I: pbuilder: network access will be disabled during build I: Current time: Tue Mar 17 05:22:20 -12 2026 I: pbuilder-time-stamp: 1773768140 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/1046509/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='arm64' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=12 ' DISTRIBUTION='unstable' HOME='/root' HOST_ARCH='arm64' IFS=' ' INVOCATION_ID='b24216c5ade94f618dc5643dcef4b036' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='1046509' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.iAKXtAAA/pbuilderrc_PzxZ --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.iAKXtAAA/b1 --logfile b1/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID='109' SUDO_UID='104' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://192.168.101.4:3128' I: uname -a Linux codethink03-arm64 6.1.0-31-cloud-arm64 #1 SMP Debian 6.1.128-1 (2025-02-07) aarch64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Nov 22 2024 /bin -> usr/bin I: user script /srv/workspace/pbuilder/1046509/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: arm64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19921 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 46.7 MB of archives. After unpacking 184 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian unstable/main arm64 libpython3.13-minimal arm64 3.13.2-1 [853 kB] Get: 2 http://deb.debian.org/debian unstable/main arm64 libexpat1 arm64 2.6.4-1 [90.7 kB] Get: 3 http://deb.debian.org/debian unstable/main arm64 python3.13-minimal arm64 3.13.2-1 [1997 kB] Get: 4 http://deb.debian.org/debian unstable/main arm64 python3-minimal arm64 3.13.1-2 [27.0 kB] Get: 5 http://deb.debian.org/debian unstable/main arm64 media-types all 11.0.0 [27.6 kB] Get: 6 http://deb.debian.org/debian unstable/main arm64 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian unstable/main arm64 tzdata all 2025a-2 [259 kB] Get: 8 http://deb.debian.org/debian unstable/main arm64 libffi8 arm64 3.4.6-1 [20.9 kB] Get: 9 http://deb.debian.org/debian unstable/main arm64 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian unstable/main arm64 libreadline8t64 arm64 8.2-6 [159 kB] Get: 11 http://deb.debian.org/debian unstable/main arm64 libpython3.13-stdlib arm64 3.13.2-1 [1914 kB] Get: 12 http://deb.debian.org/debian unstable/main arm64 python3.13 arm64 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian unstable/main arm64 libpython3-stdlib arm64 3.13.1-2 [9952 B] Get: 14 http://deb.debian.org/debian unstable/main arm64 python3 arm64 3.13.1-2 [28.0 kB] Get: 15 http://deb.debian.org/debian unstable/main arm64 libproc2-0 arm64 2:4.0.4-7 [62.4 kB] Get: 16 http://deb.debian.org/debian unstable/main arm64 procps arm64 2:4.0.4-7 [868 kB] Get: 17 http://deb.debian.org/debian unstable/main arm64 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian unstable/main arm64 libmagic-mgc arm64 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian unstable/main arm64 libmagic1t64 arm64 1:5.45-3+b1 [102 kB] Get: 20 http://deb.debian.org/debian unstable/main arm64 file arm64 1:5.45-3+b1 [43.4 kB] Get: 21 http://deb.debian.org/debian unstable/main arm64 gettext-base arm64 0.23.1-1 [241 kB] Get: 22 http://deb.debian.org/debian unstable/main arm64 libuchardet0 arm64 0.0.8-1+b2 [69.2 kB] Get: 23 http://deb.debian.org/debian unstable/main arm64 groff-base arm64 1.23.0-7 [1129 kB] Get: 24 http://deb.debian.org/debian unstable/main arm64 bsdextrautils arm64 2.40.4-3 [92.0 kB] Get: 25 http://deb.debian.org/debian unstable/main arm64 libpipeline1 arm64 1.5.8-1 [40.2 kB] Get: 26 http://deb.debian.org/debian unstable/main arm64 man-db arm64 2.13.0-1 [1404 kB] Get: 27 http://deb.debian.org/debian unstable/main arm64 libtext-charwidth-perl arm64 0.04-11+b4 [9652 B] Get: 28 http://deb.debian.org/debian unstable/main arm64 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian unstable/main arm64 ucf all 3.0049 [42.5 kB] Get: 30 http://deb.debian.org/debian unstable/main arm64 m4 arm64 1.4.19-5 [284 kB] Get: 31 http://deb.debian.org/debian unstable/main arm64 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian unstable/main arm64 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian unstable/main arm64 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian unstable/main arm64 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian unstable/main arm64 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian unstable/main arm64 libtool all 2.5.4-3 [539 kB] Get: 37 http://deb.debian.org/debian unstable/main arm64 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian unstable/main arm64 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian unstable/main arm64 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian unstable/main arm64 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian unstable/main arm64 libelf1t64 arm64 0.192-4 [189 kB] Get: 42 http://deb.debian.org/debian unstable/main arm64 dwz arm64 0.15-1+b1 [102 kB] Get: 43 http://deb.debian.org/debian unstable/main arm64 libunistring5 arm64 1.3-1 [449 kB] Get: 44 http://deb.debian.org/debian unstable/main arm64 libicu72 arm64 72.1-6 [9239 kB] Get: 45 http://deb.debian.org/debian unstable/main arm64 libxml2 arm64 2.12.7+dfsg+really2.9.14-0.2+b1 [630 kB] Get: 46 http://deb.debian.org/debian unstable/main arm64 gettext arm64 0.23.1-1 [1610 kB] Get: 47 http://deb.debian.org/debian unstable/main arm64 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian unstable/main arm64 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian unstable/main arm64 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian unstable/main arm64 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian unstable/main arm64 libtcl8.6 arm64 8.6.16+dfsg-1 [984 kB] Get: 52 http://deb.debian.org/debian unstable/main arm64 tcl8.6 arm64 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian unstable/main arm64 tcl-expect arm64 5.45.4-3+b1 [123 kB] Get: 54 http://deb.debian.org/debian unstable/main arm64 expect arm64 5.45.4-3+b1 [159 kB] Get: 55 http://deb.debian.org/debian unstable/main arm64 libidn2-0 arm64 2.3.7-2+b1 [127 kB] Get: 56 http://deb.debian.org/debian unstable/main arm64 libp11-kit0 arm64 0.25.5-3 [409 kB] Get: 57 http://deb.debian.org/debian unstable/main arm64 libtasn1-6 arm64 4.20.0-1 [47.3 kB] Get: 58 http://deb.debian.org/debian unstable/main arm64 libgnutls30t64 arm64 3.8.9-2 [1374 kB] Get: 59 http://deb.debian.org/debian unstable/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10+b1 [170 kB] Get: 60 http://deb.debian.org/debian unstable/main arm64 libunbound8 arm64 1.22.0-1+b1 [553 kB] Get: 61 http://deb.debian.org/debian unstable/main arm64 libgnutls-dane0t64 arm64 3.8.9-2 [452 kB] Get: 62 http://deb.debian.org/debian unstable/main arm64 gnutls-bin arm64 3.8.9-2 [673 kB] Get: 63 http://deb.debian.org/debian unstable/main arm64 libeac3 arm64 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [48.1 kB] Get: 64 http://deb.debian.org/debian unstable/main arm64 libglib2.0-0t64 arm64 2.83.3-2 [1421 kB] Get: 65 http://deb.debian.org/debian unstable/main arm64 libnspr4 arm64 2:4.36-1 [102 kB] Get: 66 http://deb.debian.org/debian unstable/main arm64 libnspr4-dev arm64 2:4.36-1 [203 kB] Get: 67 http://deb.debian.org/debian unstable/main arm64 libnss3 arm64 2:3.107-1 [1289 kB] Get: 68 http://deb.debian.org/debian unstable/main arm64 libnss3-dev arm64 2:3.107-1 [250 kB] Get: 69 http://deb.debian.org/debian unstable/main arm64 libp11-kit-dev arm64 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian unstable/main arm64 libpkgconf3 arm64 1.8.1-4 [35.3 kB] Get: 71 http://deb.debian.org/debian unstable/main arm64 softhsm2-common arm64 2.6.1-2.2+b3 [12.4 kB] Get: 72 http://deb.debian.org/debian unstable/main arm64 libsofthsm2 arm64 2.6.1-2.2+b3 [218 kB] Get: 73 http://deb.debian.org/debian unstable/main arm64 libssl-dev arm64 3.4.1-1 [3232 kB] Get: 74 http://deb.debian.org/debian unstable/main arm64 libtommath1 arm64 1.3.0-1 [64.5 kB] Get: 75 http://deb.debian.org/debian unstable/main arm64 libtomcrypt1 arm64 1.18.2+dfsg-7+b2 [410 kB] Get: 76 http://deb.debian.org/debian unstable/main arm64 libstoken1t64 arm64 0.92-1.1+b2 [28.1 kB] Get: 77 http://deb.debian.org/debian unstable/main arm64 libtomcrypt-dev arm64 1.18.2+dfsg-7+b2 [1277 kB] Get: 78 http://deb.debian.org/debian unstable/main arm64 libstoken-dev arm64 0.92-1.1+b2 [8196 B] Get: 79 http://deb.debian.org/debian unstable/main arm64 ninja-build arm64 1.12.1-1+b1 [130 kB] Get: 80 http://deb.debian.org/debian unstable/main arm64 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian unstable/main arm64 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian unstable/main arm64 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian unstable/main arm64 python3-typeguard all 4.4.1-1 [37.0 kB] Get: 84 http://deb.debian.org/debian unstable/main arm64 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian unstable/main arm64 python3-jaraco.context all 6.0.0-1 [7984 B] Get: 86 http://deb.debian.org/debian unstable/main arm64 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian unstable/main arm64 python3-pkg-resources all 75.6.0-1 [222 kB] Get: 88 http://deb.debian.org/debian unstable/main arm64 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian unstable/main arm64 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian unstable/main arm64 python3-setuptools all 75.6.0-1 [720 kB] Get: 91 http://deb.debian.org/debian unstable/main arm64 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian unstable/main arm64 opensc-pkcs11 arm64 0.26.0-1 [799 kB] Get: 93 http://deb.debian.org/debian unstable/main arm64 opensc arm64 0.26.0-1 [394 kB] Get: 94 http://deb.debian.org/debian unstable/main arm64 openssl arm64 3.4.1-1 [1390 kB] Get: 95 http://deb.debian.org/debian unstable/main arm64 p11-kit-modules arm64 0.25.5-3 [253 kB] Get: 96 http://deb.debian.org/debian unstable/main arm64 p11-kit arm64 0.25.5-3 [400 kB] Get: 97 http://deb.debian.org/debian unstable/main arm64 pkgconf-bin arm64 1.8.1-4 [29.6 kB] Get: 98 http://deb.debian.org/debian unstable/main arm64 pkgconf arm64 1.8.1-4 [26.1 kB] Get: 99 http://deb.debian.org/debian unstable/main arm64 softhsm2 arm64 2.6.1-2.2+b3 [152 kB] Fetched 46.7 MB in 0s (98.2 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:arm64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19921 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_arm64.deb ... Unpacking libpython3.13-minimal:arm64 (3.13.2-1) ... Selecting previously unselected package libexpat1:arm64. Preparing to unpack .../libexpat1_2.6.4-1_arm64.deb ... Unpacking libexpat1:arm64 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_arm64.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:arm64 (3.13.2-1) ... Setting up libexpat1:arm64 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20255 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.1-2_arm64.deb ... Unpacking python3-minimal (3.13.1-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_11.0.0_all.deb ... Unpacking media-types (11.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025a-2_all.deb ... Unpacking tzdata (2025a-2) ... Selecting previously unselected package libffi8:arm64. Preparing to unpack .../4-libffi8_3.4.6-1_arm64.deb ... Unpacking libffi8:arm64 (3.4.6-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:arm64. Preparing to unpack .../6-libreadline8t64_8.2-6_arm64.deb ... Adding 'diversion of /lib/aarch64-linux-gnu/libhistory.so.8 to /lib/aarch64-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/aarch64-linux-gnu/libhistory.so.8.2 to /lib/aarch64-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/aarch64-linux-gnu/libreadline.so.8 to /lib/aarch64-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/aarch64-linux-gnu/libreadline.so.8.2 to /lib/aarch64-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:arm64 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:arm64. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_arm64.deb ... Unpacking libpython3.13-stdlib:arm64 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_arm64.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:arm64. Preparing to unpack .../9-libpython3-stdlib_3.13.1-2_arm64.deb ... Unpacking libpython3-stdlib:arm64 (3.13.1-2) ... Setting up python3-minimal (3.13.1-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21265 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.1-2_arm64.deb ... Unpacking python3 (3.13.1-2) ... Selecting previously unselected package libproc2-0:arm64. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_arm64.deb ... Unpacking libproc2-0:arm64 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_arm64.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_arm64.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:arm64. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_arm64.deb ... Unpacking libmagic1t64:arm64 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_arm64.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_arm64.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:arm64. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_arm64.deb ... Unpacking libuchardet0:arm64 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_arm64.