 c0-29 21 c3 fe 4c d3 a4 b7 ....=...)!..L... 0040 - 5a b1 16 3a 36 d2 cf e9-a8 e2 a4 4f 73 5a 6a da Z..:6......OsZj. 0050 - e2 0a bd c4 8d 88 ae 69-84 02 93 98 78 2e a3 cd .......i....x... 0060 - f9 8b 33 33 dc 86 a5 b1-0f e9 3e 4a 09 48 11 1a ..33......>J.H.. 0070 - 8f 52 09 95 10 fa 8d 9d-b7 d8 63 a8 d1 85 1a 9f .R........c..... 0080 - 5f a3 8a 56 ad c9 ac fb-af 36 c9 db 02 fd f0 2d _..V.....6.....- 0090 - 84 58 a6 13 6b bc cc 39-26 00 23 7c 04 38 ab 8a .X..k..9&.#|.8.. 00a0 - 10 08 67 bb 08 0d 67 2b-bc b8 4d ba e2 5b ca 57 ..g...g+..M..[.W Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40A74E179A7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDCarm/zKoZeHTMJI99cxgztPzT+iG43JtYawqWpKVA5 HxRzawJOGvWRZNyHT/frtayhBgIEZ84RDqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN2uwutJaCDQZ9U/pa3jXl1XH7QJOiD7iAn5 atxbwT+SUypwOLr00X8evl4PX0kKVD4VxLvf+NcUIp6KiVDKGZIpfEsUJX9V2Nv/ c6tiBBIwBt+P0M9c/nWKN29o5ozS6CgR/btFa9BOlcxr2Ijx9x8pmhuD30NvMoFA N4uCw36tY9yD9M1f6mzQuzMAJQNzus1HjumOwSFhywJAUfPh/o/+8HexYBJjWuiw jQN/Ls+r7KdINfIT6K2YY0XthuMmDhVAtEb6DpI+QrfswKKmpoPV+BeBkdGA2+BX EmDC7ZF8APtE7lhMB+UPos/ZeLBWRrLvD1HVBDhh9aGFnfkKb+8CAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQROoyIOIjQd4/bc8NcpFdNeE/HETAf BgNVHSMEGDAWgBRX2wWY1S2992kdFSUt2DmqGWOk0DANBgkqhkiG9w0BAQsFAAOC AQEAqtHVZjoVXZi6w1ZJiksWBAdUB4la82c3jNdbYy/42stRa1k3jfp8KqN7nogk xtFrxnQtkIxDoLFYD5HvjTgZ7SOjH6oPVnOvRrVsoDJY5RM5cXWzq1CXXKIr9h3q g2wqwWObVVAU79pSZiXt14TA+Blu3iHQqPw7JGnUrgahdhiJeJ2p6iR/Eg1OSw7Q B8ND2xwmQqhxi6A//zCdd1mZW5X1v9TLWdbs9DkrhcYpE/FTeCOXi7Y6K7ntYv5n FSr8MN+ZMzwOYFPgnmydjrMBcZWSV/LoY+zzannEoush/R7HTy2qeGjj748Xzvf/ 8P4Gljz38kt8IqqP4RoWGpRv2g== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 601A1A004D6F1CCEA9C014FEEA1CC960088DE2621383EC3A528639726AE0FFED Session-ID-ctx: Resumption PSK: 085DAAAD104C82364E98337699A58FD3A6466927BF82801F8577502287D7318C01057BEC5AA0676719FB90BB32B77056 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 56 df b6 56 72 75 c8 1d-bb 89 f3 19 b2 83 4d 94 V..Vru........M. 0010 - 20 4e 41 ec 89 9a 9b 33-fa cb b0 a0 f5 1a 37 ec NA....3......7. 0020 - 5c ba f8 ff 19 de ff 35-43 4c 42 91 02 b5 75 d4 \......5CLB...u. 0030 - d0 96 bd 38 bd 44 5b 84-ee 5f b1 f8 07 71 01 67 ...8.D[.._...q.g 0040 - 85 7b 18 22 ed 95 df d3-89 29 93 be 9c e3 b5 9e .{.".....)...... 0050 - 56 01 2f f0 26 d0 bb cf-ee f5 97 53 d1 79 b2 c0 V./.&......S.y.. 0060 - d7 cd 50 3e 23 38 e3 b7-ce c9 5a 03 6c 88 c1 e2 ..P>#8....Z.l... 0070 - a0 d8 14 63 f3 42 a7 cd-fb 50 56 09 b8 28 13 54 ...c.B...PV..(.T 0080 - 7d dd f5 e2 96 87 f6 70-a4 94 5f aa 2c 3d 2a 61 }......p.._.,=*a 0090 - 79 29 d1 0e 36 47 55 e9-63 5b 39 cf 37 72 42 20 y)..6GU.c[9.7rB 00a0 - c9 79 e5 22 ef 16 26 21-97 7d 93 8a 0e 25 c9 a2 .y."..&!.}...%.. 00b0 - 45 4f b2 76 de ee 85 f7-9a 9f c6 18 b9 4f c9 6f EO.v.........O.o 00c0 - 8b e3 f1 c1 da 5c c1 62-bb ab a3 3e d4 a8 bc ef .....\.b...>.... Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B4779B986C1BE2459C7893E41F1991FB75E86F84540838913882A6DB3E1CCA74 Session-ID-ctx: Resumption PSK: C81CDF0566CCC70814DD8274E9E2917E806EBCBCD4201EA361454CCE1CB6C56D74231C2E53115D3C8B0BD0317316F554 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 56 df b6 56 72 75 c8 1d-bb 89 f3 19 b2 83 4d 94 V..Vru........M. 0010 - 03 24 f0 c3 48 a0 14 46-78 55 59 db 8a ae 1e 68 .$..H..FxUY....h 0020 - d8 2d 31 fa e9 6c b2 48-57 3e 03 42 30 7f fb 81 .-1..l.HW>.B0... 0030 - 42 d4 3f 12 ba a6 4a 33-47 e3 a5 66 37 62 6b 10 B.?...J3G..f7bk. 0040 - dc 47 c4 ad 34 b5 71 c6-34 87 ba e7 e4 60 71 63 .G..4.q.4....`qc 0050 - ca 3b 3d 09 fb 81 97 e0-49 e6 92 48 bf 4d 38 52 .;=.....I..H.M8R 0060 - be 1d 44 90 fd 8e 55 a9-ae 88 67 31 04 56 13 08 ..D...U...g1.V.. 0070 - 2f 6a 7d 4e 6c bc 20 3c-99 ce ca 4c a3 86 17 cd /j}Nl. <...L.... 0080 - b1 db a8 c2 1b 25 e9 e5-00 c3 1e 12 7f fc e2 d2 .....%.......... 0090 - 44 c5 05 9a 5e ad 3e 87-0b 8f 2f 1a 9b 4f 6c 45 D...^.>.../..OlE 00a0 - 81 1a 94 bf 4e 08 bd 1e-7c e0 6d 26 49 01 b8 d7 ....N...|.m&I... 00b0 - 45 5f c9 6d 1e b5 ec 52-ad 27 ba 0c 05 4b 6e 6b E_.m...R.'...Knk 00c0 - 71 e1 f2 22 66 38 7f 3e-e9 57 21 07 f7 f6 19 8d q.."f8.>.W!..... Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4047BB2F687F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIO4VY+77SSi/oX3QgLwvyFcpy00FzpG7YJJDx3z83ogC BDDIHN8FZszHCBTdgnTp4pF+gG68vNQgHqNhRUzOHLbFbXQjHC5TEV08iwvQMXMW 9VShBgIEZ84RDqIEAgIcIKQGBAQBAAAArgYCBGDA+oezAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARSDBTfqJpqqA+vKP1dn0ek1uymCpMkUcVNkRAv3XBytm4V opfj0nfd1xtsRc1OY8ZIVY98Iac8d+Z+35Aa3Snko4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFMrqHAE2R6xMzoAX+8yW0Mnhm4tMB8GA1UdIwQYMBaAFFfb BZjVLb33aR0VJS3YOaoZY6TQMA0GCSqGSIb3DQEBCwUAA4IBAQCcB128XPK2jn8w ED5MPoENFz7rrsMYvz/1Xa99ODyjDjBk3GLWOTytK/sJZX8tt4sx54Xl2zHtW9Ek s+N2SxYHv043pxDVXGw7WFkwG6D6hm/+m8isStxaeHLsN7+btj/QjIyZvTJmalPP PljHvTeI6Sy5TBXQjIPID+SeoZxuSEMIIgNfjb/zCtyEnMs/r+tU12zPclAXGrGj gMa1QBirTylK40Dx1BR1JUiPoEgwL0FKAVPxn/0ohOD0sThSuadwSngF8NF3t57d ASTJAWAfkw+1PjLaMdPSVcYBcjkp9t3FXYciii8wC92A/H+WWVGro5deHPaHTH9j PVa+M2rY -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1087 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 3C436C72CEBEA680F26AA42AE2EDE71AEFD2EF39ADEEA9D7B16E039D001A25BE Session-ID-ctx: Master-Key: 17C6874F99F0A76A52952FD953702AFA0A642A2EFB5E6A5B4C5630484E6112E86E694C77A79EEC6729300A72329213F3 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 10 07 58 12 f2 3b 1f 85-f4 d0 5e 17 fa 97 ac d8 ..X..;....^..... 0010 - 3f b0 68 40 c1 c7 32 55-9d 95 e1 92 2b a1 cb 52 ?.h@..2U....+..R 0020 - c2 4e d0 5e 30 91 1a 13-86 ef 60 06 56 a2 49 20 .N.^0.....`.V.I 0030 - cb b6 ca 06 22 a1 92 a1-d8 86 03 aa f1 09 d2 d3 ...."........... 0040 - 07 18 bb b0 8a cc b2 43-a6 ed 71 1d 02 35 dd 93 .......C..q..5.. 0050 - bf e8 8a 86 9f ae 68 bc-41 ca 11 da 98 cf 5b 3b ......h.A.....[; 0060 - d6 51 da d9 fd a9 1a 80-3b 8e c1 33 6a e7 94 1e .Q......;..3j... 0070 - 92 b9 c0 11 28 d5 ff 1e-84 3c 42 46 a5 15 0a b0 ....(....k..>..n..[.T 0040 - 94 1f b9 7a 50 0c a8 bc-63 a2 a3 2d a0 75 c0 46 ...zP...c..-.u.F 0050 - e6 24 a4 64 b6 d4 39 ec-77 fc 87 4f 73 88 13 16 .$.d..9.w..Os... 0060 - 14 8c 0e 4e 8a 5a 06 4d-18 98 28 5a 62 d9 93 9d ...N.Z.M..(Zb... 0070 - 11 c9 63 46 72 2f a8 0a-af 64 1b 5d 66 cc 61 2f ..cFr/...d.]f.a/ 0080 - 78 25 73 b6 3e c9 83 8d-fc e7 41 d7 b1 ab 89 17 x%s.>.....A..... 0090 - 49 17 08 0b 7b cb 4a d0-ac 50 7c 2f 3b 4b e9 13 I...{.J..P|/;K.. 00a0 - 4e 22 6a 24 6f 1d a0 8b-0b c6 dd 2d da 6e 0d 2a N"j$o......-.n.* Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40C7B5D1647F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDDffLhcGVTK+s8ejvQL7JyTu4eDcPl1aGexdaM49i6Q Q6eywziITyyEixNP4RwrTSmhBgIEZ84RDqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARSDBTfqJpqqA+vKP1dn0ek1uymCpMkUcVNkRAv3XBytm4V opfj0nfd1xtsRc1OY8ZIVY98Iac8d+Z+35Aa3Snko4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFMrqHAE2R6xMzoAX+8yW0Mnhm4tMB8GA1UdIwQYMBaAFFfb BZjVLb33aR0VJS3YOaoZY6TQMA0GCSqGSIb3DQEBCwUAA4IBAQCcB128XPK2jn8w ED5MPoENFz7rrsMYvz/1Xa99ODyjDjBk3GLWOTytK/sJZX8tt4sx54Xl2zHtW9Ek s+N2SxYHv043pxDVXGw7WFkwG6D6hm/+m8isStxaeHLsN7+btj/QjIyZvTJmalPP PljHvTeI6Sy5TBXQjIPID+SeoZxuSEMIIgNfjb/zCtyEnMs/r+tU12zPclAXGrGj gMa1QBirTylK40Dx1BR1JUiPoEgwL0FKAVPxn/0ohOD0sThSuadwSngF8NF3t57d ASTJAWAfkw+1PjLaMdPSVcYBcjkp9t3FXYciii8wC92A/H+WWVGro5deHPaHTH9j PVa+M2rY -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2F8C9353649269C353084E6F703B0E0A6450EBC7C532BF2F59ECA63EFBF9CF76 Session-ID-ctx: Resumption PSK: C9F6D48B56B0611D8806AC674A234DBA1B8475080931AC918E89B3C8B2C53AA1EDD9680DCE74008082D248CDBED9E9CE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 63 7a da d9 8b 2b b1 1f-f0 18 6b 40 51 63 2d eb cz...+....k@Qc-. 0010 - 59 c2 92 9d b9 62 ff 9c-62 a7 84 50 c7 af 7d 24 Y....b..b..P..}$ 0020 - 04 05 98 9f 5e 09 92 4e-c6 02 53 7b 93 4f 03 bb ....^..N..S{.O.. 0030 - 86 d9 73 8a b8 c4 2b 08-20 04 6f 0b ca f8 0a d5 ..s...+. .o..... 0040 - 92 cd 1b a6 3f 24 92 49-83 2d e9 82 92 8a b1 c4 ....?$.I.-...... 0050 - 47 52 c6 c4 1e 9f 1a 50-36 28 20 cb 10 cb a5 cf GR.....P6( ..... 0060 - 37 97 6d 9c af e8 b8 c7-b3 55 7e 15 25 62 b2 1c 7.m......U~.%b.. 0070 - 99 41 34 a3 ed c8 ec 32-e1 73 80 07 83 62 86 93 .A4....2.s...b.. 0080 - f6 f2 4f ac f3 bd 15 30-4b af 70 6f ac 91 40 5c ..O....0K.po..@\ 0090 - 30 af a4 20 cc 12 40 cf-b0 e5 fa 8c c1 09 78 78 0.. ..@.......xx 00a0 - 70 db 13 24 1b aa fd 22-53 21 8f 8b 7f e0 60 c9 p..$..."S!....`. 00b0 - a0 d0 c9 58 8a be 2b d9-b0 d7 1f 50 7f 9e 5e 60 ...X..+....P..^` 00c0 - 40 d0 bb a3 4e df 48 85-b8 c0 a9 d8 97 ec 03 ae @...N.H......... Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7599CB680E222F65D25A0FE762F49986617CF3D9AD9EF44D7ED3EC6132F2FF93 Session-ID-ctx: Resumption PSK: 988E6A18A788BBAD81550335976919D2067F58F528D0491E7DF548427C32B954E849053A06BDDE2228B69B0CD1A8C954 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 63 7a da d9 8b 2b b1 1f-f0 18 6b 40 51 63 2d eb cz...