Fri Mar 14 03:50:10 UTC 2025 I: starting to build pkcs11-provider/trixie/amd64 on jenkins on '2025-03-14 03:49' Fri Mar 14 03:50:10 UTC 2025 I: The jenkins build log is/was available at https://jenkins.debian.net/userContent/reproducible/debian/build_service/amd64_19/48214/console.log Fri Mar 14 03:50:10 UTC 2025 I: Downloading source for trixie/pkcs11-provider=1.0-1 --2025-03-14 03:50:10-- http://deb.debian.org/debian/pool/main/p/pkcs11-provider/pkcs11-provider_1.0-1.dsc Connecting to 46.16.76.132:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 2213 (2.2K) [text/prs.lines.tag] Saving to: ‘pkcs11-provider_1.0-1.dsc’ 0K .. 100% 208M=0s 2025-03-14 03:50:10 (208 MB/s) - ‘pkcs11-provider_1.0-1.dsc’ saved [2213/2213] Fri Mar 14 03:50:10 UTC 2025 I: pkcs11-provider_1.0-1.dsc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: pkcs11-provider Binary: pkcs11-provider Architecture: any Version: 1.0-1 Maintainer: Luca Boccassi Homepage: https://github.com/latchset/pkcs11-provider Standards-Version: 4.7.0 Vcs-Browser: https://salsa.debian.org/debian/pkcs11-provider Vcs-Git: https://salsa.debian.org/debian/pkcs11-provider.git Build-Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect , gnutls-bin , libnss3-dev , libp11-kit-dev , libstoken-dev , opensc , openssl , p11-kit , p11-kit-modules , softhsm2 Package-List: pkcs11-provider deb libs optional arch=any Checksums-Sha1: c1f7deab3a3af9fa2c3ef63ed95536c7c5a52707 210633 pkcs11-provider_1.0.orig.tar.gz 3c408dc6896465991fcdbf8f1c8e88b5490138d6 2452 pkcs11-provider_1.0-1.debian.tar.xz Checksums-Sha256: f62771642f24525305233fab01df361a0893912b7e92d2f550f26f131a7b36c2 210633 pkcs11-provider_1.0.orig.tar.gz 54a837067294fae1d3a92370734be1942f3d257a8c89d93e8e92aab7d9573383 2452 pkcs11-provider_1.0-1.debian.tar.xz Files: 2933ec36edff8ab9c132e82f04cbd4dd 210633 pkcs11-provider_1.0.orig.tar.gz 9dee0c01916770d74c9120a1e7a11e10 2452 pkcs11-provider_1.0-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmerpDoRHGJsdWNhQGRl Ymlhbi5vcmcACgkQKGv37813JB7uNA//ce7UaVSahTVkrp7Dd/U1RyjboJeO8lVU r7/Vtayph/LBC6iZOKWvsM5XpJSWYfZtJGj3cLKbyICbKbmLD3x3+xQv8cJSv5gL 4vbvvseAAbDSnhs4igu2VKHVW5dykdSfoisCMOCFiPvKI9rhvBElcZr1oboHq3RH fRjlzRpg5Z9dHunuhhYaBGtgivJRhu03Y2A32mTN7uxvPMHJ0Vd74OSv1yEpaF4E CmZCKw8cHJObFA9nB3iv16rX9AEGdrRoGkGGG3hApwA/q1ksdmGKmyTDbwKWqo/K pg2GpFon1TOqGTHckWnLoPWrcyD9idBBsiCcSSulqF+BVVXpIgr/7YNpeD1QxbXC Rx5EHAFQAZXmoXkMbwPqaApzo25mTmrx5gFe4gUlsD/sDMPIw8YP0BecwmMLJiCO wlXpcHrQKUTy/W2sXQjH2CvPSuRU4DaCtSfu6vH2kPTv1/aB5vmieUjPMBRfGTGO kJ0swWtCw/stz4w3OqVp+Wu5rcU1ZqraAJ+kuRlhufFuGdQWHSoqJxf6CWwYiCN2 Y0EZKICoxvTn+GY+Lq1cQLXbg3igQ9DWNUOHlk1/7Q9P6BC+wpdrJe8zLJiLJeGg KxhTaqkUnd38cjSOjj3V+rlnELQONbOLCZIIqZy2VzQkIdEFepC0PPnoZtWauxpd MTZ7rP/uDjE= =8rIG -----END PGP SIGNATURE----- Fri Mar 14 03:50:10 UTC 2025 I: Checking whether the package is not for us Fri Mar 14 03:50:10 UTC 2025 I: Starting 1st build on remote node ionos1-amd64.debian.net. Fri Mar 14 03:50:10 UTC 2025 I: Preparing to do remote build '1' on ionos1-amd64.debian.net. Fri Mar 14 03:56:08 UTC 2025 I: Deleting $TMPDIR on ionos1-amd64.debian.net. I: pbuilder: network access will be disabled during build I: Current time: Thu Mar 13 15:50:14 -12 2025 I: pbuilder-time-stamp: 1741924214 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: Copying source file I: copying [pkcs11-provider_1.0-1.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-1.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-1.