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-3_arm64.deb ... Unpacking bsdextrautils (2.40.4-3) ... Selecting previously unselected package libpipeline1:arm64. Preparing to unpack .../11-libpipeline1_1.5.8-1_arm64.deb ... Unpacking libpipeline1:arm64 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_arm64.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:arm64. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_arm64.deb ... Unpacking libtext-charwidth-perl:arm64 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0049_all.deb ... Moving old data out of the way Unpacking ucf (3.0049) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-5_arm64.deb ... Unpacking m4 (1.4.19-5) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-3_all.deb ... Unpacking libtool (2.5.4-3) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:arm64. Preparing to unpack .../27-libelf1t64_0.192-4_arm64.deb ... Unpacking libelf1t64:arm64 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_arm64.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:arm64. Preparing to unpack .../29-libunistring5_1.3-1_arm64.deb ... Unpacking libunistring5:arm64 (1.3-1) ... Selecting previously unselected package libicu72:arm64. Preparing to unpack .../30-libicu72_72.1-6_arm64.deb ... Unpacking libicu72:arm64 (72.1-6) ... Selecting previously unselected package libxml2:arm64. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_arm64.deb ... Unpacking libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_arm64.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:arm64. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_arm64.deb ... Unpacking libtcl8.6:arm64 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_arm64.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:arm64. Preparing to unpack .../39-tcl-expect_5.45.4-3+b1_arm64.deb ... Unpacking tcl-expect:arm64 (5.45.4-3+b1) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-3+b1_arm64.deb ... Unpacking expect (5.45.4-3+b1) ... Selecting previously unselected package libidn2-0:arm64. Preparing to unpack .../41-libidn2-0_2.3.7-2+b1_arm64.deb ... Unpacking libidn2-0:arm64 (2.3.7-2+b1) ... Selecting previously unselected package libp11-kit0:arm64. Preparing to unpack .../42-libp11-kit0_0.25.5-3_arm64.deb ... Unpacking libp11-kit0:arm64 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:arm64. Preparing to unpack .../43-libtasn1-6_4.20.0-1_arm64.deb ... Unpacking libtasn1-6:arm64 (4.20.0-1) ... Selecting previously unselected package libgnutls30t64:arm64. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_arm64.deb ... Unpacking libgnutls30t64:arm64 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:arm64. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_arm64.deb ... Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:arm64. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_arm64.deb ... Unpacking libunbound8:arm64 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:arm64. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_arm64.deb ... Unpacking libgnutls-dane0t64:arm64 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_arm64.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:arm64. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_arm64.deb ... Unpacking libeac3:arm64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:arm64. Preparing to unpack .../50-libglib2.0-0t64_2.83.3-2_arm64.deb ... Unpacking libglib2.0-0t64:arm64 (2.83.3-2) ... Selecting previously unselected package libnspr4:arm64. Preparing to unpack .../51-libnspr4_2%3a4.36-1_arm64.deb ... Unpacking libnspr4:arm64 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_arm64.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:arm64. Preparing to unpack .../53-libnss3_2%3a3.107-1_arm64.deb ... Unpacking libnss3:arm64 (2:3.107-1) ... Selecting previously unselected package libnss3-dev:arm64. Preparing to unpack .../54-libnss3-dev_2%3a3.107-1_arm64.deb ... Unpacking libnss3-dev:arm64 (2:3.107-1) ... Selecting previously unselected package libp11-kit-dev:arm64. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_arm64.deb ... Unpacking libp11-kit-dev:arm64 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:arm64. Preparing to unpack .../56-libpkgconf3_1.8.1-4_arm64.deb ... Unpacking libpkgconf3:arm64 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b3_arm64.deb ... Unpacking softhsm2-common (2.6.1-2.2+b3) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b3_arm64.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b3) ... Selecting previously unselected package libssl-dev:arm64. Preparing to unpack .../59-libssl-dev_3.4.1-1_arm64.deb ... Unpacking libssl-dev:arm64 (3.4.1-1) ... Selecting previously unselected package libtommath1:arm64. Preparing to unpack .../60-libtommath1_1.3.0-1_arm64.deb ... Unpacking libtommath1:arm64 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:arm64. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_arm64.deb ... Unpacking libtomcrypt1:arm64 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:arm64. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_arm64.deb ... Unpacking libstoken1t64:arm64 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_arm64.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:arm64. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_arm64.deb ... Unpacking libstoken-dev:arm64 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1+b1_arm64.deb ... Unpacking ninja-build (1.12.1-1+b1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.1-1_all.deb ... Unpacking python3-typeguard (4.4.1-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.0-1_all.deb ... Unpacking python3-jaraco.context (6.0.0-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.6.0-1_all.deb ... Unpacking python3-pkg-resources (75.6.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.6.0-1_all.deb ... Unpacking python3-setuptools (75.6.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:arm64. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_arm64.deb ... Unpacking opensc-pkcs11:arm64 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_arm64.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.1-1_arm64.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:arm64. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_arm64.deb ... Unpacking p11-kit-modules:arm64 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_arm64.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_arm64.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:arm64. Preparing to unpack .../84-pkgconf_1.8.1-4_arm64.deb ... Unpacking pkgconf:arm64 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b3_arm64.deb ... Unpacking softhsm2 (2.6.1-2.2+b3) ... Setting up media-types (11.0.0) ... Setting up libpipeline1:arm64 (1.5.8-1) ... Setting up libtext-charwidth-perl:arm64 (0.04-11+b4) ... Setting up libicu72:arm64 (72.1-6) ... Setting up bsdextrautils (2.40.4-3) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:arm64 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:arm64 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-5) ... Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1+b1) ... Setting up libelf1t64:arm64 (0.192-4) ... Setting up libeac3:arm64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025a-2) ... Current default time zone: 'Etc/UTC' Local time is now: Tue Mar 17 17:23:05 UTC 2026. Universal Time is now: Tue Mar 17 17:23:05 UTC 2026. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:arm64 (1.22.0-1+b1) ... Setting up libpkgconf3:arm64 (1.8.1-4) ... Setting up libnspr4:arm64 (2:4.36-1) ... Setting up libproc2-0:arm64 (2:4.0.4-7) ... Setting up libunistring5:arm64 (1.3-1) ... Setting up libssl-dev:arm64 (3.4.1-1) ... Setting up libtcl8.6:arm64 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:arm64 (3.4.6-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:arm64 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:arm64 (4.20.0-1) ... Setting up netbase (6.4) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Setting up libtomcrypt1:arm64 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-3) ... Setting up tcl-expect:arm64 (5.45.4-3+b1) ... Setting up libidn2-0:arm64 (2.3.7-2+b1) ... Setting up libnss3:arm64 (2:3.107-1) ... Setting up pkgconf:arm64 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:arm64 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:arm64 (2.83.3-2) ... No schema files found: doing nothing. Setting up libstoken-dev:arm64 (0.92-1.1+b2) ... Setting up libp11-kit0:arm64 (0.25.5-3) ... Setting up ucf (3.0049) ... Setting up libreadline8t64:arm64 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:arm64 (2:3.107-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:arm64 (3.13.2-1) ... Setting up libp11-kit-dev:arm64 (0.25.5-3) ... Setting up libpython3-stdlib:arm64 (3.13.1-2) ... Setting up libgnutls30t64:arm64 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b3) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-3+b1) ... Setting up python3 (3.13.1-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:arm64 (0.26.0-1) ... Setting up p11-kit-modules:arm64 (0.25.5-3) ... Setting up libgnutls-dane0t64:arm64 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b3) ... Setting up softhsm2 (2.6.1-2.2+b3) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.0-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.1-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.6.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.6.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.40-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture arm64 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-aarch64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/aarch64-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-16) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: aarch64 Host machine cpu: aarch64 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.107 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/aarch64-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-aarch64-linux-gnu && LC_ALL=C.UTF-8 ninja -j12 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/aarch64-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-aarch64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=12 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu' [1/29] Compiling C object tests/tsession.p/tsession.c.o [2/29] Compiling C object tests/tdigests.p/tdigests.c.o [3/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [4/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [5/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [6/29] Compiling C object tests/tgenkey.p/util.c.o [7/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [8/29] Compiling C object tests/tlssetkey.p/util.c.o [9/29] Compiling C object tests/tlsctx.p/util.c.o [10/29] Compiling C object tests/tfork.p/tfork.c.o [11/29] Compiling C object tests/tcmpkeys.p/util.c.o [12/29] Linking target tests/tsession [13/29] Compiling C object tests/tpkey.p/tpkey.c.o [14/29] Compiling C object tests/tpkey.p/util.c.o [15/29] Compiling C object tests/tfork.p/util.c.o [16/29] Linking target tests/tdigests [17/29] Linking target tests/tlssetkey [18/29] Linking target tests/treadkeys [19/29] Compiling C object tests/ccerts.p/util.c.o [20/29] Linking target tests/tlsctx [21/29] Compiling C object tests/ccerts.p/ccerts.c.o [22/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [23/29] Compiling C object tests/pincache.p/pincache.c.o [24/29] Linking target tests/tcmpkeys [25/29] Linking target tests/tpkey [26/29] Linking target tests/tfork [27/29] Linking target tests/tgenkey [28/29] Linking target tests/ccerts [29/29] Linking target tests/pincache 1/92 pkcs11-provider:softokn / setup RUNNING >>> LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=243 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/aarch64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i Failed to establish context: Unable to load external module ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ++ exit 0 ######################################## ## Setup NSS Softokn NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.14s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=202 SOFTOKNPATH=/usr/lib/aarch64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests ++ helper_emit=1 ++ grep -q 'GNU sed' ++ sed --version ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 2068202041 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Creating new Self Sign CA Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Tue Mar 17 17:23:37 UTC 2026 Not After: Wed Mar 17 17:23:37 UTC 2027 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:d1:4e:62:e2:1f:ed:6b:cb:b9:18:c3:06:7c:d4:32 9d:cb:f5:9f:4b:59:94:1b:09:20:d6:85:0f:90:65:86 65:98:50:34:7a:e8:b5:d6:de:68:02:15:3e:59:d6:11 b8:75:56:d3:5e:5a:8c:12:ab:d7:9d:3b:be:07:09:bc 95:ed:a5:20:af:2d:f6:78:31:88:f8:79:90:8d:d5:44 e5:15:8d:73:e9:5c:fe:0b:5a:af:3d:39:62:29:05:7f 60:23:09:06:6b:5b:80:1e:08:1f:5d:1b:b4:20:5a:81 bd:b7:5a:b2:f6:47:27:9e:2a:d9:7c:34:54:41:bc:9d 72:25:12:2b:54:4e:65:9d:85:06:99:1d:8f:02:9a:54 27:81:5d:ed:1f:6c:b4:19:40:68:be:5c:3f:56:9f:4c 