+....k@Qc-. 0010 - e4 8c f1 ab 99 eb 70 8c-fd 6a 2b 11 ca d6 1c 3c ......p..j+....< 0020 - a3 0e 05 77 a4 3e d6 97-82 02 79 48 46 2b 8f 1b ...w.>....yHF+.. 0030 - da 7e cf e6 49 1b 02 6d-8c 92 a4 ee fa 9c d4 1f .~..I..m........ 0040 - f8 2d 18 de 66 5c fe 6d-60 70 d8 1c 55 1a 16 9f .-..f\.m`p..U... 0050 - a7 19 53 16 46 09 b8 84-4f b9 9f 19 a8 5d 64 0b ..S.F...O....]d. 0060 - 8c 91 33 e4 b3 93 92 b7-c1 3e 51 b9 07 3a 50 e1 ..3......>Q..:P. 0070 - ae 36 b8 37 b2 5d 94 55-0a 51 5d 49 80 ab c8 9f .6.7.].U.Q]I.... 0080 - 61 9a e2 15 ef 86 33 c4-95 28 08 06 32 72 df ae a.....3..(..2r.. 0090 - 76 7d 17 4b 90 ab b3 27-f0 bc 65 eb b1 db 37 4f v}.K...'..e...7O 00a0 - ef 59 ee 2d 54 fe 69 a4-01 96 c1 9b 53 49 aa 65 .Y.-T.i.....SI.e 00b0 - 46 ee d2 88 ee 79 a0 d5-9e fc a9 0f 33 61 a5 eb F....y......3a.. 00c0 - 37 a3 9f 6f db fc 4f a6-6a 37 32 10 99 5e 27 ba 7..o..O.j72..^'. Start Time: 1741558030 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4027FC83547F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIN5exFkMXOggenRiQF2BTdGRxC4ugjX+RUV3FpfbKYGS BDCYjmoYp4i7rYFVAzWXaRnSBn9Y9SjQSR599UhCfDK5VOhJBToGvd4iKLabDNGo yVShBgIEZ84RDqIEAgIcIKQGBAQBAAAArgYCBE/FLqKzAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN2uwutJaCDQZ9U/pa3jXl1XH7QJOiD7iAn5 atxbwT+SUypwOLr00X8evl4PX0kKVD4VxLvf+NcUIp6KiVDKGZIpfEsUJX9V2Nv/ c6tiBBIwBt+P0M9c/nWKN29o5ozS6CgR/btFa9BOlcxr2Ijx9x8pmhuD30NvMoFA N4uCw36tY9yD9M1f6mzQuzMAJQNzus1HjumOwSFhywJAUfPh/o/+8HexYBJjWuiw jQN/Ls+r7KdINfIT6K2YY0XthuMmDhVAtEb6DpI+QrfswKKmpoPV+BeBkdGA2+BX EmDC7ZF8APtE7lhMB+UPos/ZeLBWRrLvD1HVBDhh9aGFnfkKb+8CAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQROoyIOIjQd4/bc8NcpFdNeE/HETAf BgNVHSMEGDAWgBRX2wWY1S2992kdFSUt2DmqGWOk0DANBgkqhkiG9w0BAQsFAAOC AQEAqtHVZjoVXZi6w1ZJiksWBAdUB4la82c3jNdbYy/42stRa1k3jfp8KqN7nogk xtFrxnQtkIxDoLFYD5HvjTgZ7SOjH6oPVnOvRrVsoDJY5RM5cXWzq1CXXKIr9h3q g2wqwWObVVAU79pSZiXt14TA+Blu3iHQqPw7JGnUrgahdhiJeJ2p6iR/Eg1OSw7Q B8ND2xwmQqhxi6A//zCdd1mZW5X1v9TLWdbs9DkrhcYpE/FTeCOXi7Y6K7ntYv5n FSr8MN+ZMzwOYFPgnmydjrMBcZWSV/LoY+zzannEoush/R7HTy2qeGjj748Xzvf/ 8P4Gljz38kt8IqqP4RoWGpRv2g== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FF53E15426BD16A031D20D4A6C8B3F2F94D11E9D3FF61EED4DCAF40BAB04400B Session-ID-ctx: Resumption PSK: A10DE18D9617E0853ECA4DC740967849109785CC79412D68B7C20C3224F8AF562E1E1648A9A3C817F41AD2079C5AAA30 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2b a4 99 70 00 b9 78 cc-2c cd d7 67 2c 2b 45 41 +..p..x.,..g,+EA 0010 - 87 5d bf 5e 7a 30 d9 97-34 bd 82 48 68 ec 9e 2c .].^z0..4..Hh.., 0020 - a8 67 64 17 9b 06 91 d1-40 6f 23 27 13 f4 e7 37 .gd.....@o#'...7 0030 - 8c 84 0b 21 06 d6 79 77-a9 3d 4d 03 c7 4d d3 f5 ...!..yw.=M..M.. 0040 - 40 d4 14 e6 b3 14 91 fa-3e 25 96 ed a7 52 95 90 @.......>%...R.. 0050 - c2 d6 92 9d f1 41 b8 2c-96 45 c4 ae 42 0d 03 1e .....A.,.E..B... 0060 - f0 43 2a ba 0c 48 76 11-ff c7 0b 03 c4 14 df 2e .C*..Hv......... 0070 - e6 d0 70 4d a6 2d c7 80-5f 17 dc d0 a8 8b ee 78 ..pM.-.._......x 0080 - 2a 8b 81 af d3 9d 09 97-37 7a 6e d6 fb 0d 26 6a *.......7zn...&j 0090 - 9c 93 d5 42 36 60 3c 10-b0 d7 f7 9f af c3 8b f5 ...B6`<......... 00a0 - 81 de 0f 31 d4 9a 34 ca-9f d7 d2 23 42 c1 8b 21 ...1..4....#B..! 00b0 - 87 df f2 b4 73 e7 07 0a-25 79 34 64 2e 94 df 0d ....s...%y4d.... 00c0 - a0 48 5c 79 52 26 89 77-75 ef 66 0d 22 53 a3 eb .H\yR&.wu.f."S.. Start Time: 1741558031 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 097EC45BBA7F54C358F57F3EB1C42591B04F6BB47B275F0E8EBC18F5F6DC052E Session-ID-ctx: Resumption PSK: 8E5E2FC6A1FA0410D0FA12397C6B1DB9AD12A7659E864F4C8610226B8544E37C29C9C5E80E8328DF0A3176809A8C0D7A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2b a4 99 70 00 b9 78 cc-2c cd d7 67 2c 2b 45 41 +..p..x.,..g,+EA 0010 - c2 03 93 57 f8 4a fc bc-6d 26 09 61 2b 62 c4 e6 ...W.J..m&.a+b.. 0020 - 65 09 de 4f 5d 93 42 ee-68 48 b8 bb c9 36 a6 19 e..O].B.hH...6.. 0030 - b5 fe c9 50 58 29 eb 52-eb ff fb dc 0f 32 d5 aa ...PX).R.....2.. 0040 - 96 be 2e be a0 d8 10 e8-93 c1 ac ea a4 a2 b0 81 ................ 0050 - 24 bc 71 7b 28 9f ab 5f-ac 9c 09 73 d7 09 0b 3d $.q{(.._...s...= 0060 - 72 50 85 e2 1f e7 a3 8c-28 e1 13 d0 3c 45 63 97 rP......(...2.... 0030 - dd 41 ef bb f2 e2 30 11-0d 69 db 0c ce 18 29 a6 .A....0..i....). 