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/58241/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='amd64' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=20 ' DISTRIBUTION='trixie' HOME='/root' HOST_ARCH='amd64' IFS=' ' INVOCATION_ID='902ee9e088ca4a3181608c31422246fb' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='58241' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/pbuilderrc_GqSA --distribution trixie --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/b1 --logfile b1/build.log pkcs11-provider_1.0-1.dsc' SUDO_GID='110' SUDO_UID='105' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://46.16.76.132:3128' I: uname -a Linux ionos1-amd64 6.1.0-31-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.128-1 (2025-02-07) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Mar 4 11:20 /bin -> usr/bin I: user script /srv/workspace/pbuilder/58241/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: amd64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19802 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libicu72{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 99 newly installed, 0 to remove and 0 not upgraded. Need to get 47.7 MB of archives. After unpacking 176 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian trixie/main amd64 libpython3.13-minimal amd64 3.13.2-1 [859 kB] Get: 2 http://deb.debian.org/debian trixie/main amd64 libexpat1 amd64 2.6.4-1 [106 kB] Get: 3 http://deb.debian.org/debian trixie/main amd64 python3.13-minimal amd64 3.13.2-1 [2205 kB] Get: 4 http://deb.debian.org/debian trixie/main amd64 python3-minimal amd64 3.13.2-2 [27.1 kB] Get: 5 http://deb.debian.org/debian trixie/main amd64 media-types all 13.0.0 [29.3 kB] Get: 6 http://deb.debian.org/debian trixie/main amd64 netbase all 6.4 [12.8 kB] Get: 7 http://deb.debian.org/debian trixie/main amd64 tzdata all 2025a-2 [259 kB] Get: 8 http://deb.debian.org/debian trixie/main amd64 libffi8 amd64 3.4.7-1 [23.9 kB] Get: 9 http://deb.debian.org/debian trixie/main amd64 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian trixie/main amd64 libreadline8t64 amd64 8.2-6 [169 kB] Get: 11 http://deb.debian.org/debian trixie/main amd64 libpython3.13-stdlib amd64 3.13.2-1 [1979 kB] Get: 12 http://deb.debian.org/debian trixie/main amd64 python3.13 amd64 3.13.2-1 [745 kB] Get: 13 http://deb.debian.org/debian trixie/main amd64 libpython3-stdlib amd64 3.13.2-2 [10.1 kB] Get: 14 http://deb.debian.org/debian trixie/main amd64 python3 amd64 3.13.2-2 [28.1 kB] Get: 15 http://deb.debian.org/debian trixie/main amd64 libproc2-0 amd64 2:4.0.4-7 [64.9 kB] Get: 16 http://deb.debian.org/debian trixie/main amd64 procps amd64 2:4.0.4-7 [878 kB] Get: 17 http://deb.debian.org/debian trixie/main amd64 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian trixie/main amd64 libmagic-mgc amd64 1:5.45-3+b1 [314 kB] Get: 19 http://deb.debian.org/debian trixie/main amd64 libmagic1t64 amd64 1:5.45-3+b1 [108 kB] Get: 20 http://deb.debian.org/debian trixie/main amd64 file amd64 1:5.45-3+b1 [43.3 kB] Get: 21 http://deb.debian.org/debian trixie/main amd64 gettext-base amd64 0.23.1-1 [243 kB] Get: 22 http://deb.debian.org/debian trixie/main amd64 libuchardet0 amd64 0.0.8-1+b2 [68.9 kB] Get: 23 http://deb.debian.org/debian trixie/main amd64 groff-base amd64 1.23.0-7 [1185 kB] Get: 24 http://deb.debian.org/debian trixie/main amd64 bsdextrautils amd64 2.40.4-5 [92.4 