7c:8d:f2:dd:da:c5:d3:05:d2:08:01:92:e1:d2:3a:8a f1:ac:ee:7b:de:5b:95:c8:41:c8:b9:b5:1d:10:31:e4 36:ce:7a:6a:a9:c8:c1:c3:4f:5c:a7:ce:37:3c:7e:ee a4:40:a3:c1:88:d9:c7:6d:40:65:b0:b5:a1:11:11:f7 de:45:3f:5e:e2:96:eb:a0:0a:ca:c0:75:6d:b6:56:25 95:1f:e5:bd:55:a2:7c:4d:78:f4:50:97:c3:e1:25:6e db Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:3f74cfa11ba4fe7c15459d2a4a306f896b44c999 sha256:f2b65db2a54e3936b41b5c2801fb37e8712fdad48afcbd26ecfa5f277b5e4126 Public Key PIN: pin-sha256:8rZdsqVOOTa0G1woAfs36HEv2tSK/L0m7PpfJ3teQSY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:38 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Tue Mar 17 17:23:38 UTC 2026 Not After: Wed Mar 17 17:23:38 UTC 2027 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:a8:44:08:75:d0:ae:da:f3:ed:f3:eb:cf:39:37:cf 44:2b:96:48:41:fb:3e:d3:0a:a4:80:68:e7:8d:c8:fe 91:3f:da:36:31:ed:83:38:e4:49:c4:e7:f9:e9:10:89 94:5b:66:02:9c:6a:cb:fd:98:b2:e2:22:65:09:63:0a 20:07:db:69:f2:6d:f2:c7:29:78:07:ff:ea:5e:d3:0f a2:e8:eb:33:be:6d:7e:e1:57:df:97:da:44:ef:ba:51 49:3a:2e:37:4f:b1:2b:e2:3a:b9:f8:83:69:c8:32:a0 af:79:bd:55:92:b8:da:a1:0c:0d:b1:cc:1a:19:26:b7 69:61:99:50:f4:96:95:3a:70:6d:22:1f:60:2b:bc:6f f6:5e:26:9f:2e:91:ed:95:3c:75:45:eb:49:54:02:ea 49:23:91:1d:d5:ac:bf:4c:60:2c:9f:2a:ad:8c:3f:8d c7:08:e7:99:03:a4:c8:89:49:3b:b3:2e:66:37:c6:c5 3f:6f:7c:3b:3e:87:27:4d:b2:02:2f:1e:a2:b2:e7:55 60:1d:28:c7:92:21:97:95:3b:ca:40:a4:27:82:4d:15 48:50:9a:6f:6d:33:3a:5d:cc:58:aa:9a:a2:2c:bb:14 47:89:28:68:30:86:73:a3:4a:1c:a7:b6:fa:66:b8:c0 63 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 803e50c13276979e137ff775e562fbc57a546f90 Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:803e50c13276979e137ff775e562fbc57a546f90 sha256:f8e4fc45252dd568dd89202e1048e8bf30c42cd35e4357fea52afc5472f203b8 Public Key PIN: pin-sha256:+OT8RSUt1WjdiSAuEEjovzDELNNeQ1f+pSr8VHLyA7g= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104143e6097724b631d1b6dd274de44bd442e1948db6cf91b25ee7923801af6fa1fd5e8d0321aa15fde62ec0aebe7cf955bd248f01deb3565423f3de292a06d2168 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:38 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Tue Mar 17 17:23:38 UTC 2026 Not After: Wed Mar 17 17:23:38 UTC 2027 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 14:3e:60:97:72:4b:63:1d:1b:6d:d2:74:de:44:bd:44 2e:19:48:db:6c:f9:1b:25:ee:79:23:80:1a:f6:fa:1f Y: 00:d5:e8:d0:32:1a:a1:5f:de:62:ec:0a:eb:e7:cf:95 5b:d2:48:f0:1d:eb:35:65:42:3f:3d:e2:92:a0:6d:21 68 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 50cb8b433e5c32a796aca9b4fb15ace13b523000 Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:50cb8b433e5c32a796aca9b4fb15ace13b523000 sha256:0bea4f2776b051de109a6b0969090ae915e31000d858ffe1f16737c56bd9ef5e Public Key PIN: pin-sha256:C+pPJ3awUd4QmmsJaQkK6RXjEADYWP/h8Wc3xWvZ714= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104ea25b9ffdcf9c24c4fb92a1135a1ec0e963438358f6987107420c2f7213220157a7220c2fa0b673c861a744cf1c95ef27e45ab4788b53eadfae502dbb7b08b85 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Tue Mar 17 17:23:38 UTC 2026 Not After: Wed Mar 17 17:23:38 UTC 2027 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:ea:25:b9:ff:dc:f9:c2:4c:4f:b9:2a:11:35:a1:ec 0e:96:34:38:35:8f:69:87:10:74:20:c2:f7:21:32:20 15 Y: 7a:72:20:c2:fa:0b:67:3c:86:1a:74:4c:f1:c9:5e:f2 7e:45:ab:47:88:b5:3e:ad:fa:e5:02:db:b7:b0:8b:85 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 43080fff2cfd3cda97c76e01d3aec0d830660da1 Other Information: Public Key ID: sha1:43080fff2cfd3cda97c76e01d3aec0d830660da1 sha256:e7d7118d0a72c175d61f056dba217dbd1fa990bbb7e1ec697324c68dc25fdbc8 Public Key PIN: pin-sha256:59cRjQpywXXWHwVtuiF9vR+pkLu34expcyTGjcJf28g= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04206cfa42893cc78aed5f8293382d2353eead790430808cfa438373e90b9842497d EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:38 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Tue Mar 17 17:23:38 UTC 2026 Not After: Wed Mar 17 17:23:38 UTC 2027 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 6c:fa:42:89:3c:c7:8a:ed:5f:82:93:38:2d:23:53:ee ad:79:04:30:80:8c:fa:43:83:73:e9:0b:98:42:49:7d Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 1e3d088d08ae44106e88626373942b4e02f90804 Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:1e3d088d08ae44106e88626373942b4e02f90804 sha256:71ec804f3d5e107e43ea950b06c152dc4d1ebaa1e886dc07426f3b140921c8c1 Public Key PIN: pin-sha256:ceyATz1eEH5D6pULBsFS3E0euqHohtwHQm87FAkhyME= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439e07597772e59c5731c01edc22e636c6b3cf235e112feef412aeda75ac969b3df2ee2db44fa254e62deeecaa86086a9c44e71f5b0f8b6f5ed80 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:38 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Tue Mar 17 17:23:38 UTC 2026 Not After: Wed Mar 17 17:23:38 UTC 2027 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: e0:75:97:77:2e:59:c5:73:1c:01:ed:c2:2e:63:6c:6b 3c:f2:35:e1:12:fe:ef:41:2a:ed:a7:5a:c9:69:b3:df 2e:e2:db:44:fa:25:4e:62:de:ee:ca:a8:60:86:a9:c4 4e:71:f5:b0:f8:b6:f5:ed:80 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 6bc30db8bda016dec137634b4a48c4f7353b2deb Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:6bc30db8bda016dec137634b4a48c4f7353b2deb sha256:cf8b71a67f4438a6c31e44fd73ecb03f55e712c894e73f94ed5dae78d74e977a Public Key PIN: pin-sha256:z4txpn9EOKbDHkT9c+ywP1XnEsiU5z+U7V2ueNdOl3o= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:39 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Tue Mar 17 17:23:39 UTC 2026 Not After: Wed Mar 17 17:23:39 UTC 2027 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:f4:26:4c:96:3c:81:65:c6:dd:cd:cf:b1:48:2c:64 03:8d:c0:5e:d5:43:a7:c9:6b:72:7c:d7:ab:a7:0a:0c 0f:1e:f0:38:ad:2a:4c:96:20:79:57:e4:43:c8:60:64 4c:7d:22:df:74:63:ae:2d:5c:a8:68:3b:0e:bf:73:c4 c3:6e:a1:1f:d5:53:a8:ff:b3:fd:55:6f:4a:25:42:5d 29:12:71:48:a9:b0:a1:ca:56:71:8a:0b:f1:66:77:36 0d:d5:dd:d9:05:3a:2e:b8:4e:4e:4c:c7:8c:38:4c:cb b5:3a:90:bb:41:03:af:cd:83:b2:ac:df:f3:b9:b7:a4 f0:2e:9b:14:84:7e:69:94:35:f0:98:06:6f:80:95:7e e5:b6:ce:d1:a3:4c:23:7a:b9:66:80:f2:ae:ad:8d:a1 79:30:7c:85:e1:56:44:21:2e:df:bb:b2:9d:5e:cd:76 c9:db:26:34:3a:07:c8:96:dc:1a:56:a9:a9:72:2f:f6 15:66:af:a8:10:ca:b2:72:1f:93:d5:dc:e5:6b:3e:4d fc:8e:98:17:1a:ce:19:d3:70:d3:a7:7b:be:e0:ef:89 56:d0:ec:1c:53:00:66:33:62:30:8c:b8:45:f3:25:0d 96:5e:92:e4:ce:1c:ed:b9:3d:ec:a9:b0:f6:e7:07:77 b3 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 980f6613b4cd81e86256ed4d77087d919542deed Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:980f6613b4cd81e86256ed4d77087d919542deed sha256:405ce3a6141dc677b4b8d4e463308d508184e33c41adf0757121df9935f73641 Public Key PIN: pin-sha256:QFzjphQdxne0uNTkYzCNUIGE4zxBrfB1cSHfmTX3NkE= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104067193dbe73ff9019c45d389fa8a9b561506e838bb717830a3564a706e4c8729b5134c7dcfb3a7ccba9268e1b870cc2cfeba4e4a1b139ef1b115607784ad64d01bd04f870b7a509e898fe5966c66421918914dd0200751bd963e7fcaa16f1426 EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:39 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Tue Mar 17 17:23:39 UTC 2026 Not After: Wed Mar 17 17:23:39 UTC 2027 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 06:71:93:db:e7:3f:f9:01:9c:45:d3:89:fa:8a:9b:56 15:06:e8:38:bb:71:78:30:a3:56:4a:70:6e:4c:87:29 b5:13:4c:7d:cf:b3:a7:cc:ba:92:68:e1:b8:70:cc:2c Y: 00:fe:ba:4e:4a:1b:13:9e:f1:b1:15:60:77:84:ad:64 d0:1b:d0:4f:87:0b:7a:50:9e:89:8f:e5:96:6c:66:42 19:18:91:4d:d0:20:07:51:bd:96:3e:7f:ca:a1:6f:14 26 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 1861d8e4d72fed9814d6332c151f70c173ed936c Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:1861d8e4d72fed9814d6332c151f70c173ed936c sha256:cbbc85408783f76c6d8d59a03cdffdf9c9426056865cf8af102bce7e42dd2ff3 Public Key PIN: pin-sha256:y7yFQIeD92xtjVmgPN/9+clCYFaGXPivECvOfkLdL/M= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 04818504005585330fc043f149fdbccb21a26d141d2c3250673291fb1646465c4aaca9eb5a9498fc367d6f8f3ed81ec3d9fc9c8fefe4a2daceffdc40e6a4e9f443c19b56ff78004158058d67eb359129b7f404aa9e368e99bb1a34c0b7089eae9ee79f50f60742a27a39884e78bd9ed0912b2ddc5bf32b98727cd0e90cb0a6f39c1ce5551c66f151 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Wed Mar 17 05:23:39 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Tue Mar 17 17:23:39 UTC 2026 Not After: Wed Mar 17 17:23:39 UTC 2027 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 55:85:33:0f:c0:43:f1:49:fd:bc:cb:21:a2:6d:14:1d 2c:32:50:67:32:91:fb:16:46:46:5c:4a:ac:a9:eb:5a 94:98:fc:36:7d:6f:8f:3e:d8:1e:c3:d9:fc:9c:8f:ef e4:a2:da:ce:ff:dc:40:e6:a4:e9:f4:43:c1:9b:56:ff 78 Y: 41:58:05:8d:67:eb:35:91:29:b7:f4:04:aa:9e:36:8e 99:bb:1a:34:c0:b7:08:9e:ae:9e:e7:9f:50:f6:07:42 a2:7a:39:88:4e:78:bd:9e:d0:91:2b:2d:dc:5b:f3:2b 98:72:7c:d0:e9:0c:b0:a6:f3:9c:1c:e5:55:1c:66:f1 51 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): cc07d634fe907d2accfa6d873b7ee9184e8596cc Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:cc07d634fe907d2accfa6d873b7ee9184e8596cc sha256:afeb3ebba07891186f5e3a91b462adb0fd496c3816e4684780bc45ad0a25f046 Public Key PIN: pin-sha256:r+s+u6B4kRhvXjqRtGKtsP1JbDgW5GhHgLxFrQol8EY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Wed Mar 17 05:23:39 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Tue Mar 17 17:23:39 UTC 2026 Not After: Wed Mar 17 17:23:39 UTC 2027 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:8d:f6:d0:04:05:0e:14:04:f6:54:6c:53:24:50:ce 50:3c:35:95:02:12:33:a7:f0:14:6f:02:69:e3:d0:11 23:1a:08:91:03:2d:50:8e:41:89:ef:82:9b:25:4c:60 22:1f:71:6e:a8:4a:c8:68:82:69:b3:f4:d8:45:9c:36 cb:9d:a4:bd:ea:9d:c7:c3:6f:f5:f5:cf:38:d7:89:6e d4:c5:3e:a0:5a:76:88:09:7e:35:73:f4:3d:3c:86:82 bb:54:81:95:df:4a:43:9f:1a:d1:42:e0:d5:29:6f:af 56:7f:62:b3:cc:dc:1c:65:d1:0b:b7:bf:40:d4:c2:3a 52:72:46:ff:e2:d5:bb:50:5e:17:7e:75:45:e8:dd:ef 23:e7:d5:23:d6:d5:6c:3d:8b:9c:4a:51:24:f1:a3:47 b8:1b:8f:9f:2b:aa:be:ec:a6:c4:aa:00:94:8b:1e:cf cb:57:85:63:ba:fb:9b:51:68:04:d1:3a:48:42:f5:85 d7:13:61:0a:d3:78:0f:54:ee:ee:f7:dd:8f:11:40:01 e8:86:11:83:35:7e:f1:74:0f:7d:08:99:95:b3:69:e6 a7:65:08:55:d5:dc:0b:73:45:1c:0f:06:c5:b4:62:fe ef:42:a2:e9:33:8e:69:c4:91:22:28:32:79:85:de:e4 0d Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 59058f8a6f369166b1c4737debf481557910418b Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:59058f8a6f369166b1c4737debf481557910418b sha256:fe8f6c0db2ffed0b54e0961a13b95281e173bb3621ce2ac9782c97c773dd3828 Public Key PIN: pin-sha256:/o9sDbL/7QtU4JYaE7lSgeFzuzYhzirJeCyXx3PdOCg= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Wed Mar 17 05:23:41 2027 CA expiration time: Wed Mar 17 05:23:37 2027 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Tue Mar 17 17:23:41 UTC 2026 Not After: Wed Mar 17 17:23:41 UTC 2027 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0d:68:bd:5d:11:e9:20:e7:f2:a0:6e:bb:ae:3c:e5:86 28:a4:82:be:78:3a:36:d5:c0:8f:67:b0:fe:d8:a0:21 99:aa:05:29:0d:9e:e8:1c:c0:8e:61:c3:a8:b0:19:56 c4:d1:c9:ff:79:02:fb:71:85:0c:d7:2a:c4:c4:15:1f 8b:e8:d4:d7:07:f9:f7:36:bf:52:f6:28:b0:16:16:b8 90:46:85:64:65:c3:70:1a:fa:43:d0:dc:6a:ca:0b:98 83:eb:3c:0c:03:c4:72:c9:b3:e8:e6:51:18:1f:2f:8b 1d:42:45:73:57:23:d6:b2:4e:e9:91:64:d2:12:51:ea 16:36:ad:7a:c1:55:c2:75:dc:38:09:85:f2:ad:e9:cc c3:08:5d:df:72:99:bc:72:b1:3a:a0:9d:5b:bd:20:f1 49:a2:fe:12:17:ae:8b:1c:68:d8:a7:13:cf:da:69:9d 70:e7:eb:62:de:45:91:85:d0:93:21:5a:cd:90:2f:c3 92:ed:4a:02:b0:18:e7:bb:d6:e4:cd:7f:f1:22:9d:33 a9:37:25:5c:64:b3:dc:43:f1:85:d8:f8:0c:e5:02:8b c2:72:6e:15:2c:3d:53:0d:3b:50:a2:f4:e8:0a:11:1d 02:31:e9:72:0c:74:f1:fb:6d:37:f5:bb:0b:17:b5:2d 99:fc:8e:5a:69:c5:63:b1:c3:f5:a6:c6:53:ea:92:1a 5d:40:71:6c:09:41:2a:99:40:c9:b4:58:2e:b1:3b:f9 f2:97:08:1f:8c:70:d9:ff:1b:d2:da:b1:ed:cd:fd:fe 7b:d6:85:ca:12:32:59:86:8f:f8:9a:b5:c6:21:35:0d ba:06:aa:7b:22:16:63:8e:d2:e7:37:bc:d0:c8:1e:f9 2e:d1:74:7d:df:7d:74:6e:1c:bf:d2:e7:c5:79:21:e3 52:5c:a3:a9:81:53:c5:6a:c3:fd:00:d8:7a:c0:a2:33 cf:8b:5f:40:81:0d:b8:c2:36:c1:37:5e:76:2d:c3:87 9d:41:d7 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 5e47a4ac844d50c12fbfbc97ef38e31f6c7421ec Authority Key Identifier (not critical): 3f74cfa11ba4fe7c15459d2a4a306f896b44c999 Other Information: Public Key ID: sha1:5e47a4ac844d50c12fbfbc97ef38e31f6c7421ec sha256:e2d2d6a24887a9e2a70791e535dc010586100ffbd42cd07f95356facde1622c1 Public Key PIN: pin-sha256:4tLWokiHqeKnB5HlNdwBBYYQD/vULNB/lTVvrN4WIsE= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104ea25b9ffdcf9c24c4fb92a1135a1ec0e963438358f6987107420c2f7213220157a7220c2fa0b673c861a744cf1c95ef27e45ab4788b53eadfae502dbb7b08b85 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439e07597772e59c5731c01edc22e636c6b3cf235e112feef412aeda75ac969b3df2ee2db44fa254e62deeecaa86086a9c44e71f5b0f8b6f5ed80 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104143e6097724b631d1b6dd274de44bd442e1948db6cf91b25ee7923801af6fa1fd5e8d0321aa15fde62ec0aebe7cf955bd248f01deb3565423f3de292a06d2168 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; EC EC_POINT 528 bits EC_POINT: 04818504005585330fc043f149fdbccb21a26d141d2c3250673291fb1646465c4aaca9eb5a9498fc367d6f8f3ed81ec3d9fc9c8fefe4a2daceffdc40e6a4e9f443c19b56ff78004158058d67eb359129b7f404aa9e368e99bb1a34c0b7089eae9ee79f50f60742a27a39884e78bd9ed0912b2ddc5bf32b98727cd0e90cb0a6f39c1ce5551c66f151 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04206cfa42893cc78aed5f8293382d2353eead790430808cfa438373e90b9842497d EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 5.51s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests SHARED_EXT=.