0040 - 09 03 89 d7 97 86 85 41-1f 2a b6 18 01 e6 66 e4 .......A.*....f. 0050 - d4 b3 e5 42 9d 5c d9 70-53 8f 35 30 c3 19 a7 5f ...B.\.pS.50..._ 0060 - 03 d3 f8 a1 d5 71 9a 42-ae 37 3e 5e f4 29 47 16 .....q.B.7>^.)G. 0070 - 72 d9 2c 48 1c 9f 4e da-5a 8f cd 3b 96 66 93 e1 r.,H..N.Z..;.f.. 0080 - fc fe b8 61 27 6b 08 ae-6c ca 25 73 b1 8d 17 4a ...a'k..l.%s...J 0090 - 62 8e d5 04 82 f9 e4 b6-ec 94 45 87 94 e4 82 bf b.........E..... 00a0 - 25 d9 4e 6b 3f e8 bf 11-47 6d 83 9f 3b d3 e3 63 %.Nk?...Gm..;..c 00b0 - b9 0a e7 d9 e8 3e 49 c7-15 77 68 1a e3 ca b3 82 .....>I..wh..... 00c0 - 11 e7 97 25 25 6b 70 94-48 26 e4 0f f8 dc 5d 3d ...%%kp.H&....]= Start Time: 1741558031 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C9B82DB8E1F156D2ECD0D6224193FE7EE81E9FCA8F31C670DAC4E06C8C5F1BFE Session-ID-ctx: Resumption PSK: 362C55D54FD9E88D29E5C5DF5F8C7B6684F6084B2828E3541B9AECF85172DB67AE9AB1499E91A6F3100D38B9AD20B62A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 59 ac d6 28 18 0a 1f 41-ea 4e 30 e5 30 d4 34 18 Y..(...A.N0.0.4. 0010 - 7d 75 a9 ce 18 75 80 64-dc 95 c5 4f d3 e4 04 3b }u...u.d...O...; 0020 - 1e 4b 93 b3 c3 e6 26 79-c0 48 f8 11 ea 4a 9a f1 .K....&y.H...J.. 0030 - bb cf 8b 61 86 f6 27 56-d0 19 72 77 03 ad b8 fb ...a..'V..rw.... 0040 - 08 75 07 6c 62 28 a0 ad-07 8d d4 0a f5 87 0b 09 .u.lb(.......... 0050 - d4 b3 a3 f5 a4 8c d7 ea-f0 69 67 eb 46 04 b1 4f .........ig.F..O 0060 - 28 30 58 7e 7f 9b 6c 4f-c1 1f db 74 f3 f9 3d 85 (0X~..lO...t..=. 0070 - 18 65 56 00 3f 98 c5 b1-ea e6 cc e6 0f 63 f8 49 .eV.?........c.I 0080 - 2b a2 bb 81 2d 73 4a 4e-b6 d4 7b 8b cb 89 d2 70 +...-sJN..{....p 0090 - 14 21 bf 5e ee 67 ac 38-9c 4a a3 2b 2b 3f 84 c7 .!.^.g.8.J.++?.. 00a0 - 78 43 3d a8 54 6e 0e f6-23 1f 33 42 8a 2d 01 8a xC=.Tn..#.3B.-.. 00b0 - 2e f2 6b c1 3f 5e 0a ba-bd 25 79 33 77 4a 64 33 ..k.?^...%y3wJd3 00c0 - 33 66 f5 b8 73 79 b2 ba-e6 20 5f 91 76 14 71 57 3f..sy... _.v.qW Start Time: 1741558031 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A79ED8B77F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIH7300RIFi/m69+u29kTCr2+UqrmwFRbTQLz244BocUD BDA2LFXVT9nojSnlxd9fjHtmhPYISygo41Qbmuz4UXLbZ66asUmekabzEA04ua0g tiqhBgIEZ84RD6IEAgIcIKQGBAQBAAAArgcCBQDFVacCswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:50 2025 GMT; NotAfter: Mar 9 22:06:50 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjUwWhcNMjYwMzA5MjIwNjUwWjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgAXwcnVcXMqVe+3b/NPeluHmbx8tejSV7IqWcyL/UTbtMssKdWDO1OGGMwcpRgT 2rCQ19uaDK7tuoCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU0Si3zwu7 tWFFZz0mMJhSpSJaPWYwHwYDVR0jBBgwFoAUV9sFmNUtvfdpHRUlLdg5qhljpNAw DQYJKoZIhvcNAQELBQADggEBACwKH0SoCq7qnsbGo/TBOmoyLXXdfOGYvsczZ4Bl Q7X9GcsDAnryXYnvxUb8ia8mHClW7mrQ7NtC+wRnj3wm6RBWqCHuwycPeFcJa+9k 1fUm1Zi8PfBp6aAwfbIFpoo4Zmcsxic9g9J1eEba6yphjfarpefObfvLag+RCOi2 vc/V0x28zeerlnT6FduOP0fniI6hz9AsZILZTSSbcwBceRMnVwWCnitfTUAqgkJ7 NNU6owVICvzwh3CfhmahATfi7+cUafKvKRLKtkmwYAN0W68W9r33zyod6opZJ+6K mLZUH4jWsrcu+Q0xtOyBAPN2UKDvkzvzL2tZHdIMPIUyRHE= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: BE264DDCE9436A7B64B3FFC78828082CA69A25ECD28422381C9F6FBA7687DC89 Session-ID-ctx: Resumption PSK: 24036480AD711DD91EE33F9BBB19B47A2876DB478AADFDEB0124FAE0FA950E6A07DA32CDBEE272084EF3FA292F443753 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 82 23 80 ca c8 d6 48 a5-ee 26 f2 ec dc d7 17 f8 .#....H..&...... 0010 - 3e 28 ef d7 4d a9 d9 05-f3 e5 fe 0a e0 70 32 d4 >(..M........p2. 0020 - d5 a0 a5 62 cc 64 cf fd-e4 f7 fa ba 63 b3 a7 69 ...b.d......c..i 0030 - 3d 36 d9 cf c2 ca 44 38-07 f4 18 44 1d 7f 06 56 =6....D8...D...V 0040 - 24 dd 37 7d 02 dd 88 7f-52 55 da d7 62 0e 83 69 $.7}....RU..b..i 0050 - 1c 6f 47 8d 3d e2 a6 78-4b fd 86 a3 4c 30 a7 27 .oG.=..xK...L0.' 0060 - d6 00 2b e8 a6 2d 7e 98-36 cf 65 e7 21 f9 ff 8a ..+..-~.6.e.!... 0070 - 1d 44 15 5f 07 bc 7b 8e-04 84 be 38 e9 77 7b ff .D._..{....8.w{. 0080 - df a4 d4 59 cc 86 b3 76-40 30 6e ff 48 27 f6 fe ...Y...v@0n.H'.. 0090 - 7e 62 95 90 6f b4 42 76-f5 a2 fb bb 3b 2d 0b fe ~b..o.Bv....;-.. 00a0 - c2 f2 35 c3 ec 7f e4 61-9c a4 92 72 4d 6a 71 e3 ..5....a...rMjq. 00b0 - fa d2 33 d9 09 a0 9c 90-51 77 7f e2 75 f8 fd 8b ..3.....Qw..u... 00c0 - 58 36 4f e0 41 5e dd ce-7e 05 61 5a b3 22 9b e5 X6O.A^..