kB] Get: 25 http://deb.debian.org/debian trixie/main amd64 libpipeline1 amd64 1.5.8-1 [42.0 kB] Get: 26 http://deb.debian.org/debian trixie/main amd64 man-db amd64 2.13.0-1 [1420 kB] Get: 27 http://deb.debian.org/debian trixie/main amd64 libtext-charwidth-perl amd64 0.04-11+b4 [9476 B] Get: 28 http://deb.debian.org/debian trixie/main amd64 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian trixie/main amd64 ucf all 3.0050 [42.7 kB] Get: 30 http://deb.debian.org/debian trixie/main amd64 m4 amd64 1.4.19-7 [294 kB] Get: 31 http://deb.debian.org/debian trixie/main amd64 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian trixie/main amd64 autotools-dev all 20220109.1 [51.6 kB] Get: 33 http://deb.debian.org/debian trixie/main amd64 automake all 1:1.17-3 [862 kB] Get: 34 http://deb.debian.org/debian trixie/main amd64 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian trixie/main amd64 libdebhelper-perl all 13.24.1 [90.9 kB] Get: 36 http://deb.debian.org/debian trixie/main amd64 libtool all 2.5.4-4 [539 kB] Get: 37 http://deb.debian.org/debian trixie/main amd64 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian trixie/main amd64 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian trixie/main amd64 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian trixie/main amd64 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian trixie/main amd64 libelf1t64 amd64 0.192-4 [189 kB] Get: 42 http://deb.debian.org/debian trixie/main amd64 dwz amd64 0.15-1+b1 [110 kB] Get: 43 http://deb.debian.org/debian trixie/main amd64 libunistring5 amd64 1.3-1 [476 kB] Get: 44 http://deb.debian.org/debian trixie/main amd64 libicu72 amd64 72.1-6 [9421 kB] Get: 45 http://deb.debian.org/debian trixie/main amd64 libxml2 amd64 2.12.7+dfsg+really2.9.14-0.2+b2 [699 kB] Get: 46 http://deb.debian.org/debian trixie/main amd64 gettext amd64 0.23.1-1 [1680 kB] Get: 47 http://deb.debian.org/debian trixie/main amd64 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 48 http://deb.debian.org/debian trixie/main amd64 po-debconf all 1.0.21+nmu1 [248 kB] Get: 49 http://deb.debian.org/debian trixie/main amd64 debhelper all 13.24.1 [920 kB] Get: 50 http://deb.debian.org/debian trixie/main amd64 dh-package-notes all 0.15 [6692 B] Get: 51 http://deb.debian.org/debian trixie/main amd64 libtcl8.6 amd64 8.6.16+dfsg-1 [1042 kB] Get: 52 http://deb.debian.org/debian trixie/main amd64 tcl8.6 amd64 8.6.16+dfsg-1 [121 kB] Get: 53 http://deb.debian.org/debian trixie/main amd64 tcl-expect amd64 5.45.4-4 [127 kB] Get: 54 http://deb.debian.org/debian trixie/main amd64 expect amd64 5.45.4-4 [158 kB] Get: 55 http://deb.debian.org/debian trixie/main amd64 libidn2-0 amd64 2.3.8-1 [109 kB] Get: 56 http://deb.debian.org/debian trixie/main amd64 libp11-kit0 amd64 0.25.5-3 [425 kB] Get: 57 http://deb.debian.org/debian trixie/main amd64 libtasn1-6 amd64 4.20.0-2 [49.9 kB] Get: 58 http://deb.debian.org/debian trixie/main amd64 libgnutls30t64 amd64 3.8.9-2 [1464 kB] Get: 59 http://deb.debian.org/debian trixie/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10+b1 [182 kB] Get: 60 http://deb.debian.org/debian trixie/main amd64 libunbound8 amd64 1.22.0-1+b1 [598 kB] Get: 61 http://deb.debian.org/debian trixie/main amd64 libgnutls-dane0t64 amd64 3.8.9-2 [455 kB] Get: 62 http://deb.debian.org/debian trixie/main amd64 gnutls-bin amd64 3.8.9-2 [691 kB] Get: 63 http://deb.debian.org/debian trixie/main amd64 libeac3 