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=177 SOFTOKNPATH=/usr/lib/aarch64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.18s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests SHARED_EXT=.so MALLOC_PERTURB_=111 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/aarch64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i Failed to establish context: Unable to load external module ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.07s 5/92 pkcs11-provider:softokn / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=191 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.05s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=21 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 40ACE1BEFFFF0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 2068202041 - SoftHSM slot ID 0x7b464239):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 2068202041 - SoftHSM slot ID 0x7b464239):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 9.89s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=7 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.05s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=167 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.07s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=156 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.05s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=254 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.74s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=12 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.05s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=4 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.05s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=155 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.05s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=36 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.63s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=10 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.06s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=253 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.05s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=202 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.05s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=245 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 1.22s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=66 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.06s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=96 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.06s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=222 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 1.71s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=252 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.03s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=83 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.01s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=141 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=6 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.03s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=238 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.07s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=97 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.07s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=33 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr .....+......................+.....+...+.......+......+.........+...+.........+...............+...+........+....+.........+.....+...................+..+...+.......+...+...+........+......+.+++++++++++++++++++++++++++++++++++++++*.+......+.+.....+...+.+.....+.+.....+...+++++++++++++++++++++++++++++++++++++++*.......+......+.+.........+........+.+..+.........+.+.........+...+..+......+.......+.....+..........+......+.....+....+...........+................+.........+.....+.+......+............+..+.+.....+...+......+....+......+........+...+....++++++ ..+...+.......+++++++++++++++++++++++++++++++++++++++*..+..+......+...+....+.....+.+............+...+.....+......+.+..+...+.......+..+.+++++++++++++++++++++++++++++++++++++++*..+............+.....+.+..+............+.+..+..................+...+.......+...+.....+.......+.....+.......+...........+.+...+......+.........+...+...+......+.....+......+.......+...........+............+............+.......+...+...........+.+........+...+...+.+........++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:58 2027 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:59 2027 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:59 2027 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 17 17:23:59 2027 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 2.01s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=212 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.07s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=227 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.07s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=210 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.06s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=219 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.28s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=253 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.05s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.06s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=112 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.06s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=206 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 3.04s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=72 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.05s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=149 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.06s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=220 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.06s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=182 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.07s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=176 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.06s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=53 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.07s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=109 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.07s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=223 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.06s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=252 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.05s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=187 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.06s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=151 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.06s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=237 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.05s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=201 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.57s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=237 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.06s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=251 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.07s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=182 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.45s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=177 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.07s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=249 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.07s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=250 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.12s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=80 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.07s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=12 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.07s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=220 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.06s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=123 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.96s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=57 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.06s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=244 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.08s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=127 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.07s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=109 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.37s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=63 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.06s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=173 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.05s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=129 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.07s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=41 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 409CE398FFFF0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 409CE398FFFF0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 = ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.24s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=241 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.05s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=156 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.06s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=197 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.08s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=140 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.13s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=99 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.04s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=174 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.01s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=125 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.01s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=103 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKhECHXQrtrz7fPrzzk3z0QrlkhB+z7TCqSA aOeNyP6RP9o2Me2DOORJxOf56RCJlFtmApxqy/2YsuIiZQljCiAH22nybfLHKXgH /+pe0w+i6Oszvm1+4Vffl9pE77pRSTouN0+xK+I6ufiDacgyoK95vVWSuNqhDA2x zBoZJrdpYZlQ9JaVOnBtIh9gK7xv9l4mny6R7ZU8dUXrSVQC6kkjkR3VrL9MYCyf Kq2MP43HCOeZA6TIiUk7sy5mN8bFP298Oz6HJ02yAi8eorLnVWAdKMeSIZeVO8pA pCeCTRVIUJpvbTM6XcxYqpqiLLsUR4koaDCGc6NKHKe2+ma4wGMCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBSAPlDBMnaXnhN/93XlYvvFelRvkDAf BgNVHSMEGDAWgBQ/dM+hG6T+fBVFnSpKMG+Ja0TJmTANBgkqhkiG9w0BAQsFAAOC AQEACv8K4SwWpfFsiyUS75FibSsiNjmJlyVhH4tlM6Web3PCi1mK8bFB7mRDPnu8 /R1wHkct1zk1EQS4KAG2UsZhnabvaRW0M7zinPul53k7V3MUn+87VGOkeRrB8C8E fa+BaeNC6XrfYYmzdePhzdbCcNxQIQTlg9v3uOZp/pVOeex4pvAmv4ZI4BSNMO2v 783uYC+shsHqtDNLQ0fNkQtEsua8GGkb3wOkWM8ZphSpnEkDdtHq4YgBlkVQCzP/ wZZDYvqDfc6wsNEB9cl4J99JOFQ+bIP0HyI97XvHhLW/Atz8ZJ36ZZK1mZ5HHXQa QlV9GDw32J2k5zESqp86fidrTg== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 37AF5EA2F61B5218E4A8CDE756A2CF2378D516C1F293F0B91A487B46F6EDDC0E Session-ID-ctx: Resumption PSK: D07DE47F44980E3B25D04A3A37551C2C604F631175EE02F858A69DF47389347991CC64ACAFB11D1375C59F69176DD1A5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - df 6b 56 ed 23 e2 fb 58-bf 78 30 93 88 5d f6 c6 .kV.#..X.x0..].. 0010 - 24 e9 d1 bc eb c4 03 58-05 db e2 63 25 70 23 0f $......X...c%p#. 0020 - d5 80 06 aa 91 01 a2 19-7e 69 65 a5 b1 59 43 aa ........~ie..YC. 0030 - 1b ec d2 58 bd 65 69 fc-2a 48 7c e9 4d e9 20 6e ...X.ei.*H|.M. n 0040 - 61 e2 ee 0f 9e 99 2f ce-de 76 81 31 48 24 f3 ee a...../..v.1H$.. 0050 - 44 15 3d 3c 30 70 ba ff-b6 8e 12 43 55 d8 22 22 D.=<0p.....CU."" 0060 - a9 0d aa 89 9d 0e 91 e3-3b 7c 26 35 aa e1 24 c8 ........;|&5..$. 0070 - d9 f3 f7 fa d3 f7 98 c9-96 29 0f 82 34 28 97 fc .........)..4(.. 0080 - d0 ab fb d3 7b ac 12 dc-f0 4a 05 f9 4f 34 28 45 ....{....J..O4(E 0090 - f7 a8 86 2f e0 b3 79 72-59 c4 f0 7c 48 47 05 23 .../..yrY..|HG.# 00a0 - 79 d0 76 29 f9 be 3c d8-88 b2 17 bb 95 f4 ab f8 y.v)..<......... 00b0 - 92 a6 7a a2 11 ef eb 78-d5 79 e0 68 d6 fb 93 2b ..z....x.y.h...+ 00c0 - a8 13 8c b6 07 5d 54 59-3b 5b 41 f1 36 b1 07 04 .....]TY;[A.6... Start Time: 1773768248 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 62DEADE83D3D4F12AA9609730246D583FB7A113D5F6B573EB1125452A7CD6D9A Session-ID-ctx: Resumption PSK: 49636DB4D80F922846884E4BF7726A07D0AF2E441BDF7A281DD6837E5522CC362724D443040B205FA889F2B264EF65FE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - df 6b 56 ed 23 e2 fb 58-bf 78 30 93 88 5d f6 c6 .kV.#..X.x0..].. 0010 - 5e 92 53 e7 ee db 06 a6-f7 0c b1 35 fb 72 13 63 ^.S........5.r.c 0020 - 19 a9 53 5b 62 bb a8 2b-c5 ee 37 fc 7e e3 dd f3 ..S[b..+..7.~... 