~.aZ.".. Start Time: 1741558031 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8551646B8D3DF5FC35B9B44C53713A9CA53C8B7F041894F19EE0F71614224D8B Session-ID-ctx: Resumption PSK: CF2193D5333B46DD6173BF7FE2D98048B9F49B1F91AD301BBF9872C23969C5487660E38AC067E757A8661B6424EA4548 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 82 23 80 ca c8 d6 48 a5-ee 26 f2 ec dc d7 17 f8 .#....H..&...... 0010 - b3 fe 85 47 e8 35 e1 c3-ac db f9 02 3b 20 50 9c ...G.5......; P. 0020 - f0 75 a9 70 48 6c f5 92-9b 68 b2 dc a1 d0 77 1b .u.pHl...h....w. 0030 - 19 73 49 36 a6 8f 9d b5-dd 89 0b eb e3 4e 28 f0 .sI6.........N(. 0040 - 0c fd 64 cc f6 79 96 3c-a0 8f 1c 67 e4 7b 57 11 ..d..y.<...g.{W. 0050 - 35 4a a6 5b d0 a6 31 7f-83 cb 93 c7 15 1a ea bb 5J.[..1......... 0060 - c0 c2 77 e8 69 fb 32 e5-c4 df 8a f7 9a d5 57 73 ..w.i.2.......Ws 0070 - bb 59 a6 16 46 33 77 f4-28 8d f2 94 c2 18 42 eb .Y..F3w.(.....B. 0080 - e9 c4 b4 6f 28 2f d5 78-ed b1 9b f9 db 64 eb 9a ...o(/.x.....d.. 0090 - d6 63 53 5b ee aa 83 f5-a3 9b a3 26 e7 9b 56 e6 .cS[.......&..V. 00a0 - 2e 5d 88 ba 6d 9f d3 bf-1e 57 34 1b 59 63 e9 79 .]..m....W4.Yc.y 00b0 - 14 f1 01 1b e8 b4 04 ff-dc e1 1c b0 2d 04 64 b2 ............-.d. 00c0 - 64 70 0c 16 93 dc bb 90-02 a4 0c 19 2a 6b bc e5 dp..........*k.. Start Time: 1741558031 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A7BA34357F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIAOKXoFDvnM01cqF24s3uy3OSNQ83TY+21yYQuDjUWMS BDDPIZPVMztG3WFzv3/i2YBIufSbH5GtMBu/mHLCOWnFSHZg44rAZ+dXqGYbZCTq RUihBgIEZ84RD6IEAgIcIKQGBAQBAAAArgYCBGYodiizAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN2uwutJaCDQZ9U/pa3jXl1XH7QJOiD7iAn5 atxbwT+SUypwOLr00X8evl4PX0kKVD4VxLvf+NcUIp6KiVDKGZIpfEsUJX9V2Nv/ c6tiBBIwBt+P0M9c/nWKN29o5ozS6CgR/btFa9BOlcxr2Ijx9x8pmhuD30NvMoFA N4uCw36tY9yD9M1f6mzQuzMAJQNzus1HjumOwSFhywJAUfPh/o/+8HexYBJjWuiw jQN/Ls+r7KdINfIT6K2YY0XthuMmDhVAtEb6DpI+QrfswKKmpoPV+BeBkdGA2+BX EmDC7ZF8APtE7lhMB+UPos/ZeLBWRrLvD1HVBDhh9aGFnfkKb+8CAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQROoyIOIjQd4/bc8NcpFdNeE/HETAf BgNVHSMEGDAWgBRX2wWY1S2992kdFSUt2DmqGWOk0DANBgkqhkiG9w0BAQsFAAOC AQEAqtHVZjoVXZi6w1ZJiksWBAdUB4la82c3jNdbYy/42stRa1k3jfp8KqN7nogk xtFrxnQtkIxDoLFYD5HvjTgZ7SOjH6oPVnOvRrVsoDJY5RM5cXWzq1CXXKIr9h3q g2wqwWObVVAU79pSZiXt14TA+Blu3iHQqPw7JGnUrgahdhiJeJ2p6iR/Eg1OSw7Q B8ND2xwmQqhxi6A//zCdd1mZW5X1v9TLWdbs9DkrhcYpE/FTeCOXi7Y6K7ntYv5n FSr8MN+ZMzwOYFPgnmydjrMBcZWSV/LoY+zzannEoush/R7HTy2qeGjj748Xzvf/ 8P4Gljz38kt8IqqP4RoWGpRv2g== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 48DEB3BABF83730A728723CC8163E2BF4A97898E05EB3F99007C8F19F385D238 Session-ID-ctx: Master-Key: E30B8A54AF825216C937119E5DE8A3671C9D6CB5EFCE05EFA86B972AD1ED2319D977DC74B3D90C6BF088935D23A0ACEA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 17 e9 23 70 1e 22 9c 51-c5 fe 64 92 bb 98 df e6 ..#p.".Q..d..... 0010 - 42 ec 81 58 e3 8c 19 bd-54 68 c8 a2 59 89 5a d5 B..X....Th..Y.Z. 0020 - 19 42 33 cd bc 6e 16 f7-2a 0b 9f 57 47 23 f7 2f .B3..n..*..WG#./ 0030 - 5b c4 54 f3 66 94 b9 e7-f0 fe 9f e4 53 ff ee d1 [.T.f.......S... 0040 - e8 85 de c8 c6 a2 49 04-d4 16 2d 02 29 4d 2c 67 ......I...-.)M,g 0050 - 82 7b 6d a3 c8 b0 8c 15-c0 e6 b3 aa 78 fa 9e 02 .{m.........x... 0060 - 90 8a 91 40 c3 fb a7 c3-ff a4 66 85 bf dc 7e 26 ...@......f...~& 0070 - 08 ef 9e 54 c2 dc fd 91-cd 3a d4 72 e9 02 56 14 ...T.....:.r..V. 0080 - 9e 3b c6 78 3d c3 0f c4-a2 3c 6d 41 01 95 5a d6 .;.x=........a 0030 - 12 91 c0 ce ba 62 e6 b4-33 50 cf 4d aa 54 03 5e .....b..3P.M.T.^ 0040 - 65 a4 48 48 1b b0 7f 0d-34 5f da 15 d4 3e c7 fc e.HH....4_...>.. 0050 - 2a 5b 26 26 c8 57 f4 5c-eb 3e fc a0 1e 3f 07 80 *[&&.W.\.>...?.. 0060 - c5 2c 39 6c 51 c8 79 67-04 ee ef 16 b7 ad 12 04 .,9lQ.yg........ 0070 - fd 7e 9d ae 8b 2a 26 11-3f 94 fc 37 cf 46 e2 93 .~...*&.?..7.F.. 0080 - 4f 3a 44 72 98 d6 9b 9a-5d ff 1c 9c 5a b8 c1 55 O:Dr....]...Z..U 0090 - 7c d4 1b d9 92 d7 ac c4-ca 01 de 40 0e 21 08 23 |..........@.!.# 00a0 - 0a ed e6 8b 7b 46 35 71-a4 30 33 f7 e6 46 78 a6 ....{F5q.03..Fx. 00b0 - a8 c2 60 d9 8b 8f 21 b5-4d a1 77 b0 d2 b3 78 3a ..`...!.M.w...x: 00c0 - f1 c0 4d b5 9c bc 59 fa-ad 8b 0f 60 01 9a 69 e6 ..M...Y....`..i. Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 5BA49CC156E1CCC4954710EE70B2473B5AC3FE46B66666C716D5FA5B8063266E Session-ID-ctx: Resumption PSK: 9F52075FE0411855B40E5B30209CADE6F2BC12E9348AB8A9DCE14256D1DE310F105D339FB9965526A24398ECFAFCFE42 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 2e 5f 40 fb 47 e7 0f 59-7a 63 fd 76 08 b3 43 6a ._@.G..Yzc.v..Cj 0010 - c5 5e e8 3d 1a 77 64 93-e0 73 1c f3 89 8b f7 e4 .