0030 - 65 98 50 c7 f2 ea b0 0b-90 54 4c e5 e3 ae 53 42 e.P......TL...SB 0040 - be 10 62 eb f9 ef 42 bf-a0 f7 5b ed 7e 35 fc 4a ..b...B...[.~5.J 0050 - 6c d9 cc 19 e0 4b 2b 40-75 d0 ee f2 5e 68 d4 5b l....K+@u...^h.[ 0060 - 29 72 21 9c d7 ca 07 c5-26 72 bb 02 b2 99 6f 98 )r!.....&r....o. 0070 - 9c ba 7a 41 f6 de ef 41-f8 c8 68 aa 8c 1e ac a9 ..zA...A..h..... 0080 - cd f6 c0 a3 07 90 99 fd-70 c3 4c d5 95 1d 42 d9 ........p.L...B. 0090 - 1a 1a fe 63 5b b4 be 95-60 6b 7d 60 73 21 d8 82 ...c[...`k}`s!.. 00a0 - 19 cf c8 53 0e cf 47 87-a1 fe 2d 21 32 9f d2 15 ...S..G...-!2... 00b0 - a5 fe 98 dd fa 3c 49 33-8d 12 25 9e 02 a1 f2 e9 .....o.|L.e.d:f. 0090 - d1 fc 4e 8a 97 53 94 33-78 9c 88 47 8c 56 d3 f5 ..N..S.3x..G.V.. 00a0 - 66 17 59 68 9b 25 da 91-aa bb a4 77 4e 8c 29 17 f.Yh.%.....wN.). 00b0 - 6f 71 cb 26 a5 c8 8e 4f-71 f1 20 fd 3f 0c 1d c9 oq.&...Oq. .?... 00c0 - b1 e1 69 2e d1 97 c4 36-f4 cf bd 64 11 82 db 30 ..i....6...d...0 Start Time: 1773768248 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4DF42ACD3C8D08F5664DD4525CDF169886ABA8D9B0B8AC24C50C5D75F90F26B0 Session-ID-ctx: Resumption PSK: AAB4AE7C306557F8185594A0A03560DAAA8262328C9B2BCCE3E43EA664F5B8D784B47EF70AC160639D08F00D911D646E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 79 84 53 b2 a9 7e 6c 8c-be 4f 52 32 4b 28 37 03 y.S..~l..OR2K(7. 0010 - 5d 71 a3 b8 74 35 f5 84-bc 9e 5d 50 fa fe 3d b2 ]q..t5....]P..=. 0020 - 91 f7 be 72 f8 91 87 c3-e8 06 88 f6 c3 43 b0 1b ...r.........C.. 0030 - 93 f7 e0 1a 2a c8 bb 1c-ed 76 8c f1 96 5b d5 a7 ....*....v...[.. 0040 - 1d d3 19 01 f1 67 7c c0-61 be cf 7c 48 52 22 cd .....g|.a..|HR". 0050 - 6e 71 44 e0 2b 4e 75 63-44 6e 81 e8 a3 05 80 c9 nqD.+NucDn...... 0060 - 32 83 e9 52 6a fc 38 c8-70 f4 c7 9b ec 12 a7 e2 2..Rj.8.p....... 0070 - b6 02 08 4f 40 5c d2 30-95 83 00 6b 9c 24 25 32 ...O@\.0...k.$%2 0080 - b3 58 7b 26 87 5a 80 67-1e c0 18 a1 94 9a 4d f1 .X{&.Z.g......M. 0090 - 6f ff 48 7f 3c 34 2a 33-ec 14 50 c7 cf c5 ff c8 o.H.<4*3..P..... 00a0 - 04 70 a3 f6 98 ab 08 ac-64 56 f0 6b 55 4d 94 e0 .p......dV.kUM.. 00b0 - 6b 73 59 2e cd 36 a2 7c-f2 0c 20 e6 ad 9d 6a 6f ksY..6.|.. ...jo 00c0 - 2a 21 36 1d 41 5d 18 9f-c0 d1 19 36 88 c3 b4 58 *!6.A].....6...X Start Time: 1773768248 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 402C0ABAFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIFxDy8U6V70S6GH/EtgDqYvOrIXo7gWCiPz67FRJMIhI BDCqtK58MGVX+BhVlKCgNWDaqoJiMoybK8zj5D6mZPW414S0fvcKwWBjnQjwDZEd ZG6hBgIEabmOOKIEAgIcIKQGBAQBAAAArgcCBQC6BetQswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 17 17:24:08 2026 GMT; NotAfter: Apr 16 17:24:08 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUWq2pJ/h/A2yRpXYfT22GT6QXJykwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzE3MTcyNDA4WhcNMjYwNDE2MTcyNDA4WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgw1ovV0R6SDn8qBuu648 5YYopIK+eDo21cCPZ7D+2KAhmaoFKQ2e6BzAjmHDqLAZVsTRyf95AvtxhQzXKsTE FR+L6NTXB/n3Nr9S9iiwFha4kEaFZGXDcBr6Q9DcasoLmIPrPAwDxHLJs+jmURgf L4sdQkVzVyPWsk7pkWTSElHqFjatesFVwnXcOAmF8q3pzMMIXd9ymbxysTqgnVu9 IPFJov4SF66LHGjYpxPP2mmdcOfrYt5FkYXQkyFazZAvw5LtSgKwGOe71uTNf/Ei nTOpNyVcZLPcQ/GF2PgM5QKLwnJuFSw9Uw07UKL06AoRHQIx6XIMdPH7bTf1uwsX tS2Z/I5aacVjscP1psZT6pIaXUBxbAlBKplAybRYLrE7+fKXCB+McNn/G9Lase3N /f571oXKEjJZho/4mrXGITUNugaqeyIWY47S5ze80Mge+S7RdH3ffXRuHL/S58V5 IeNSXKOpgVPFasP9ANh6wKIzz4tfQIENuMI2wTdedi3Dh51B1wIDAQABo2kwZzAd BgNVHQ4EFgQUibv4IWoEi3+kXNZjximoUNg5ag4wHwYDVR0jBBgwFoAUibv4IWoE i3+kXNZjximoUNg5ag4wDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAhxumW9+doy7bc0fgmfr1ZkDrR2zBKE gl/no5y180oT3xxoCAcisAYAGVzR44PwRV4IRPH0lb8hPVu092tn+WfinOicY5FH bijlh3lM4nTTR3cOQdAaAHhoQ5H2sFh8vckM0sYurYD2n1u9xhZGDhrCqLM//wjm 4EScCUcoLGRcxcYlPnSWeRE5F02q1r2JMtfRH6i1WgiNh4cmkIRhFKlIa/TFD+ZQ gWRe7wMAiUyJxZ6OC914hwCA7L/vToELkLh9dFJvP9/rpWYg9a0/4mn4PEa2/NyC w0MtQZkT1u8ZdcQZnAnxFioi3GkHqUlkHEIbsw7n5JBJGWv7Umb/rahTbIeEfmrt 1e0tCdEVjOVgAli2uOyGot7X0myVzTwCAnRzARhMDXtd1BJUgE+dw2EL1XEwlQMV grgG/yFK3Pyr/RCKBLmZSK/HPLHt3DpJYKQdQSQk71jN/fwRkkB925OrLGgw6PWU Gjt35o9kdVAhgQ3FfMkOYsNsXfhlNPz4XZ6iwg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4C4FD20EDF1E31F0ED97FC1C2B5B31DCD3E4801ABE51E4A243936EA6A534DF28 Session-ID-ctx: Resumption PSK: 709A7F7E53751CD1BB851151F5F6467B9228480F27B7607B653B41455C5C7AD11AB1DCECB493510EE227BD5C8D73AE08 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 93 87 b7 8e b3 69 89 79-81 0d 8b d5 b7 40 44 db .....i.y.....@D. 0010 - 3d c3 53 f7 e0 ca 90 b2-c2 f4 11 4e d0 aa 9b 47 =.S........N...G 0020 - 29 4b 59 29 46 0e 76 35-f3 de c9 89 d2 a0 6e ad )KY)F.v5......n. 0030 - 83 5a 98 ef 97 c2 47 1d-fc 4d d0 fd e0 1f 60 78 .Z....G..M....`x 0040 - 9d e6 f7 81 20 c3 b3 e7-e6 77 36 ff 60 c5 b2 94 .... ....w6.`... 0050 - 9f 75 0d f4 26 81 a5 12-a3 96 f3 b5 56 24 31 70 .u..&.......V$1p 0060 - 4c 20 5a b1 4b cf 1a 6e-83 f4 58 c8 5f c1 8f c0 L Z.K..n..X._... 0070 - 74 4d e6 c0 d8 4a 68 21-7f 2a 7c 98 7f d3 eb a6 tM...Jh!.*|..... 0080 - 25 26 97 01 97 98 1e 24-04 4f ee 48 64 0b 5a eb %&.....$.O.Hd.Z. 0090 - 3a e7 2d a2 54 fb 05 c5-b4 d7 a0 08 42 75 58 2e :.-.T.......BuX. 00a0 - 93 11 23 2f a3 07 1e d3-77 17 ca 06 cc fd ea 82 ..#/....w....... 00b0 - c6 30 6c 64 5f 17 f0 28-3b 9d 1d cc c3 90 ff ae .0ld_..(;....... 00c0 - 06 b2 cc 3a e4 60 12 41-1c d6 9a 8d c5 20 0d de ...:.`.A..... .. Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F8BCEDF88BF5A274B22F0AE182D20BF748D53CD21E752273B0550CA4A448574E Session-ID-ctx: Resumption PSK: 61BB570844B281C6D157F3881C1F782222251D3242B7C344DE76E98B080E1FFE9EA04CF5894BB8744E4203FA0349841F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 93 87 b7 8e b3 69 89 79-81 0d 8b d5 b7 40 44 db .....i.y.....@D. 0010 - f5 aa 13 8b 37 de 74 b0-85 e8 b3 ab 49 3c fb 29 ....7.t.....I<.) 0020 - 63 a1 95 d9 5c d5 a8 70-1d bb 35 05 84 92 b1 6f c...\..p..5....o 0030 - ed 63 34 cf ef 9e 65 29-73 be 87 f0 12 b1 9d fb .c4...e)s....... 0040 - df 4d 37 3e ab ef 91 94-4d 81 94 04 41 cc 4d 44 .M7>....M...A.MD 0050 - 35 a4 c0 79 dd d1 25 c5-0f 0b 20 9a 15 8a 6e 1a 5..y..%... ...n. 0060 - 53 41 52 9f c6 0e 31 a4-27 c6 97 04 8f 1f d5 a6 SAR...1.'....... 0070 - 2d 4b 3a 3a dd 08 5f ad-9e 0e 54 0a 12 8e 12 b7 -K::.._...T..... 0080 - 69 b4 88 f3 b5 16 75 cf-db 9f fa c5 87 92 94 d9 i.....u......... 0090 - cb 0d a5 fd 66 23 8b 43-9c 51 54 13 98 46 61 d6 ....f#.C.QT..Fa. 00a0 - 45 cc b8 b7 3e ee f2 45-c2 f4 bd 9d 3c e5 e8 46 E...>..E....<..F 00b0 - 22 ce 10 81 ed fe b5 da-45 71 36 3f 79 3f 34 67 ".......Eq6?y?4g 00c0 - e5 48 37 a2 ae 22 ad 4f-68 c2 9b ac 83 9f 77 50 .H7..".Oh.....wP Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40ACCE93FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIKI1quF5VY0aFer3j95r8YThU/1QlmxGjiQDOwKThDKS BDBhu1cIRLKBxtFX84gcH3giIiUdMkK3w0TedumLCA4f/p6gTPWJS7h0TkID+gNJ hB+hBgIEabmOOaIEAgIcIKQGBAQBAAAArgYCBG6YS8uzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 651742115BEA95FEF001AEBB410D1A8AA4F42BC8C7A576C211154F3A324ACE6F Session-ID-ctx: Resumption PSK: DE90A3D2E37E91372E4A9FBF6633ADE99DCBFB5A0FE99CA9079B6439A96A9BC886AC9C9D485640B8E2BACFA3F3AEE3B5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4a 4b 28 62 dd 14 04 52-d4 7e 80 99 03 82 49 2d JK(b...R.~....I- 0010 - 35 af 61 14 52 40 21 6b-08 0d 58 2a a6 77 b4 73 5.a.R@!k..X*.w.s 0020 - 63 60 e7 73 d0 af 0d 87-65 81 bc dd 34 ae cb 82 c`.s....e...4... 0030 - a6 27 b6 db 73 60 e9 9b-f6 8a 20 23 80 62 f7 64 .'..s`.... #.b.d 0040 - 88 a8 2b 3c 8e 66 23 58-26 cd 1f cd 10 a9 7b c1 ..+<.f#X&.....{. 0050 - 88 dc 8a 9f 5d 28 68 04-34 7b 07 0f 58 66 22 db ....](h.4{..Xf". 0060 - 9d 9e 78 fc 63 2e 42 fb-ff 8d 59 c2 5d b1 d7 a3 ..x.c.B...Y.]... 0070 - 84 a6 6e c6 70 ba 95 63-5c df d1 01 c8 68 4e 4b ..n.p..c\....hNK 0080 - 51 4f 7a 78 7b 0b 44 7c-4a 13 1a 5f 5f 31 c0 52 QOzx{.D|J..__1.R 0090 - 16 4a 5b a5 b7 38 9b 2f-70 b4 72 df b1 68 4f 68 .J[..8./p.r..hOh 00a0 - 06 50 2e e9 1b af 57 62-0a 32 52 38 b0 c6 80 7d .P....Wb.2R8...} 00b0 - a7 d5 44 57 0b ef cc 27-84 9f 0b b6 ec e4 61 6a ..DW...'......aj 00c0 - fa ed 11 13 6e fb 1a 0d-e7 fb 17 16 e5 fa a6 f8 ....n........... Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0A4CDFC01B4960EABAF7E58DB174C427220A71CC986C26936B9DF525DDFFC522 Session-ID-ctx: Resumption PSK: B0215EF902484F24F3C009668247F73900C2A2B083A81F6C89674F5296A5F94F49071FEA040D47414A2573EB991133FA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4a 4b 28 62 dd 14 04 52-d4 7e 80 99 03 82 49 2d JK(b...R.~....I- 0010 - 5b e5 5a c2 82 58 46 a9-8c 10 6f 9f ab b5 3c 2d [.Z..XF...o...<- 0020 - 18 00 03 4b 82 27 b6 10-c3 a1 c3 13 72 1b 64 af ...K.'......r.d. 0030 - 81 13 c1 d6 2f 51 43 0f-27 71 ce cf c4 58 b7 4a ..../QC.'q...X.J 0040 - 74 b0 c5 c2 70 4c d6 65-24 c2 19 18 89 34 1f 07 t...pL.e$....4.. 0050 - 72 1d af 32 42 44 50 d5-c8 0d 4b 74 5f 95 2d b1 r..2BDP...Kt_.-. 0060 - 61 2a c9 33 da 45 15 75-c6 e6 b6 a7 3d 7e d5 db a*.3.E.u....=~.. 0070 - c0 6e 7b f5 65 5c 3f 73-72 1c 2e 8e f7 99 af 08 .n{.e\?sr....... 0080 - 6e fc 21 80 dd 46 6e 24-99 b9 eb e9 a9 fe e6 49 n.!..Fn$.......I 0090 - d3 89 dc 29 fe 5e 5c 1f-03 42 cd e0 7f 7b 98 9e ...).^\..B...{.. 00a0 - 0f 19 97 72 eb 5c 7c 5c-63 cb 2c 2e 68 cd 11 c1 ...r.\|\c.,.h... 00b0 - fc 2f 09 b3 5b dd 5a 06-fc 69 69 67 e3 66 29 7e ./..[.Z..iig.f)~ 00c0 - b2 ff ea 7c f2 6f db 29-da 58 b5 14 38 8c e8 fd ...|.o.).X..8... Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 408C3FA5FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIMmTz0dfg0rM+1CNsVA6Py38koqOwXUqrp004wgusBbN BDCwIV75AkhPJPPACWaCR/c5AMKisIOoH2yJZ09SlqX5T0kHH+oEDUdBSiVz65kR M/qhBgIEabmOOaIEAgIcIKQGBAQBAAAArgYCBHPqal2zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAGz6Qok8x4rtX4KTOC0jU+6teQQwgIz6Q4Nz6QuYQkl9o4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFB49CI0IrkQQbohiY3OUK04C+QgEMB8GA1UdIwQY MBaAFD90z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQBvTdK/ cSXYdGtHeBveDEvX/6hwhOnynEPjLezPxVulM9lgjw35bG9qr0z+w3a3wEr8e8H6 18l8HfFkVPAvSwnOEbdVwCeP8A9baNp8vqazSrbZXe5IdoMA7Yw1qPOk2yV8M1Er +XOYFuesHJrjyzQE9m7BnURqQeRLYxHXPTdzDEFeIrtmyJg37bp548zLB98BT2TS DDo8oLQmi7DVT+rx6aIQmqGgHhKfVF31y05ThPfpxFr8zcV16v+/0WKYwlj51Xwd TDuYPEfpCOrRu6Ny8OWkzwMpQOiKZ5DsgdIP1ja5agZ54HFnRn5oYCRuXzPiUb7Z d2xQ1y4neNF8Mk97 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4946061B1425FD8FB7B5BEA1B1B8BB417813CC3FB987F04BD032A381088FFCB7 Session-ID-ctx: Resumption PSK: ECED3D1F9F4A2BE8172C3FE6C1CA8CA446FB93480AA765D4F64DCE26C99BE097B8E88448F0B31B43CB8EDCF4B789D365 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0a 54 f3 7d 50 31 96 55-e6 92 6c 99 db 51 9c 83 .T.}P1.U..l..Q.. 0010 - 80 0f 5e 7b 95 d6 89 f1-71 bf 26 1c 11 1c 57 a7 ..^{....q.&...W. 0020 - 00 ee 9e f8 8c 14 80 42-61 b8 4d 64 d2 80 fb 85 .......Ba.Md.... 0030 - ac b6 c9 3f 69 d0 55 68-84 21 17 f4 6d ff 7d 4a ...?i.Uh.!..m.}J 0040 - db 80 4d 4e 7b 6b 95 93-74 84 23 8d 7e d6 61 fc ..MN{k..t.#.~.a. 0050 - 7c 81 f5 b5 6c c3 57 cb-06 89 d4 60 a0 1e 9e a6 |...l.W....`.... 0060 - ab 71 15 93 5f f7 06 ea-ac c6 42 f1 2c 90 ac 93 .q.._.....B.,... 0070 - 8e 4f d3 bc ba 7d 9a ed-8d db cd bb 4d 9a 4c b3 .O...}......M.L. 0080 - 94 2e 62 91 59 68 b3 8f-53 aa 38 6d 96 d6 77 a2 ..b.Yh..S.8m..w. 0090 - 6d 21 50 a4 5d be 07 8f-a8 c2 0b d3 f8 5d d0 a0 m!P.]........].. 00a0 - 37 36 63 90 33 66 a9 cb-c1 9e 1b f0 87 a1 a4 7b 76c.3f.........{ 00b0 - a4 0a 6c 3e 89 04 fe cd-7f e6 a2 08 ba 16 47 ec ..l>..........G. 00c0 - 62 fe 4b 1f d4 93 f7 5f-e9 e4 03 7c 21 81 d2 d4 b.K...._...|!... Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FCB4B0C4DF702C01F8D03B903ED2515D725564A4B7DF3C09B824102FC71A996B Session-ID-ctx: Resumption PSK: 7001B16DD644DFECB74331E286224A8E77714312287D2B7260BE79E1B007E33DCB08A6BD475B29F763FEDB6FA0E95C44 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0a 54 f3 7d 50 31 96 55-e6 92 6c 99 db 51 9c 83 .T.}P1.U..l..Q.. 0010 - 8a f4 57 03 7e 2a 3b 03-b6 36 d7 dc 84 d9 7d 5d ..W.~*;..6....}] 0020 - 12 b4 a1 26 71 3d f7 a2-28 0d 7a 16 dd 2b a6 15 ...&q=..(.z..+.. 0030 - c4 40 81 c5 27 7c 40 ba-6d cf 01 be 8d 34 b1 43 .@..'|@.m....4.C 0040 - fc 0c 15 fb e7 d7 a0 fe-77 84 95 39 5d 62 01 a7 ........w..9]b.. 0050 - 87 34 fe 71 54 02 3e eb-e6 2c 41 96 9f f0 32 94 .4.qT.>..,A...2. 0060 - 17 d0 6d 3f fe 8b 5b 14-fa f8 22 93 52 cc 29 61 ..m?..[...".R.)a 0070 - c4 a7 04 3a e4 c6 a7 a4-13 f7 f3 cf 68 77 c8 5a ...:........hw.Z 0080 - 31 cd 97 87 73 58 19 90-68 e4 25 a7 5a 90 cb 93 1...sX..h.%.Z... 0090 - bc 74 31 ee 4a 1b 5b 01-0d e5 98 78 a9 16 19 26 .t1.J.[....x...& 00a0 - 0a bf fb 40 cd 18 8b 5a-74 88 bc 92 df 6e 90 52 ...@...Zt....n.R 00b0 - 59 f1 10 16 3b ff 83 92-fc c0 8a 74 f6 54 ff ae Y...;......t.T.. 00c0 - 62 62 83 87 df 41 2c d2-a2 32 d0 e7 51 25 8e 45 bb...A,..2..Q%.E Start Time: 1773768249 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 407C05BBFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIMhxYqJeVm4/DI37iJDeX1QxAQvx3++d7H+hjLonMHE9 BDBwAbFt1kTf7LdDMeKGIkqOd3FDEih9K3JgvnnhsAfjPcsIpr1HWyn3Y/7bb6Dp XEShBgIEabmOOaIEAgIcIKQGBAQBAAAArgYCBHC2VJWzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgDgdZd3LlnFcxwB7cIuY2xrPPI14RL+70Eq7adayWmz3y7i20T6JU5i3u7KqGCG qcROcfWw+Lb17YCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUa8MNuL2g Ft7BN2NLSkjE9zU7LeswHwYDVR0jBBgwFoAUP3TPoRuk/nwVRZ0qSjBviWtEyZkw DQYJKoZIhvcNAQELBQADggEBAGvyJ7Qup9q12OrjCUpLGjNIvBxFpzBS+5HNF12z sd+2ULZ2pQLumTyHcPvBIMHoSX0XQCBSVxbMUADQAeepTOAWiYgqpff05vxXiKPe Rfs1x7nQ+yO7NDUBPc62wcadjdAVuIR6+wGjw0LxOSl/v4tSXoE4vhF4/3n5H2dc FIJStE1BRrAm/1gBQb1tD04OhDdfw38i2GLefMFnOrw7pPwi/MxQS/mm0Tf3q+aI qKV0G9T5zco2kCmhuFy/UMW+S2o37F6KEd0l1HiX8arxgap1q2I1UgtmHd4BkS7s 3VZWXhXsBdaKA++NeQRjhDi/hR173+7C986EemxPVq3ZrvM= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B9484103702A46D9B2B2282D8B2EF9E36435DAB6391FFF2C813349572A2BAD41 Session-ID-ctx: Resumption PSK: 95B72BD08843A9C77A9F7EE1A8EF5F03F00C69DEC3BE182658CC8CA4F3A016C92833B034AAE64BF8E28ADC667F5C0E30 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 60 57 c8 2e cc d0 fc 29-31 82 f7 78 0d 63 3e ee `W.....)1..x.c>. 0010 - 53 2a 6f 9d 6a 56 d2 d0-08 7b 75 26 60 42 8b 30 S*o.jV...{u&`B.0 0020 - 06 56 40 53 e3 8d 08 e0-8e 0c 1b 22 8e 83 f2 bf .V@S.......".... 0030 - cd aa 19 40 19 aa 53 56-1f ba 87 25 31 63 cf 26 ...@..SV...%1c.& 0040 - d0 13 6e d8 7c 79 9d b6-13 15 b3 2c d2 28 ae 65 ..n.|y.....,.(.e 0050 - b1 51 0f 45 13 39 aa 22-66 7b 44 e4 25 d2 00 a3 .Q.E.9."f{D.%... 0060 - ab fb c1 ae fd 77 06 ef-a9 af e7 55 d5 00 29 8e .....w.....U..). 0070 - d4 54 b4 da bb e8 c9 36-36 45 24 05 32 a1 80 93 .T.....66E$.2... 0080 - 8b f2 20 83 74 cd 3d a4-98 d8 da 98 ea c6 9b 2a .. .t.=........* 0090 - 95 4a b6 2c 53 a1 fa 9e-79 90 79 2c 78 eb d6 bc .J.,S...y.y,x... 00a0 - a3 85 7d df a6 72 b7 19-be d2 30 4c 16 2b ae 70 ..}..r....0L.+.p 00b0 - 30 c5 86 88 6a 9d 93 89-da 9b 94 56 aa a6 c3 27 0...j......V...' 00c0 - 7e f5 9c b7 f2 ce 5e a5-88 bd fe 84 52 83 7d f9 ~.....^.....R.}. Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AA00E6C54678341E6CC09EE9C6456C1AA05193E2212CDAF81B45801A142ED60B Session-ID-ctx: Resumption PSK: 2B9875BC6DA0CB1EDBAC49871ED95383D8D95DCEA232E6355F48E615F44F12350DDB9BCE881A3DB2C52A369A496EC759 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 60 57 c8 2e cc d0 fc 29-31 82 f7 78 0d 63 3e ee `W.....)1..x.c>. 0010 - 20 62 20 87 23 d5 66 86-7b 31 58 01 bb 1c d8 29 b .#.f.{1X....) 0020 - 08 90 29 a0 f5 bb d6 b4-47 40 3e 32 6a 8c 1d a7 ..).....G@>2j... 0030 - 81 92 13 bd 50 fd a3 5e-8b 79 d4 f6 4d cd ad 26 ....P..^.y..M..& 0040 - 7d c4 a6 b1 e7 aa 9c c3-8a e6 77 db ac 8e 93 ac }.........w..... 0050 - 94 06 68 19 10 66 5a 8a-ae dd 9a 8e cd 54 36 91 ..h..fZ......T6. 0060 - d8 87 e4 a2 b7 c4 81 73-e0 25 c6 f7 5e 7a 74 03 .......s.%..^zt. 0070 - 9b aa ba 5a 90 c5 76 d3-13 e6 4e a8 c0 d6 fe 5e ...Z..v...N....^ 0080 - 63 58 5f 62 80 9d 9e f5-95 e5 61 e3 fa fb c4 ff cX_b......a..... 0090 - 75 8c 89 81 00 78 76 bf-4a 74 d5 45 f2 46 69 cf u....xv.Jt.E.Fi. 00a0 - 3d 24 96 b6 a4 02 30 40-4e 58 3c d8 a1 f7 76 85 =$....0@NX<...v. 00b0 - 0e 37 16 f5 5f a0 6b 0d-f9 31 82 77 0c 30 5d 7a .7.._.k..1.w.0]z 00c0 - 1f 23 1f be 48 bd 83 02-9e ce 3d 8c 97 ef a2 a9 .#..H.....=..... Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40AC1DB0FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIBqHNEK6z2AzSeCsgn4FKyFM+nNmP7wAQeBOUmYc9h0t BDArmHW8baDLHtusSYce2VOD2NldzqIy5jVfSOYV9E8SNQ3bm86IGj2yxSo2mklu x1mhBgIEabmOOqIEAgIcIKQGBAQBAAAArgYCBFRVbPezAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKhECHXQrtrz7fPrzzk3z0QrlkhB+z7TCqSA aOeNyP6RP9o2Me2DOORJxOf56RCJlFtmApxqy/2YsuIiZQljCiAH22nybfLHKXgH /+pe0w+i6Oszvm1+4Vffl9pE77pRSTouN0+xK+I6ufiDacgyoK95vVWSuNqhDA2x zBoZJrdpYZlQ9JaVOnBtIh9gK7xv9l4mny6R7ZU8dUXrSVQC6kkjkR3VrL9MYCyf Kq2MP43HCOeZA6TIiUk7sy5mN8bFP298Oz6HJ02yAi8eorLnVWAdKMeSIZeVO8pA pCeCTRVIUJpvbTM6XcxYqpqiLLsUR4koaDCGc6NKHKe2+ma4wGMCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBSAPlDBMnaXnhN/93XlYvvFelRvkDAf BgNVHSMEGDAWgBQ/dM+hG6T+fBVFnSpKMG+Ja0TJmTANBgkqhkiG9w0BAQsFAAOC AQEACv8K4SwWpfFsiyUS75FibSsiNjmJlyVhH4tlM6Web3PCi1mK8bFB7mRDPnu8 /R1wHkct1zk1EQS4KAG2UsZhnabvaRW0M7zinPul53k7V3MUn+87VGOkeRrB8C8E fa+BaeNC6XrfYYmzdePhzdbCcNxQIQTlg9v3uOZp/pVOeex4pvAmv4ZI4BSNMO2v 783uYC+shsHqtDNLQ0fNkQtEsua8GGkb3wOkWM8ZphSpnEkDdtHq4YgBlkVQCzP/ wZZDYvqDfc6wsNEB9cl4J99JOFQ+bIP0HyI97XvHhLW/Atz8ZJ36ZZK1mZ5HHXQa QlV9GDw32J2k5zESqp86fidrTg== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: B05C13F41472D707064CCF5C3FB6749DF074BE4C2347C1B63F3EDB4E08410FCF Session-ID-ctx: Master-Key: 3D23453BDFB25FE6BC15EA2C240D4FD4EE6C80558F6B8BC410A051A29AE3039B6F814B55759B4783FD383CE27972DE56 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 08 c0 c6 a8 08 42 62 02-b9 d6 1c d6 9d dd a8 7f .....Bb......... 0010 - 7c d7 e1 5c 3e 28 14 a9-d5 ea b5 72 e7 0d 99 c4 |..\>(.....r.... 0020 - 49 ca 8b 95 26 4b 85 e9-d0 0d 30 e9 59 82 b4 19 I...&K....0.Y... 0030 - 46 df 9f 99 8d 6f 79 ec-ac 3f 1f 20 bf 6a 63 c0 F....oy..?. .jc. 0040 - a0 4b e0 07 22 d7 20 85-59 98 e1 3d c9 7c 40 bb .K..". .Y..=.|@. 0050 - 68 3c 7b 28 4b ca 2f c3-d5 d4 c6 5b fe ee fd 10 h<{(K./....[.... 0060 - e1 4c b4 90 ee 43 5b 41-8e 58 92 27 c7 df 3b 45 .L...C[A.X.'..;E 0070 - de d4 9b aa 17 01 3a 27-43 ce 0f a5 31 2a d5 c6 ......:'C...1*.. 0080 - 64 4a b1 19 7f 4b d6 65-50 a8 80 e5 3d cb 68 86 dJ...K.eP...=.h. 0090 - 10 55 ce 10 d0 71 93 15-eb 1a f1 fc bb 8e 5e 02 .U...q........^. 00a0 - dc 2d 04 12 08 ca ff 5c-dd 51 4d 5b e8 fd 2a e8 .-.....\.QM[..*. Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 402C2B93FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDA9I0U737Jf5rwV6iwkDU/U7myAVY9ri8QQoFGimuMD m2+BS1V1m0eD/Tg84nly3lahBgIEabmOOqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKhECHXQrtrz7fPrzzk3z0QrlkhB+z7TCqSA aOeNyP6RP9o2Me2DOORJxOf56RCJlFtmApxqy/2YsuIiZQljCiAH22nybfLHKXgH /+pe0w+i6Oszvm1+4Vffl9pE77pRSTouN0+xK+I6ufiDacgyoK95vVWSuNqhDA2x zBoZJrdpYZlQ9JaVOnBtIh9gK7xv9l4mny6R7ZU8dUXrSVQC6kkjkR3VrL9MYCyf Kq2MP43HCOeZA6TIiUk7sy5mN8bFP298Oz6HJ02yAi8eorLnVWAdKMeSIZeVO8pA pCeCTRVIUJpvbTM6XcxYqpqiLLsUR4koaDCGc6NKHKe2+ma4wGMCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBSAPlDBMnaXnhN/93XlYvvFelRvkDAf BgNVHSMEGDAWgBQ/dM+hG6T+fBVFnSpKMG+Ja0TJmTANBgkqhkiG9w0BAQsFAAOC AQEACv8K4SwWpfFsiyUS75FibSsiNjmJlyVhH4tlM6Web3PCi1mK8bFB7mRDPnu8 /R1wHkct1zk1EQS4KAG2UsZhnabvaRW0M7zinPul53k7V3MUn+87VGOkeRrB8C8E fa+BaeNC6XrfYYmzdePhzdbCcNxQIQTlg9v3uOZp/pVOeex4pvAmv4ZI4BSNMO2v 783uYC+shsHqtDNLQ0fNkQtEsua8GGkb3wOkWM8ZphSpnEkDdtHq4YgBlkVQCzP/ wZZDYvqDfc6wsNEB9cl4J99JOFQ+bIP0HyI97XvHhLW/Atz8ZJ36ZZK1mZ5HHXQa QlV9GDw32J2k5zESqp86fidrTg== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0FB8E85DFF2981DC795D43A4BB5D4BF99BCE8C094FE9B6796B9EDB0FAE5AC4B1 Session-ID-ctx: Resumption PSK: 4D9BF515E4824C78FABE0C49AFD7CF08D7390414AE48959D2BF26DBCB5DAACE3A7DB55FDD359487399C849926016E242 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0f 83 1f d5 54 bb b6 74-9a 23 88 4d 30 d3 37 8d ....T..t.#.M0.7. 0010 - 4d 60 d9 8b 23 a7 d5 c1-b0 e4 c2 cb 6f 6f c3 20 M`..#.......oo. 0020 - 4b 50 b3 84 87 45 d0 a3-0b 61 75 e0 3b 1a 98 37 KP...E...au.;..7 0030 - a8 93 c1 30 fb 84 79 53-09 eb fa 59 55 d6 e2 4c ...0..yS...YU..L 0040 - 05 a3 21 03 73 ac 56 63-96 0c da 53 76 3f 2b 77 ..!.s.Vc...Sv?+w 0050 - 58 d7 a5 41 41 c7 de a4-be 35 5c 9b 08 34 6f 36 X..AA....5\..4o6 0060 - fc d0 58 e5 c7 3a 34 c3-04 b6 38 de 2e 5a f3 7d ..X..:4...8..Z.} 0070 - 5a 04 0a 25 9f b3 c3 27-00 d5 c3 d0 dd 09 59 ea Z..%...'......Y. 0080 - b0 4f 17 65 1c b4 f2 c8-4d 8b c5 12 76 49 83 b7 .O.e....M...vI.. 0090 - c3 6e 9d d6 69 d0 13 1a-dd 9c f9 70 62 31 fe 47 .n..i......pb1.G 00a0 - 8e a4 33 e3 cc d9 68 9c-ee 16 21 0e 88 0a c0 8b ..3...h...!..... 00b0 - b8 4f 00 e3 a9 ff 9c 22-01 60 11 11 f1 81 90 b5 .O.....".`...... 00c0 - ad ba b4 2d 0d 03 9a f8-ee 68 3f 06 ee 09 93 14 ...-.....h?..... Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: ACF9541D69BA3BB1A15D3BABAD17B81DEEAC51CE7EF7DAC26380478780132589 Session-ID-ctx: Resumption PSK: D16F4166B2865AF4A0A57B27D3681F117E4FA83FCF069150114DAE35736668ED51A62482B21F6F0C444E5831012EB313 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0f 83 1f d5 54 bb b6 74-9a 23 88 4d 30 d3 37 8d ....T..t.#.M0.7. 0010 - 72 62 0e 42 b1 f2 4c ed-9e db 7f 8f 72 ca 2e 7e rb.B..L.....r..~ 0020 - f8 2c b4 a2 85 c1 ee 17-54 24 49 83 5b f2 26 45 .,......T$I.[.&E 0030 - 0e c6 24 fa a4 a7 e0 4b-79 66 c3 c5 ac 43 8b 53 ..$....Kyf...C.S 0040 - 74 60 2d 7f ee 12 5c 98-4e 6e cc 99 c5 89 66 f1 t`-...\.Nn....f. 0050 - 42 4b 05 88 87 1a 80 ff-67 22 d3 7e f4 8a c8 db BK......g".~.... 0060 - a8 d9 1e d1 de 82 45 00-2c 24 24 30 4d 65 32 65 ......E.,$$0Me2e 0070 - 70 b5 b0 13 72 4f ad a3-b2 c5 d9 6c 6d ac 12 79 p...rO.....lm..y 0080 - 99 29 66 ec 76 36 7b 54-e5 01 6d 94 03 eb c9 59 .)f.v6{T..m....Y 0090 - 2d 0b 95 b6 09 eb e3 2c-df 43 7d 69 50 ed 96 7b -......,.C}iP..{ 00a0 - 19 80 ef c5 a6 f4 5d 2d-8f a2 05 11 ea d2 12 c9 ......]-........ 00b0 - 56 2b a4 54 38 b5 bd 89-d2 66 d3 49 49 8a 98 f4 V+.T8....f.II... 00c0 - 03 64 60 2c 72 cd dd b2-ee 22 fb 33 a8 35 42 c3 .d`,r....".3.5B. Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40FC1890FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIJaBFTi2vqW1vjed4GXZDihwuC60xtyUq8T2bpm17rf+ BDDRb0FmsoZa9KCleyfTaB8Rfk+oP88GkVARTa41c2Zo7VGmJIKyH28MRE5YMQEu sxOhBgIEabmOOqIEAgIcIKQGBAQBAAAArgYCBBzBnwyzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: A878B0AED2ED766A65657DDF828A0BBADDEAF54992CABD65CEDD4E619FDF0E7C Session-ID-ctx: Master-Key: D50C821B777403C177C153107DC70814886E556C044B67CF3193292146F4B8BDB6FE59F8BA12966627454A9644D80066 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e4 36 b8 40 76 c5 aa 81-c9 50 d4 cc 26 3e ff 91 .6.@v....P..&>.. 0010 - 52 2d 17 a7 ef 50 00 d0-9e e1 8e 62 4b d6 15 7c R-...P.....bK..| 0020 - f5 87 90 13 6f f4 6f 63-c6 d0 56 cd fd 1a 3d e8 ....o.oc..V...=. 0030 - b3 20 66 b2 5d 80 86 6d-b0 55 cb 8c d2 68 5e c9 . f.]..m.U...h^. 0040 - 52 e7 d7 06 7a 74 69 37-c1 11 fb 9f 00 b0 0e 4f R...zti7.......O 0050 - 67 91 94 5c a6 7c e5 4f-69 eb 8c f2 ff 0b 6a ab g..\.|.Oi.....j. 0060 - 02 6f 3e 94 f9 32 94 6b-da 57 03 9d 62 69 32 24 .o>..2.k.W..bi2$ 0070 - 6a fb 99 6c d5 7d 43 82-a2 ae 21 a2 a5 fe f9 61 j..l.}C...!....a 0080 - 56 3a 79 c8 57 d0 d1 d2-95 e2 de e8 60 65 85 fa V:y.W.......`e.. 0090 - 38 f9 88 86 d8 44 ab 93-da f8 1f 87 67 97 31 ad 8....D......g.1. 00a0 - 64 cf 0f 54 c0 b7 e3 5e-60 a8 81 74 11 0b 69 dd d..T...^`..t..i. Start Time: 1773768250 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40FC78A4FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDDVDIIbd3QDwXfBUxB9xwgUiG5VbARLZ88xkykhRvS4 vbb+Wfi6EpZmJ0VKlkTYAGahBgIEabmOOqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 4172784C466834CF7AB03CFA55EC648044CAFEB6247DCAE0B70F3E52BCC49D41 Session-ID-ctx: Master-Key: F223FBB696ECB240408A9D4189FC857986012E7D9B262BAF33042205BE36A8E2F8E5FF86E6538F7417FFB54C90762509 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 61 c9 52 e9 78 08 44 53-86 1f 9d 91 49 73 56 fa a.R.x.DS....IsV. 0010 - e1 95 c7 bb a4 cf b9 ce-39 bd 3f e0 cf f5 1e 64 ........9.?....d 0020 - 8f f6 9d 39 2b b2 d3 62-c0 b8 49 cf 53 ba 3c 75 ...9+..b..I.S...O. 0080 - 3b 2a 9c 6c c5 30 2c 0f-6e a5 70 35 77 ec e5 d5 ;*.l.0,.n.p5w... 0090 - 7a e5 c8 26 f4 b1 40 ee-d0 6f 6d 4e af 1d 9b 05 z..&..@..omN.... 00a0 - cb 34 29 3e 11 5a bd 6e-65 ea 40 b4 c1 bc f3 30 .4)>.Z.ne.@....0 00b0 - 81 48 99 77 e6 fc 7a ce-cf 20 55 11 92 5c 05 01 .H.w..z.. U..\.. 00c0 - 76 57 d0 83 0b b4 53 1e-d1 e3 de 73 e7 87 f1 79 vW....S....s...y Start Time: 1773768251 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 402CB580FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIAuKrfCfkAOdWUSQCl7zWXiafm6PM0kS5oPmP1nEl4zO BDDxAkODty/RmSvfz01zrfslAa7XlP+Odx9SdMrzoW33965UHQBS+FA3lEIoS+3q H06hBgIEabmOO6IEAgIcIKQGBAQBAAAArgYCBALzN6izAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKhECHXQrtrz7fPrzzk3z0QrlkhB+z7TCqSA aOeNyP6RP9o2Me2DOORJxOf56RCJlFtmApxqy/2YsuIiZQljCiAH22nybfLHKXgH /+pe0w+i6Oszvm1+4Vffl9pE77pRSTouN0+xK+I6ufiDacgyoK95vVWSuNqhDA2x zBoZJrdpYZlQ9JaVOnBtIh9gK7xv9l4mny6R7ZU8dUXrSVQC6kkjkR3VrL9MYCyf Kq2MP43HCOeZA6TIiUk7sy5mN8bFP298Oz6HJ02yAi8eorLnVWAdKMeSIZeVO8pA pCeCTRVIUJpvbTM6XcxYqpqiLLsUR4koaDCGc6NKHKe2+ma4wGMCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBSAPlDBMnaXnhN/93XlYvvFelRvkDAf BgNVHSMEGDAWgBQ/dM+hG6T+fBVFnSpKMG+Ja0TJmTANBgkqhkiG9w0BAQsFAAOC AQEACv8K4SwWpfFsiyUS75FibSsiNjmJlyVhH4tlM6Web3PCi1mK8bFB7mRDPnu8 /R1wHkct1zk1EQS4KAG2UsZhnabvaRW0M7zinPul53k7V3MUn+87VGOkeRrB8C8E fa+BaeNC6XrfYYmzdePhzdbCcNxQIQTlg9v3uOZp/pVOeex4pvAmv4ZI4BSNMO2v 783uYC+shsHqtDNLQ0fNkQtEsua8GGkb3wOkWM8ZphSpnEkDdtHq4YgBlkVQCzP/ wZZDYvqDfc6wsNEB9cl4J99JOFQ+bIP0HyI97XvHhLW/Atz8ZJ36ZZK1mZ5HHXQa QlV9GDw32J2k5zESqp86fidrTg== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: CEF865D3013B7D68CD9F9A406A3D376FD6BA85D310331FFDA60689B58E022D65 Session-ID-ctx: Resumption PSK: 8AECD8542294EFE8DE4351C8572B341F69C481CFBE52BD4C6EB430CFA3C5F0AC3B9CC5A07CCE691428560B2271F0CA22 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 25 7e 3b 70 f9 f8 70 12-69 91 04 d9 a9 dd 77 9e %~;p..p.i.....w. 0010 - 1e 97 91 52 95 21 96 86-d7 d4 88 3c fd 37 c8 42 ...R.!.....<.7.B 0020 - a9 8c 54 f7 1b a3 11 92-2c ca 42 de 10 f5 9c 20 ..T.....,.B.... 0030 - 1c d5 fa 0c b0 f5 81 82-8d f1 89 54 2f 15 76 5a ...........T/.vZ 0040 - e7 5f 22 ed c4 40 ba 10-b3 1c c9 e2 f3 95 6d 37 ._"..@........m7 0050 - 90 92 44 79 a4 61 b3 9b-6a 80 84 b4 aa 0f 06 40 ..Dy.a..j......@ 0060 - 4d 0f 09 8f 88 4b f8 e4-4a c7 91 ef 11 9e 10 bd M....K..J....... 0070 - 4a 0d 02 3b 6b 74 49 a9-ee 3e 09 cd 2d 65 2e 68 J..;ktI..>..-e.h 0080 - 8d 9e 59 bc 41 a3 5c 02-f3 73 ad e7 85 ac bc 6c ..Y.A.\..s.....l 0090 - 7b 3b a8 b7 e4 50 c6 02-b5 16 86 55 0a 9f fa 98 {;...P.....U.... 00a0 - 04 0e 60 49 36 f6 f4 5e-72 00 9d d5 9f ea c1 f9 ..`I6..