^.=.wd..s...... 0020 - 82 a1 7d 6f 03 4f 86 0a-87 01 4d 1f b4 8a 95 8a ..}o.O....M..... 0030 - 8d 7d d0 3d 18 de 3d b1-bd 89 2e 56 90 43 0b a0 .}.=..=....V.C.. 0040 - f5 39 4f 7e 58 65 ec ff-13 35 55 6a c8 27 88 e9 .9O~Xe...5Uj.'.. 0050 - a7 61 5c 5c 70 51 0e 33-70 6b 7b bd 13 ff 43 7c .a\\pQ.3pk{...C| 0060 - 1f f1 4a 0e b5 ba 4a 5e-0e 4a 74 fc 60 c8 13 4a ..J...J^.Jt.`..J 0070 - 5d a0 e9 c2 51 ec dc 11-d7 23 0a d0 93 4a 5c b8 ]...Q....#...J\. 0080 - 50 e5 63 6b ef 7b 2e be-05 7a 80 e6 99 d1 7a 9e P.ck.{...z....z. 0090 - 5c 69 63 2b 3b 79 84 9a-85 6c ce 4d e5 f6 02 21 \ic+;y...l.M...! 00a0 - b2 17 0f ed 85 60 ee aa-bb a3 cd 3c db aa a9 d6 .....`.....<.... 00b0 - 13 17 d5 38 55 a5 ae b5-e3 29 a2 0d 9d f0 c9 b1 ...8U....)...... 00c0 - 82 f7 8a 45 fa 15 a2 d9-5a d4 08 b7 13 96 4f 77 ...E....Z.....Ow Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4027DDD68F7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIMoXvoa/Rva4ZfHPMxiX14QVJ9IuApevnthz0AOPdWgO BDCfUgdf4EEYVbQOWzAgnK3m8rwS6TSKuKnc4UJW0d4xDxBdM5+5llUmokOY7Pr8 /kKhBgIEZ84REKIEAgIcIKQGBAQBAAAArgYCBCKriIGzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARSDBTfqJpqqA+vKP1dn0ek1uymCpMkUcVNkRAv3XBytm4V opfj0nfd1xtsRc1OY8ZIVY98Iac8d+Z+35Aa3Snko4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFMrqHAE2R6xMzoAX+8yW0Mnhm4tMB8GA1UdIwQYMBaAFFfb BZjVLb33aR0VJS3YOaoZY6TQMA0GCSqGSIb3DQEBCwUAA4IBAQCcB128XPK2jn8w ED5MPoENFz7rrsMYvz/1Xa99ODyjDjBk3GLWOTytK/sJZX8tt4sx54Xl2zHtW9Ek s+N2SxYHv043pxDVXGw7WFkwG6D6hm/+m8isStxaeHLsN7+btj/QjIyZvTJmalPP PljHvTeI6Sy5TBXQjIPID+SeoZxuSEMIIgNfjb/zCtyEnMs/r+tU12zPclAXGrGj gMa1QBirTylK40Dx1BR1JUiPoEgwL0FKAVPxn/0ohOD0sThSuadwSngF8NF3t57d ASTJAWAfkw+1PjLaMdPSVcYBcjkp9t3FXYciii8wC92A/H+WWVGro5deHPaHTH9j PVa+M2rY -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 53A170F7083DA03EBB2F7BA30B22BE90A84B81FFE055F357C4E483D5E8A20B8C Session-ID-ctx: Master-Key: AF44E3BA9C409001A5E704091624D6B3816920B78B8182B9898A9558D4B56B79DC9BBCA900F28E3D02F1BE264909DA76 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - aa 3e b8 5b d4 db f2 80-cd 96 ba 68 18 42 f6 42 .>.[.......h.B.B 0010 - 66 99 8c 9f b2 d5 16 79-a4 70 b3 12 a1 b2 87 c5 f......y.p...... 0020 - 07 64 cc 8c f9 28 4d 94-49 c5 cb e7 d3 b5 20 01 .d...(M.I..... . 0030 - 31 3d 23 c0 f1 55 cc fa-41 5a b2 3b a3 47 fe 7e 1=#..U..AZ.;.G.~ 0040 - ee b8 ab af 43 8d aa d4-e2 28 57 b6 7c 16 c3 a8 ....C....(W.|... 0050 - 0e 88 d8 dd da 2f 87 2f-84 ef 09 9a 8c 39 a5 cc ....././.....9.. 0060 - 36 c6 de 79 98 8b 6c 3b-91 9c 93 8f c9 a6 31 95 6..y..l;......1. 0070 - 58 6c d1 0b 09 e9 94 f7-0d 18 d4 26 8d a3 fd 83 Xl.........&.... 0080 - bc e3 c9 a2 cc 12 03 b9-07 e2 4d d2 a5 c7 49 40 ..........M...I@ 0090 - f4 14 78 1d 54 15 bd c5-6c 2b 03 c1 7b da 44 7a ..x.T...l+..{.Dz 00a0 - ef b2 cc 33 a1 b4 8b 61-5a 78 80 d3 ae 16 f9 95 ...3...aZx...... Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4047A31E5C7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDCvROO6nECQAaXnBAkWJNazgWkgt4uBgrmJipVY1LVr edybvKkA8o49AvG+JkkJ2nahBgIEZ84REKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARSDBTfqJpqqA+vKP1dn0ek1uymCpMkUcVNkRAv3XBytm4V opfj0nfd1xtsRc1OY8ZIVY98Iac8d+Z+35Aa3Snko4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFMrqHAE2R6xMzoAX+8yW0Mnhm4tMB8GA1UdIwQYMBaAFFfb BZjVLb33aR0VJS3YOaoZY6TQMA0GCSqGSIb3DQEBCwUAA4IBAQCcB128XPK2jn8w ED5MPoENFz7rrsMYvz/1Xa99ODyjDjBk3GLWOTytK/sJZX8tt4sx54Xl2zHtW9Ek s+N2SxYHv043pxDVXGw7WFkwG6D6hm/+m8isStxaeHLsN7+btj/QjIyZvTJmalPP PljHvTeI6Sy5TBXQjIPID+SeoZxuSEMIIgNfjb/zCtyEnMs/r+tU12zPclAXGrGj gMa1QBirTylK40Dx1BR1JUiPoEgwL0FKAVPxn/0ohOD0sThSuadwSngF8NF3t57d ASTJAWAfkw+1PjLaMdPSVcYBcjkp9t3FXYciii8wC92A/H+WWVGro5deHPaHTH9j PVa+M2rY -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 33CF9FE4F9A8CAE18069C79CE020A55A34DFD403EC9A8531DE813B3CB4AF58DA Session-ID-ctx: Master-Key: 0889477A1357253B6EA54CCE34C3A9F1686F508FFD3ADBB11F2FFEF2460E9383DA64ED863DEC35B50649C888C9BF8759 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d9 85 74 a4 53 fe 05 a7-d7 e4 c7 32 97 bd bb b5 ..t.S......2.... 0010 - 86 e0 f1 f8 8c 15 61 00-22 ff 13 e0 27 08 dd e0 ......a."...'... 0020 - d9 cf 8c 3d 32 ec 55 8b-2c d8 af 9b 86 3b 11 51 ...=2.U.,....;.Q 0030 - ee 3b 2a a0 fa cc 8f 7c-d1 b5 a0 f1 9e 5d ac 61 .;*....|.....].a 0040 - dd c6 8a e6 08 31 8b a2-ac e7 8e 07 24 46 9d 94 .....1......