^r....... 00b0 - 3d de ca b5 bb 0d 61 1e-3a 81 01 fe ed 98 35 b3 =.....a.:.....5. 00c0 - 94 1a a2 68 e8 ad 9f 97-97 6b 58 1a f1 46 5d 04 ...h.....kX..F]. Start Time: 1773768251 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 020E03D5395A7B0D9C86D8221CA6DA640F6DF4FD0AA78D0668D61BA9A6DE9164 Session-ID-ctx: Resumption PSK: 5D9325DCC5BEA4D025C35F3F3634E61C6BC05F07D0415D29390D9589D82888D67D14203F2AD003ABE5EBBEA4FA01A73A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 25 7e 3b 70 f9 f8 70 12-69 91 04 d9 a9 dd 77 9e %~;p..p.i.....w. 0010 - 03 81 f1 9f f4 25 82 02-32 b0 fc b7 a6 bb 2f eb .....%..2...../. 0020 - 0c 3c 21 02 ec 31 7f 91-0c 71 ab 64 09 31 b1 0d ..6_..].....=}. Start Time: 1773768251 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40DC0389FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIM1jZbp7BijSbxHzTUd3V9N5/dmvTC3JAN0Fd3QBmxDG BDBdkyXcxb6k0CXDXz82NOYca8BfB9BBXSk5DZWJ2CiI1n0UID8q0AOr5eu+pPoB pzqhBgIEabmOO6IEAgIcIKQGBAQBAAAArgcCBQDfdj2DswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 17 17:24:11 2026 GMT; NotAfter: Apr 16 17:24:11 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUX28SYviPRhE0hdwav4BReTu7ACowPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjYwMzE3MTcyNDExWhcNMjYwNDE2MTcyNDExWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQCN9tAEBQ4UBPZUbFMk UM5QPDWVAhIzp/AUbwJp49ARIxoIkQMtUI5Bie+CmyVMYCIfcW6oSshogmmz9NhF nDbLnaS96p3Hw2/19c8414lu1MU+oFp2iAl+NXP0PTyGgrtUgZXfSkOfGtFC4NUp b69Wf2KzzNwcZdELt79A1MI6UnJG/+LVu1BeF351Rejd7yPn1SPW1Ww9i5xKUSTx o0e4G4+fK6q+7KbEqgCUix7Py1eFY7r7m1FoBNE6SEL1hdcTYQrTeA9U7u733Y8R QAHohhGDNX7xdA99CJmVs2nmp2UIVdXcC3NFHA8GxbRi/u9CoukzjmnEkSIoMnmF 3uQNAgMBAAGjaTBnMB0GA1UdDgQWBBTjDBCRtmpFbhzoKwHPSuC89AKBYTAfBgNV HSMEGDAWgBTjDBCRtmpFbhzoKwHPSuC89AKBYTAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEABtOfnNdU9T4v ND9dBY/3qoef1fV4f89OyDL9vWmUezO8u8dhYXuAgstwZJ2NBInAiUAj8NH6pTqf LV3mxBqU04rfHxaT0u2lpCZEkwcgD/4P8ae2E+dE420mVw+VItZefJhzDoaoclXT jM/kQYPGC+2G2a8FqiNmDaUjRoERSCI8iG4dLctATgCJ/Ume9eDa2h2in3euVqKi LQ8YHZYuyo1ifU9FxUw5fhDXNVs/hJC5YXq4pJMHdbzLUgdn3svD8lt1pNJ9v204 yJejMwZXFxWqfIxrKx79DiZyL9WTgVgQpCYTWxFzh9n4scoabgplymM3u5j1l7Nu tFLFo35EtA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AD9EDD78FBC1D770B1FCEBAFE26843374B3253837DCC573FD39DFFA6E56177A0 Session-ID-ctx: Resumption PSK: 80B1B7AF975E33C9F50B7BDB11F51833A685245ECE00AA14FDE2346B61A8B382BB11EE9B6D21CFF6BE941662873A6104 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - dc 6a 68 04 0e 1d 87 c5-d5 9d a9 b0 07 3a 5a f5 .jh..........:Z. 0010 - eb 29 ed 07 96 c6 21 27-ec 83 ac 52 f7 45 0e c5 .)....!'...R.E.. 0020 - 55 e7 d5 c0 1f 2d 14 ee-bf f0 6f d8 2b 6e 4a ed U....-....o.+nJ. 0030 - 9e 5b 4c f2 f3 f6 13 d7-07 8d 84 f3 a3 c3 12 30 .[L............0 0040 - ad 5c 51 c3 a7 e3 5c b2-58 3c 71 a8 54 89 e5 89 .\Q...\.Xa. 0020 - 4b ea 85 07 f2 f5 f9 af-27 f2 cf 65 0e 25 be 75 K.......'..e.%.u 0030 - 94 e4 e0 32 59 d6 e4 ef-aa c1 36 a5 68 1c ea 01 ...2Y.....6.h... 0040 - 02 5b 2c 8e 21 7e 5f fb-d5 fe 6e 5a 01 67 10 67 .[,.!~_...nZ.g.g 0050 - b8 b6 fd 0e 7c 7d e2 26-54 fe f7 75 eb 96 8d ac ....|}.&T..u.... 0060 - ff ef ab 1e ef 29 5e b2-0b 8c 9b fa 18 cb 3a 7e .....)^.......:~ 0070 - 72 4a c5 0c 75 77 b2 71-1e 1a 79 1c fe a8 f9 cf rJ..uw.q..y..... 0080 - 25 6f 6f 5f 16 26 74 6e-2b f5 6e 8e 24 28 42 d8 %oo_.&tn+.n.$(B. 0090 - d5 62 73 09 48 66 a5 23-78 81 b0 d5 af 8e f8 41 .bs.Hf.#x......A 00a0 - d2 a5 72 34 45 e7 76 dd-41 bb 71 f6 b7 5b 68 00 ..r4E.v.A.q..[h. 00b0 - 59 ea 6a 53 28 57 73 57-28 f9 6a bd 01 16 4f d8 Y.jS(WsW(.j...O. 00c0 - 0b 82 92 ad 28 2c 26 fc-06 30 e8 c5 87 d9 43 13 ....(,&..0....C. Start Time: 1773768252 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 917B72DD7466ADE567187B1DF2027D04070AC0966CD410396D8D3C2E2635C1E9 Session-ID-ctx: Resumption PSK: D2820F224949AE6759946757CA67633D8224CC18A5A11F0D805E1F9C7EA1E101011C126B185F5FF774E0C5931AA8EE13 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 44 e8 f3 3f 19 8e 47 56-b4 71 42 07 1e 1a cf 83 D..?..GV.qB..... 0010 - be c2 0e 06 2b 86 ca c6-ed f6 6b dc 6b d5 4a 72 ....+.....k.k.Jr 0020 - cb 00 dd f6 df e4 8b 24-12 a7 5a 3c d9 25 dc 5a .......$..Z<.%.Z 0030 - f9 01 b7 0e 9c 15 73 5c-37 2e bf 6e be a3 52 5c ......s\7..n..R\ 0040 - 52 46 43 19 40 e2 92 05-09 bd 7c e5 db 38 73 c9 RFC.@.....|..8s. 0050 - d9 dd 27 d7 b9 62 1e 2b-90 c1 ab 46 59 ae 4c db ..'..b.+...FY.L. 0060 - 0d 6d 51 63 f4 3a a4 98-66 12 90 a4 a4 28 40 af .mQc.:..f....(@. 0070 - 87 14 59 b3 a5 83 b9 1b-02 58 23 02 5e 43 f9 4f ..Y......X#.^C.O 0080 - 61 22 b1 db d8 d1 17 d5-46 2e 87 fe 52 25 8b 99 a"......F...R%.. 0090 - c1 b7 47 ac f9 b6 96 2e-0d 4b 39 0e 96 e8 d7 ed ..G......K9..... 00a0 - 30 30 00 a0 93 de c5 32-45 03 62 4b 6e 87 33 1a 00.....2E.bKn.3. 00b0 - 21 41 dc 1f cb 3f e7 3d-39 b3 1c 81 4e bf 6d 06 !A...?.=9...N.m. 00c0 - 00 04 87 0e cb 4f 1c 5e-66 e4 c7 f0 97 5a a0 81 .....O.^f....Z.. Start Time: 1773768252 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 408C9584FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGpF2A/YTDf6UaUYOigNKbgpyfVbOCoAWYduDLoK3zO4 BDDSgg8iSUmuZ1mUZ1fKZ2M9giTMGKWhHw2AXh+cfqHhAQEcEmsYX1/3dODFkxqo 7hOhBgIEabmOPKIEAgIcIKQGBAQBAAAArgcCBQC19gZgswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F9D0438629B548B66B0400FCBD63EB43E97EA9E5EE189B883A6AE43373201A1F Session-ID-ctx: Resumption PSK: 361101D66FE0E7B5506679021D3AA1FF7E364F3534BE0CAA6A94FFF4A28F2DC608A2241794672F52B07F49321091A54E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e0 ae 39 1b 7e cf b7 45-ff 3d 6b e0 72 d7 2f 05 ..9.~..E.=k.r./. 0010 - e6 e1 af a0 c1 0a 90 f2-07 07 19 3f d7 77 5b c1 ...........?.w[. 0020 - f6 df 3a 6e 3a be 9f 5b-15 91 5b 22 0f c5 5a 7f ..:n:..[..["..Z. 0030 - 18 0f cf 5f fa 64 60 a2-aa 61 da 49 62 11 04 ae ..._.d`..a.Ib... 0040 - e5 c4 5a 05 06 4c c4 ab-c6 99 56 1e 6e 8e de a4 ..Z..L....V.n... 0050 - 28 32 41 53 2b 01 eb a2-5a 9e 29 36 10 9c 9b 86 (2AS+...Z.)6.... 0060 - a4 4d 41 f0 b9 9e 21 24-ba 6a 6d db 59 70 c4 48 .MA...!$.jm.Yp.H 0070 - 7d 83 06 eb a4 90 65 b1-fb 12 df 14 67 b8 62 f8 }.....e.....g.b. 0080 - 15 b0 b3 54 aa 9c fe 57-5b ea 53 b2 fc db 79 f1 ...T...W[.S...y. 0090 - 62 31 f1 1e 09 b3 40 6a-7b 91 4c 5e 1b d1 63 2f b1....@j{.L^..c/ 00a0 - 6f 38 5a 94 11 21 e0 33-ea 99 6a f3 f3 ff 14 3c o8Z..!.3..j....< 00b0 - 93 e0 20 55 7b 23 20 b6-d6 8e 72 2d af 44 68 57 .. U{# ...r-.DhW 00c0 - 56 35 15 5b 5c d3 77 a3-30 68 72 b0 01 35 d5 16 V5.[\.w.0hr..5.. Start Time: 1773768252 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 1031CB4D8DDD72B01F7D3DF58FFB18F4D17E6013EC0C91FA6DE0AA7263A726C0 Session-ID-ctx: Resumption PSK: 44761D1B4D6A7E2605F268F610C0DB4740AB5D2230831A98D624214A38097CDC56794606E0666C6F108AD544A66E3E2F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - e0 ae 39 1b 7e cf b7 45-ff 3d 6b e0 72 d7 2f 05 ..9.~..E.=k.r./. 0010 - 60 b2 26 c2 26 e2 35 dc-03 54 e1 2d 5c b9 28 d9 `.&.&.5..T.-\.(. 0020 - 5d 95 5c 4f d7 f4 b6 91-dd 51 8d 84 29 e1 93 2e ].\O.....Q..)... 0030 - b8 b4 64 55 7e 19 77 2c-f7 70 4c 0a 76 49 a8 bc ..dU~.w,.pL.vI.. 0040 - 38 77 5a ca 4c 75 15 08-d8 84 e5 16 17 fa 99 9f 8wZ.Lu.......... 0050 - c8 1b 0a a1 ce fd a5 f1-a1 11 47 03 41 02 cf 7f ..........G.A... 0060 - ea f2 a3 dc d7 4d 3d 0e-97 fb 69 33 df 11 94 85 .....M=...i3.... 0070 - 24 85 68 8b 89 82 b4 98-48 fd ec 51 09 1f e1 dd $.h.....H..Q.... 0080 - 2f 67 6e a2 8e 83 e1 e8-27 51 8f 0c 71 18 a5 dd /gn.....'Q..q... 0090 - 78 80 c4 d1 80 fe 20 e6-3b 7e e8 96 0b e4 bf 92 x..... .;~...... 00a0 - f6 f9 27 a9 bf 0d a0 e8-76 79 3e 98 79 27 5b a3 ..'.....vy>.y'[. 00b0 - 97 3d 3c be 1e 95 d8 e0-23 c7 d3 23 f4 bd 9a 57 .=<.....#..#...W 00c0 - e9 c7 71 5c 05 af db e8-1c 5a da 6c a2 51 95 6e ..q\.....Z.l.Q.n Start Time: 1773768252 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 408C1BB5FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIFlOVyo+zxIvKp8kHzNrvIqjjwuN4Hvcl/3hA9tOM8ii BDBEdh0bTWp+JgXyaPYQwNtHQKtdIjCDGpjWJCFKOAl83FZ5RgbgZmxvEIrVRKZu Pi+hBgIEabmOPKIEAgIcIKQGBAQBAAAArgcCBQDpwXGvswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAGz6Qok8x4rtX4KTOC0jU+6teQQwgIz6Q4Nz6QuYQkl9o4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFB49CI0IrkQQbohiY3OUK04C+QgEMB8GA1UdIwQY MBaAFD90z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQBvTdK/ cSXYdGtHeBveDEvX/6hwhOnynEPjLezPxVulM9lgjw35bG9qr0z+w3a3wEr8e8H6 18l8HfFkVPAvSwnOEbdVwCeP8A9baNp8vqazSrbZXe5IdoMA7Yw1qPOk2yV8M1Er +XOYFuesHJrjyzQE9m7BnURqQeRLYxHXPTdzDEFeIrtmyJg37bp548zLB98BT2TS DDo8oLQmi7DVT+rx6aIQmqGgHhKfVF31y05ThPfpxFr8zcV16v+/0WKYwlj51Xwd TDuYPEfpCOrRu6Ny8OWkzwMpQOiKZ5DsgdIP1ja5agZ54HFnRn5oYCRuXzPiUb7Z d2xQ1y4neNF8Mk97 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 086DF6462188A13041B7C6D120D8C3E43CB71D8E27C6ADF545B03811FF5B4CA1 Session-ID-ctx: Resumption PSK: 229831074533B8698A19D8B68EBF04C511B128781BD630C4DCFF865AF103A4C3500AA7AF8767B87A222672252A5E1416 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 66 e8 79 56 e3 39 a7 61-2f 6a 9c b3 8c 0e 39 3b f.yV.9.a/j....9; 0010 - e5 d0 84 1e 65 a0 38 34-45 61 d1 c1 67 e4 79 60 ....e.84Ea..g.y` 0020 - 8c 09 76 a0 30 f9 ff ce-8a 64 31 5d a9 df 3c 9b ..v.0....d1]..<. 0030 - 1d c9 40 e8 81 d2 ea 6e-3f 3b 86 23 dc 24 81 3a ..@....n?;.#.$.: 0040 - e0 b3 ae 7f ee 1f e3 c0-2c 15 b8 28 5c 0c b2 07 ........,..(\... 0050 - f9 3e c8 c0 88 96 44 0b-c8 d3 de 16 3a 23 a7 b5 .>....D.....:#.. 0060 - 10 e0 51 9b b7 85 3b ca-36 cc a5 9e ef 8a 9b 69 ..Q...;.6......i 0070 - 66 5a 84 08 46 cf 6a 0f-89 d8 17 4b 88 ef 2e 72 fZ..F.j....K...r 0080 - 0b 1b c2 ea 2d de e2 0c-0c fa 5e 90 36 39 51 9e ....-.....^.69Q. 0090 - fb 47 b3 47 1e ff 34 34-d9 d8 98 b0 01 34 8e 63 .G.G..44.....4.c 00a0 - cc 38 37 a8 0a 0a bc 9a-aa eb 1c 89 84 39 fc 5a .87..........9.Z 00b0 - d0 eb 33 63 b7 09 69 78-59 03 0c 92 0b 9d 8c a0 ..3c..ixY....... 00c0 - 87 dc b2 e0 88 85 ff b8-64 00 9d c6 1d 07 54 eb ........d.....T. Start Time: 1773768252 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AD53A47FCFD035F08955B4B03EFB555983B525ECC6E82E94AB1BB13ECA5910B4 Session-ID-ctx: Resumption PSK: DF69324113788EB05999D956B49215CE39ED08E795E6512C4A3DBDF99D61FD2FF8AD41F092BA7DE7104BC68C107B9DE6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 66 e8 79 56 e3 39 a7 61-2f 6a 9c b3 8c 0e 39 3b f.yV.9.a/j....9; 0010 - 53 79 ed 4b 81 fa a2 e9-d9 2c e2 0c 8e b6 cb 5f Sy.K.....,....._ 0020 - ff 2c 3d 82 42 50 bc e6-ad ea fb dc 7b 7f 2f 69 .,=.BP......{./i 0030 - 13 51 8a c4 25 6c 50 39-2a 7c 41 53 78 27 e9 de .Q..%lP9*|ASx'.. 0040 - 8c e0 9b eb 27 d1 57 e8-28 0f b6 6c 8e 29 7b d0 ....'.W.(..l.){. 0050 - c9 01 e4 a3 ac 73 75 db-5b 35 91 51 89 1f 6d f4 .....su.[5.Q..m. 0060 - d1 0e ee 8c 3f 0e 0b 7c-d4 3b 8d d8 1a b4 11 61 ....?..|.;.....a 0070 - b5 a7 e6 e7 a1 69 ed 13-67 35 54 23 14 e1 df e9 .....i..g5T#.... 0080 - 40 8f 06 df 92 66 ce 4a-f8 ca 89 fc ec 9a 46 bb @....f.J......F. 0090 - 39 37 4c d6 57 37 4f f5-94 58 f9 26 20 d3 8f 2c 97L.W7O..X.& .., 00a0 - 15 34 bf 6f a2 36 ba d6-ac d2 f1 9a 7b 6f e8 96 .4.o.6......{o.. 00b0 - 6f 7c a9 30 1f 3c 69 89-6c 52 8c 1c 27 a7 1c 92 o|.0...b.....T..65. 0050 - ec 13 32 9a 6a 5e 0d 3b-cd 14 ee 24 d3 74 56 42 ..2.j^.;...$.tVB 0060 - 16 ce d2 6d de 53 8c 4b-49 0f d1 60 eb ff f2 cc ...m.S.KI..`.... 0070 - ca 7d c7 3c b8 20 08 5f-4d 13 0b 79 1a ae d5 c1 .}.<. ._M..y.... 0080 - cf 61 8d 6a b7 af a7 3c-17 f5 89 e3 15 73 51 a7 .a.j...<.....sQ. 0090 - fc 15 b1 f5 a2 72 d5 56-97 93 35 4e cb 19 84 56 .....r.V..5N...V 00a0 - 7b 6c e7 90 49 52 7a 9b-58 59 3d d0 72 10 3f 84 {l..IRz.XY=.r.?. Start Time: 1773768253 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 408C918EFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDCvEnWA0FnMDuHtTsXgkfRclKd4Et2pFYl9JJZC1Okq c9UaqwHynLI4SsMYlbJeJBShBgIEabmOPaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKhECHXQrtrz7fPrzzk3z0QrlkhB+z7TCqSA aOeNyP6RP9o2Me2DOORJxOf56RCJlFtmApxqy/2YsuIiZQljCiAH22nybfLHKXgH /+pe0w+i6Oszvm1+4Vffl9pE77pRSTouN0+xK+I6ufiDacgyoK95vVWSuNqhDA2x zBoZJrdpYZlQ9JaVOnBtIh9gK7xv9l4mny6R7ZU8dUXrSVQC6kkjkR3VrL9MYCyf Kq2MP43HCOeZA6TIiUk7sy5mN8bFP298Oz6HJ02yAi8eorLnVWAdKMeSIZeVO8pA pCeCTRVIUJpvbTM6XcxYqpqiLLsUR4koaDCGc6NKHKe2+ma4wGMCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBSAPlDBMnaXnhN/93XlYvvFelRvkDAf BgNVHSMEGDAWgBQ/dM+hG6T+fBVFnSpKMG+Ja0TJmTANBgkqhkiG9w0BAQsFAAOC AQEACv8K4SwWpfFsiyUS75FibSsiNjmJlyVhH4tlM6Web3PCi1mK8bFB7mRDPnu8 /R1wHkct1zk1EQS4KAG2UsZhnabvaRW0M7zinPul53k7V3MUn+87VGOkeRrB8C8E fa+BaeNC6XrfYYmzdePhzdbCcNxQIQTlg9v3uOZp/pVOeex4pvAmv4ZI4BSNMO2v 783uYC+shsHqtDNLQ0fNkQtEsua8GGkb3wOkWM8ZphSpnEkDdtHq4YgBlkVQCzP/ wZZDYvqDfc6wsNEB9cl4J99JOFQ+bIP0HyI97XvHhLW/Atz8ZJ36ZZK1mZ5HHXQa QlV9GDw32J2k5zESqp86fidrTg== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4DC921E5A2DDECCB6376667F81B9370DFC763FED693C137973B8CF554D05992C Session-ID-ctx: Resumption PSK: 6E42F6BD8561EA83E413BC7C8710B1207FB0A700AB74E50D8D8C9B87F962953B42EA0D08998F37E5B95DB7F426872606 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - c4 24 ab be b4 9e 27 6a-11 a0 ca 2c c0 a3 56 f0 .$....'j...,..V. 0010 - 2c b8 30 1a 95 9c 5c 6e-b1 74 8c a7 f3 a4 30 23 ,.0...\n.t....0# 0020 - 71 95 1a e5 8c 25 e7 d6-4d 77 05 f3 cb 69 1b 83 q....%..Mw...i.. 0030 - 48 cc 1a a6 2a 40 bd 98-62 cd d5 79 06 01 f0 80 H...*@..b..y.... 0040 - 8f ce f8 5b 55 9b 4b 5c-b2 ec 81 54 51 ad f3 66 ...[U.K\...TQ..f 0050 - b2 4b 6c dc 10 33 93 9b-c4 ba 34 d6 12 72 bc 64 .Kl..3....4..r.d 0060 - 56 42 11 69 41 47 e4 e9-1f 1f 71 0d 98 f8 39 f3 VB.iAG....q...9. 