$F.. 0050 - d9 a4 ae 16 97 34 63 ca-ef 77 de bf d2 70 97 36 .....4c..w...p.6 0060 - 87 f7 1d 60 aa 3b 48 ac-a4 87 4a 5a b5 39 fd 61 ...`.;H...JZ.9.a 0070 - cb 81 42 d6 a3 a2 2d 18-5b 42 6d d7 a4 36 51 ce ..B...-.[Bm..6Q. 0080 - fd 63 c6 c8 98 03 b6 09-f6 9d 6c 48 d8 5c 43 6c .c........lH.\Cl 0090 - d5 2c a4 a6 98 2a 39 7a-6b 2b f3 16 03 bb 4d 6a .,...*9zk+....Mj 00a0 - aa 82 03 e2 20 2e 0c 40-60 52 d9 31 8f 84 3d 49 .... ..@`R.1..=I Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 40C70731267F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDAIiUd6E1clO26lTM40w6nxaG9Qj/0627EfL/7yRg6T g9pk7YY97DW1BknIiMm/h1mhBgIEZ84REKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:06:48 2025 GMT; NotAfter: Mar 9 22:06:48 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzA5MjIwNjQ4WhcNMjYwMzA5MjIwNjQ4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARSDBTfqJpqqA+vKP1dn0ek1uymCpMkUcVNkRAv3XBytm4V opfj0nfd1xtsRc1OY8ZIVY98Iac8d+Z+35Aa3Snko4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFMrqHAE2R6xMzoAX+8yW0Mnhm4tMB8GA1UdIwQYMBaAFFfb BZjVLb33aR0VJS3YOaoZY6TQMA0GCSqGSIb3DQEBCwUAA4IBAQCcB128XPK2jn8w ED5MPoENFz7rrsMYvz/1Xa99ODyjDjBk3GLWOTytK/sJZX8tt4sx54Xl2zHtW9Ek s+N2SxYHv043pxDVXGw7WFkwG6D6hm/+m8isStxaeHLsN7+btj/QjIyZvTJmalPP PljHvTeI6Sy5TBXQjIPID+SeoZxuSEMIIgNfjb/zCtyEnMs/r+tU12zPclAXGrGj gMa1QBirTylK40Dx1BR1JUiPoEgwL0FKAVPxn/0ohOD0sThSuadwSngF8NF3t57d ASTJAWAfkw+1PjLaMdPSVcYBcjkp9t3FXYciii8wC92A/H+WWVGro5deHPaHTH9j PVa+M2rY -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8FDC5F681749DC22710EF085AEC65304BE24A96CFFA1F30D3F41BA4FB52EFF4B Session-ID-ctx: Resumption PSK: A7B2ECFABF7131AAC59532893A18133156F681D465F3C37E7828C5247943961B0497257966F48C0C5A2679176CA3F1E4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4e 4e 9c b8 b2 c8 1f 0e-ce 35 a1 ea 12 ce 8b d7 NN.......5...... 0010 - bb 2d 8d ad d2 d2 d9 16-63 7c 35 ab e1 48 32 c4 .-......c|5..H2. 0020 - 74 47 22 80 6c bc 41 ee-22 55 df 69 e2 d7 0d b5 tG".l.A."U.i.... 0030 - 12 d5 8b 42 aa 92 bb 3f-5e b8 97 62 03 cb d1 fc ...B...?^..b.... 0040 - 97 b6 e1 7e 8d 8f 36 48-dd 6b 09 39 ce a9 38 8d ...~..6H.k.9..8. 0050 - 75 0c 2d af b4 e4 b0 e9-cd 93 1b b0 39 00 36 2d u.-.........9.6- 0060 - 06 67 38 c0 b8 14 45 d6-79 df ff 26 7c 5f 40 3d .g8...E.y..&|_@= 0070 - d7 20 01 4b 05 a8 d5 7a-59 3f 47 7b 1e 66 78 e6 . .K...zY?G{.fx. 0080 - ae 78 e4 2a 25 8c 1b 07-c6 79 9d 6a 75 56 8d 49 .x.*%....y.juV.I 0090 - 43 7b 40 a5 2f fe db f0-56 87 81 4a 7f 41 56 d9 C{@./...V..J.AV. 00a0 - 64 15 52 e6 9e 3f 00 06-5a 03 12 45 60 96 e2 d1 d.R..?..Z..E`... 00b0 - 5d 1c ac 7b c1 65 35 cd-67 a9 b0 f1 08 4a 26 f0 ]..{.e5.g....J&. 00c0 - f5 c9 ce 2e 1c c6 07 fa-b3 4b 74 27 7f 8e 1d 28 .........Kt'...( Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AA5CA43C3383810AF296E3FB724318FE9ED5A3FE0891212F3814939583DA9755 Session-ID-ctx: Resumption PSK: 1AED30B031926125B5D09A1EAE093521438521522775C2CFAA9CE9C5BF5B33F080AE5D6D31E29F7B8C7413314F088DDF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4e 4e 9c b8 b2 c8 1f 0e-ce 35 a1 ea 12 ce 8b d7 NN.......5...... 0010 - 3f 99 c7 3a 05 5b 8e 6f-76 6c bb f4 c7 ea bd b2 ?..:.[.ovl...... 0020 - a7 81 b4 bf 88 6d d4 68-6c 5e 0d 4d 61 bf f8 e8 .....m.hl^.Ma... 0030 - 63 9e c4 0d 4f c6 81 19-2a ae 64 78 ee 57 1d d5 c...O...*.dx.W.. 0040 - 97 10 5b 73 8e 61 bc 3c-07 94 3c 32 e4 79 23 6e ..[s.a.<..<2.y#n 0050 - 16 03 19 35 10 13 1e 29-57 16 cc 97 1b ba 79 48 ...5...)W.....yH 0060 - 5a b9 4e 96 f5 64 c3 65-a4 5b 35 1c 0a 5e b6 b4 Z.N..d.e.[5..^.. 0070 - 73 d5 80 18 af a4 0c a1-1a c1 b1 b0 b0 e7 90 30 s..............0 0080 - fa 65 2b f3 45 50 93 de-79 76 73 c6 bf 45 3e 39 .e+.EP..yvs..E>9 0090 - 95 16 39 5f 56 a5 5d f8-26 bb 27 69 c6 24 98 28 ..9_V.].&.'i.$.( 00a0 - b4 84 9e 94 66 e5 78 2c-ed 99 d8 59 04 e4 a1 41 ....f.x,...Y...A 00b0 - ce 81 a1 57 60 10 e1 ac-d7 0e 48 d4 de ca 8d b9 ...W`.....H..... 00c0 - 35 a8 bb 03 a3 56 cc 20-84 7c 1f 40 77 45 f1 90 5....V. .|.@wE.. Start Time: 1741558032 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C714A1717F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIACPXR90BlXong6R2VPOzuEHRzNiQKQhQ22NtMhDMhfk BDAa7TCwMZJhJbXQmh6uCTUhQ4UhUid1ws+qnOnFv1sz8ICuXW0x4p97jHQTMU8I jd+hBgIEZ84REKIEAgIcIKQGBAQBAAAArgcCBQDQMdQ6swMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIACPXR90BlXong6R2VPOzuEHRzNiQKQhQ22NtMhDMhfk BDAa7TCwMZJhJbXQmh6uCTUhQ4UhUid1ws+qnOnFv1sz8ICuXW0x4p97jHQTMU8I jd+hBgIEZ84REKIEAgIcIKQGBAQBAAAArgcCBQDQMdQ6swMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 3.39s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=153 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.02s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=232 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.02s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=97 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.02s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> MALLOC_PERTURB_=111 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.03s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=96 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.02s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=87 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.02s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=224 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.02s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=150 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%DD%2E%BC%39%E8%13%84%44%19%76%57%3D%13%DC%09%B2;object=Test-RSA-gen-dd2ebc39;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%68%91%C7%2C%B9%FB%3F%FB%F2%CC%36%2A%3C%DF%4C;object=Test-Ed-gen-006891c7;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%40%91%7C%B9%1F%15%F3%84%1E%C8%CD%02%ED%BC%27%A7;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%60%02%DC%B7%9F%0E%28%65%F2%6A%11%56%21%AA%04%06;object=Test-RSA-Key-Usage-6002dcb7;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%A3%27%4A%73%9C%F9%A3%46%1A%92%39%15%25%21%B6%A5;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%81%4B%19%20%06%46%39%2C%5F%88%13%86%E4%BA%8C%13;object=Test-RSA-PSS-gen-814b1920;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%BC%F4%5F%AE%C1%7E%F1%96%F8%63%20%CE%D5%D6%A8%F7;object=Test-EC-gen-bcf45fae;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%0E%81%E9%AE%2F%87%B4%D9%3C%04%BC%1B%A8%BD%12%0E;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%64%43%43%EF%5C%E3%F0%68%2B%FE%38%74%83%4E%8F%2C;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%22%7C%3A%24%BA%FF%B7%33%68%17%6F%9F%A8%B2%06%16;object=Test-Ed-gen-227c3a24;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%32%D1%13%42%AA%F2%07%B0%27%A1%D7%9C%BF%07%B6%89;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%83%29%4D%DF%E4%E8%82%E0%EF%77%3C%F5%74%0F%D0%9F;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58160eec2a0a683b;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=58160eec2a0a683b openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%DD%2E%BC%39%E8%13%84%44%19%76%57%3D%13%DC%09%B2 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=Test-RSA-gen-dd2ebc39 openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 2.02s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> MALLOC_PERTURB_=91 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.02s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=27 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.02s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=108 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.02s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=26 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.02s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=181 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.02s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=185 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.02s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=245 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.02s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=234 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.02s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.02s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-x86_64-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/x86_64-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_amd64.deb'. dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_amd64.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_amd64.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_amd64.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/B01_cleanup starting I: user script /srv/workspace/pbuilder/1896340/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/1896340 and its subdirectories I: Current time: Mon Mar 10 12:07:24 +14 2025 I: pbuilder-time-stamp: 1741558044