0070 - 62 8e 4f ed 70 8e 12 19-bf d0 07 d9 63 3b c5 b1 b.O.p.......c;.. 0080 - 8a b2 05 0f 77 77 23 17-44 69 35 e3 e1 3d 3a bf ....ww#.Di5..=:. 0090 - 30 03 4c bb 32 37 98 40-76 ad b4 df 7c c3 5e f3 0.L.27.@v...|.^. 00a0 - 30 86 16 da df d6 7b 74-e5 4d 5e 54 55 06 fc 8d 0.....{t.M^TU... 00b0 - 31 91 be 78 4e f8 cd 9c-ad 4d 75 3e 6c b6 04 1b 1..xN....Mu>l... 00c0 - 75 91 d1 1a c0 ff b5 32-01 f5 12 9b 08 7c 98 70 u......2.....|.p Start Time: 1773768253 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9273F260E23CF7187F8DCC64784D5EF6267CB0D66E4AB3ECEC75FC87ABDC95CE Session-ID-ctx: Resumption PSK: 0C73F61B07E91564998E8049FAF68A6015E5E24708E4DE7A51E617D834364A70D4826BEFDDAEA96A20C23A7E1A9C17F1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - c4 24 ab be b4 9e 27 6a-11 a0 ca 2c c0 a3 56 f0 .$....'j...,..V. 0010 - 2c 68 bf 58 13 92 9c 07-26 fb a8 f6 01 44 89 40 ,h.X....&....D.@ 0020 - 42 1d 67 4a b1 56 7d 28-c4 87 75 4a 99 61 04 61 B.gJ.V}(..uJ.a.a 0030 - ea 16 48 c9 09 6c 21 09-ba d7 df ab 25 58 69 aa ..H..l!.....%Xi. 0040 - 23 cd a5 1a 30 c8 af 1b-6a 64 52 8f 25 4c 1b 30 #...0...jdR.%L.0 0050 - 5a 88 c9 a1 1b cc 78 69-b0 a1 1c c9 45 38 46 c3 Z.....xi....E8F. 0060 - c8 22 5a f6 38 08 71 28-0c ee 12 fc da 66 06 ec ."Z.8.q(.....f.. 0070 - 33 2b 8c 12 41 fe 4e 2f-3c cf 4d 81 e9 24 09 b1 3+..A.N/<.M..$.. 0080 - 87 f9 d3 71 a8 73 8c d9-ed c5 bc 03 97 54 b3 51 ...q.s.......T.Q 0090 - 6e 77 91 65 7c 4c ad 65-03 89 07 f4 4a 66 85 7e nw.e|L.e....Jf.~ 00a0 - fb 4c 8e cf 6f a6 fb 54-07 d7 50 23 b7 3e 7f 92 .L..o..T..P#.>.. 00b0 - f9 28 17 90 4d 7f b3 d0-a8 51 e8 d1 d6 46 6b 87 .(..M....Q...Fk. 00c0 - cd 58 d9 01 ff 7c bb df-7f d1 fe 82 e8 2c 27 2b .X...|.......,'+ Start Time: 1773768253 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40CCFA9DFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIMI8BzeI0Usw24h47m2D2tTS5t5Rv07m1R/Mkgg0My5x BDAMc/YbB+kVZJmOgEn69opgFeXiRwjk3npR5hfYNDZKcNSCa+/drqlqIMI6fhqc F/GhBgIEabmOPaIEAgIcIKQGBAQBAAAArgcCBQDAerHzswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: E18A313DFC130CB10F6051804CD94C90592CE1E56CBF01B86719D75BBDB362A8 Session-ID-ctx: Master-Key: 6719FFCAA1E60969AAB5591A515BA064CEB5C98895B92EC8599A05D4FD30F92205FC8BF67D18134B53BA539F2139FADB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 15 f6 d4 46 f9 14 57 22-38 b2 b4 d8 3f ad c9 85 ...F..W"8...?... 0010 - 7b ff 03 90 ce 4c 95 ca-4b 91 4b cb a3 23 4e 4c {....L..K.K..#NL 0020 - ba 88 4a 20 d4 4b eb fe-e7 3d d4 ae 10 bf fd aa ..J .K...=...... 0030 - 96 51 ce 7b 7a 8c 56 38-a9 79 83 3a 99 45 55 54 .Q.{z.V8.y.:.EUT 0040 - 1d 7c 80 2e 91 21 27 f8-39 ae e9 28 fa 37 01 cd .|...!'.9..(.7.. 0050 - d2 92 f8 bf 90 92 1f 5f-cb 76 57 f5 fb 99 30 91 ......._.vW...0. 0060 - e0 15 7d be 69 dc d4 18-66 f3 a5 d4 3f 70 e6 fb ..}.i...f...?p.. 0070 - 8b 84 04 ee 9b c5 c7 4c-f8 85 6f 5f 2f 85 da d5 .......L..o_/... 0080 - fa c5 fd 13 ce bc c9 19-c3 d4 ae e0 4a 81 7d 30 ............J.}0 0090 - 84 05 c2 85 2e b4 a2 dd-46 3f 97 93 5e 3b d7 44 ........F?..^;.D 00a0 - cd 4a b1 c4 ee 9b 45 ca-60 4b 26 0a 61 1e 3e 63 .J....E.`K&.a.>c Start Time: 1773768253 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 402C1C9FFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDBnGf/KoeYJaaq1WRpRW6BkzrXJiJW5LshZmgXU/TD5 IgX8i/Z9GBNLU7pTnyE5+tuhBgIEabmOPaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1118 bytes and written 263 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 1D6174627878AFCF684B223D10A7B68327B66932F4EDE377A6053BC51F24DAA5 Session-ID-ctx: Master-Key: 2BB252B4288FED3EAA2045DBABE93309302975CA7C4E23226F974E46D6F5FAD2CE6C308739EF5EEB56929A5626316959 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f5 2d 81 c3 db da 45 ec-ae 60 d1 85 7c 92 e4 58 .-....E..`..|..X 0010 - 5c bb 7b e7 b4 53 cd 7a-83 60 a6 c8 1a c8 30 e0 \.{..S.z.`....0. 0020 - 8f 01 dd 58 32 70 43 d5-f7 fd 06 9c e8 1e 1d 21 ...X2pC........! 0030 - d9 ca 6e 78 cd eb 47 99-30 bd 98 af f1 e4 a7 ea ..nx..G.0....... 0040 - 10 f5 68 0a 47 5e 7c 31-0e 4f 81 0b 0b ac ca a2 ..h.G^|1.O...... 0050 - de d9 53 41 07 ca c7 6e-38 74 5f db 13 b6 c6 cd ..SA...n8t_..... 0060 - 7a 28 a9 89 02 79 0b d6-af 96 00 49 40 eb 47 cb z(...y.....I@.G. 0070 - 0d 4b c6 c5 4a 55 63 f1-91 b8 28 cb 10 1f a8 3f .K..JUc...(....? 0080 - 31 fd 8e ff 5e 15 18 ee-cf 93 96 72 97 ca 4f c0 1...^......r..O. 0090 - 9a 45 ea fa 44 f0 19 8c-a3 4c 1d c3 2c b7 c4 c6 .E..D....L..,... 00a0 - 33 cc ea 45 0a c1 e6 f5-72 f0 1d 90 39 fd 0f 93 3..E....r...9... Start Time: 1773768254 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 401CEE86FFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDArslK0KI/tPqogRdur6TMJMCl1ynxOIyJvl05G1vX6 0s5sMIc5717rVpKaViYxaVmhBgIEabmOPqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 17 17:23:38 2026 GMT; NotAfter: Mar 17 17:23:38 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjYwMzE3MTcyMzM4WhcNMjcwMzE3MTcyMzM4WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQUPmCXcktjHRtt0nTeRL1ELhlI22z5GyXueSOAGvb6H9Xo 0DIaoV/eYuwK6+fPlVvSSPAd6zVlQj894pKgbSFoo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFFDLi0M+XDKnlqyptPsVrOE7UjAAMB8GA1UdIwQYMBaAFD90 z6EbpP58FUWdKkowb4lrRMmZMA0GCSqGSIb3DQEBCwUAA4IBAQAEomqZcJ5U0oep HNusoA8zqf6G/T2vEjhCvo88YCbbmeNEAglAFpM0XmsdHmqknOtBVrc03tRMrlEO Z/PGf+1ikX6qW7BzJfqTheqrhfGEmUsL9um6nqmmxP2+EI1GP/pND6nbloxN0SsD VeGTdDWBqC4AFyT1gg96U0LOfCauKU6+uwH5geZZLzhQM5/SAwa7AwYT6y6hxnHR ecS/m4UnH/46UI8cxMukZ4zQNEIFoYnlgpzppTrwn31iw2HMY5rsvneU0iPss8oq ubNPKr2QyiSqIB82lH4RH/4b8rRa5U/dIJ1JfmApMAZ0dVgx1IRWjo9KNXNVHTav EnaFbgZO -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1059 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 1B21EA27C4D702CA1F371ED996B00F6804A1040057A78F62511604A74596AB9F Session-ID-ctx: Resumption PSK: D63AB4DE20B2CB13DA05F12827028FDFEFD5A89E94B097D0C6DF2B557A83D88D23616318CAC3A7079E841AE5A2AF949E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 57 4d 4d 6c 22 df da e7-1d a6 3c 0a c5 38 e4 57 WMMl".....<..8.W 0010 - fa 92 65 c0 72 f2 50 e9-b2 50 d6 12 2d 35 0c 39 ..e.r.P..P..-5.9 0020 - ed c8 01 3a 6c 75 81 66-64 ca 8f 47 c4 72 27 95 ...:lu.fd..G.r'. 0030 - 0e 0e ce 87 b0 f3 79 11-2d e8 6b 2d b5 00 00 e7 ......y.-.k-.... 0040 - 02 0f 34 8e 5f 69 5b b9-5f 7b fd cb 88 9b 38 de ..4._i[._{....8. 0050 - 6c cf 92 85 cb 6f cb 66-81 94 4a 3a 54 5f 79 0c l....o.f..J:T_y. 0060 - da 24 76 a4 e5 23 21 ed-59 40 a0 94 c7 5c 1c ee .$v..#!.Y@...\.. 0070 - 91 8e 48 0f e7 1b e6 c5-4d cd ea a0 bb 96 cd 24 ..H.....M......$ 0080 - 55 45 c3 69 6e 68 bb b0-30 89 85 83 bd 00 84 56 UE.inh..0......V 0090 - 04 ba fb f2 c9 e3 9b 3f-7b bf ef 02 54 53 f2 ac .......?{...TS.. 00a0 - 4d 2e 05 7c a0 49 63 dc-a0 d1 5d 2f 08 8b cf 24 M..|.Ic...]/...$ 00b0 - bb 5a 22 7e 9b 6e 04 cb-5e 82 fe db 82 0b 73 0f .Z"~.n..^.....s. 00c0 - 7f 01 9b 9b ea d9 cb 4e-44 93 29 30 11 73 d5 9e .......ND.)0.s.. Start Time: 1773768254 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 02A763ACAFB6823F4BEAB599A66E18CF524EA47B98A5067F73C5DCA5658AD18A Session-ID-ctx: Resumption PSK: B89DAC5AB5CFC7A2203A1FE27781058B27A754C1AF117EBC5D4239295D1CF3CE5B1CAD70D442B73E14FA3A6C8B787B2C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 57 4d 4d 6c 22 df da e7-1d a6 3c 0a c5 38 e4 57 WMMl".....<..8.W 0010 - 02 4d 7e f1 0c 14 d4 f2-2d f0 70 11 d5 5f ad a3 .M~.....-.p.._.. 0020 - 7c 6b 71 da 87 95 70 e9-28 af 2a d3 8d 17 b7 62 |kq...p.(.*....b 0030 - 28 a5 46 f3 75 bd 4c 22-a3 e8 9d 54 ce 65 00 80 (.F.u.L"...T.e.. 0040 - 06 28 79 a9 d0 00 95 79-a4 9b 15 56 a6 ea d1 b7 .(y....y...V.... 0050 - b5 00 ea c8 32 b5 26 1a-10 e9 a9 a5 52 22 1f 98 ....2.&.....R".. 0060 - 26 7f 62 d0 67 6f b8 89-02 95 ff 63 a3 7a 86 c9 &.b.go.....c.z.. 0070 - 36 71 51 29 69 da e3 8d-91 55 44 45 f1 ab 9c d7 6qQ)i....UDE.... 0080 - 57 2b 32 f2 86 42 4f 40-b7 0c e8 1d ab 8a 61 f3 W+2..BO@......a. 0090 - 09 39 9b 8b 3f b2 de 90-15 cc 5f 9c fc 3e de b0 .9..?....._..>.. 00a0 - 08 c0 2b 48 37 38 4e 83-96 1e 7c 5a fb 63 07 66 ..+H78N...|Z.c.f 00b0 - ee fe 07 23 df a2 1b de-32 91 42 be 8b 8b 62 d9 ...#....2.B...b. 00c0 - 06 92 a9 db 72 b0 54 9c-b4 7d 29 bd 12 78 32 ee ....r.T..})..x2. Start Time: 1773768254 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 405C10ABFFFF0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIOqEMVDyXDS1YUK9KnBfgX/6khUXbDLwnLb5dmX4bGCE BDC4naxatc/HoiA6H+J3gQWLJ6dUwa8RfrxdQjkpXRzzzlscrXDUQrc+FPo6bIt4 eyyhBgIEabmOPqIEAgIcIKQGBAQBAAAArgYCBGEMRRCzAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIOqEMVDyXDS1YUK9KnBfgX/6khUXbDLwnLb5dmX4bGCE BDC4naxatc/HoiA6H+J3gQWLJ6dUwa8RfrxdQjkpXRzzzlscrXDUQrc+FPo6bIt4 eyyhBgIEabmOPqIEAgIcIKQGBAQBAAAArgYCBGEMRRCzAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 6.76s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=43 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.07s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=150 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.06s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=91 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.07s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=219 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.11s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=238 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.06s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=222 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.05s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=249 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.07s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> MALLOC_PERTURB_=25 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%27%3F%37%D2%48%78%3D%63%0A%2D%8A%71%B7%AE%72%5D;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%85%24%C8%DC%6A%F8%17%EC%A8%66%34%97%CE%77%F6%71;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%BD%0B%B4%66%FE%46%88%84%C0%5B%81%11%8D%50%E6%2D;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%D7%E7%15%1F%EB%9D%77%C3%73%45%6A%DA%46%FF%96%CA;object=Test-RSA-Key-Usage-d7e7151f;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%69%53%C3%88%8E%45%28%4B%5F%D6%A2%42%42%A7%AB%C4;object=Test-EC-gen-6953c388;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%B7%83%4D%3D%D3%7E%49%D2%2D%54%03%86%78%95%BB%CE;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%9C%61%3A%F4%E5%C9%51%9B%39%65%46%FE%84%92%BD%9D;object=Test-Ed-gen-9c613af4;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%C8%23%06%6C%91%22%53%E8%1A%C8%A9%B1%3C%BF%1B%D9;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%ED%6B%FA%A1%30%E3%C3%68%30%B5%4E%D2%F6%57%CC%E0;object=Test-RSA-gen-ed6bfaa1;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%0A%8F%BD%86%9E%8A%F2%0B%48%4E%21%55%F1%ED%2A%B7;object=Test-RSA-PSS-gen-0a8fbd86;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%2D%10%EF%89%87%DD%23%01%53%75%B7%81%CB%25%C2%75;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%71%60%73%5D%15%C3%D6%76%3A%87%19%EA%E0%43%2A%EE;object=Test-Ed-gen-7160735d;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e5665607fb464239;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=e5665607fb464239 openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%27%3F%37%D2%48%78%3D%63%0A%2D%8A%71%B7%AE%72%5D openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 3.51s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=116 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.05s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=105 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.05s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=218 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.09s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=83 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.07s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=133 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.07s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=56 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.05s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=65 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.06s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=162 MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.06s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/tests MALLOC_PERTURB_=186 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.07s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-aarch64-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-aarch64-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/aarch64-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dpkg-shlibdeps: warning: diversions involved - output may be incorrect diversion by libc6 from: /lib/ld-linux-aarch64.so.1 dpkg-shlibdeps: warning: diversions involved - output may be incorrect diversion by libc6 to: /lib/ld-linux-aarch64.so.1.usr-is-merged dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_arm64.deb'. dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_arm64.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_arm64.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_arm64.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/1046509 and its subdirectories I: Current time: Tue Mar 17 05:24:27 -12 2026 I: pbuilder-time-stamp: 1773768267