amd64 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [51.1 kB] Get: 64 http://deb.debian.org/debian trixie/main amd64 libglib2.0-0t64 amd64 2.83.4-1 [1512 kB] Get: 65 http://deb.debian.org/debian trixie/main amd64 libnspr4 amd64 2:4.36-1 [110 kB] Get: 66 http://deb.debian.org/debian trixie/main amd64 libnspr4-dev amd64 2:4.36-1 [207 kB] Get: 67 http://deb.debian.org/debian trixie/main amd64 libnss3 amd64 2:3.109-1 [1393 kB] Get: 68 http://deb.debian.org/debian trixie/main amd64 libnss3-dev amd64 2:3.109-1 [250 kB] Get: 69 http://deb.debian.org/debian trixie/main amd64 libp11-kit-dev amd64 0.25.5-3 [208 kB] Get: 70 http://deb.debian.org/debian trixie/main amd64 libpkgconf3 amd64 1.8.1-4 [36.4 kB] Get: 71 http://deb.debian.org/debian trixie/main amd64 softhsm2-common amd64 2.6.1-2.2+b1 [12.4 kB] Get: 72 http://deb.debian.org/debian trixie/main amd64 libsofthsm2 amd64 2.6.1-2.2+b1 [252 kB] Get: 73 http://deb.debian.org/debian trixie/main amd64 libssl-dev amd64 3.4.1-1 [2787 kB] Get: 74 http://deb.debian.org/debian trixie/main amd64 libtommath1 amd64 1.3.0-1 [64.3 kB] Get: 75 http://deb.debian.org/debian trixie/main amd64 libtomcrypt1 amd64 1.18.2+dfsg-7+b2 [402 kB] Get: 76 http://deb.debian.org/debian trixie/main amd64 libstoken1t64 amd64 0.92-1.1+b2 [28.6 kB] Get: 77 http://deb.debian.org/debian trixie/main amd64 libtomcrypt-dev amd64 1.18.2+dfsg-7+b2 [1261 kB] Get: 78 http://deb.debian.org/debian trixie/main amd64 libstoken-dev amd64 0.92-1.1+b2 [8196 B] Get: 79 http://deb.debian.org/debian trixie/main amd64 ninja-build amd64 1.12.1-1 [142 kB] Get: 80 http://deb.debian.org/debian trixie/main amd64 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 81 http://deb.debian.org/debian trixie/main amd64 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 82 http://deb.debian.org/debian trixie/main amd64 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 83 http://deb.debian.org/debian trixie/main amd64 python3-typeguard all 4.4.2-1 [37.3 kB] Get: 84 http://deb.debian.org/debian trixie/main amd64 python3-inflect all 7.3.1-2 [32.4 kB] Get: 85 http://deb.debian.org/debian trixie/main amd64 python3-jaraco.context all 6.0.1-1 [8276 B] Get: 86 http://deb.debian.org/debian trixie/main amd64 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 87 http://deb.debian.org/debian trixie/main amd64 python3-pkg-resources all 75.8.0-1 [222 kB] Get: 88 http://deb.debian.org/debian trixie/main amd64 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 89 http://deb.debian.org/debian trixie/main amd64 python3-zipp all 3.21.0-1 [10.6 kB] Get: 90 http://deb.debian.org/debian trixie/main amd64 python3-setuptools all 75.8.0-1 [724 kB] Get: 91 http://deb.debian.org/debian trixie/main amd64 meson all 1.7.0-1 [639 kB] Get: 92 http://deb.debian.org/debian trixie/main amd64 opensc-pkcs11 amd64 0.26.0-1 [923 kB] Get: 93 http://deb.debian.org/debian trixie/main amd64 opensc amd64 0.26.0-1 [411 kB] Get: 94 http://deb.debian.org/debian trixie/main amd64 openssl amd64 3.4.1-1 [1427 kB] Get: 95 http://deb.debian.org/debian trixie/main amd64 p11-kit-modules amd64 0.25.5-3 [271 kB] Get: 96 http://deb.debian.org/debian trixie/main amd64 p11-kit amd64 0.25.5-3 [403 kB] Get: 97 http://deb.debian.org/debian trixie/main amd64 pkgconf-bin amd64 1.8.1-4 [30.2 kB] Get: 98 http://deb.debian.org/debian trixie/main amd64 pkgconf amd64 1.8.1-4 [26.2 kB] Get: 99 http://deb.debian.org/debian trixie/main amd64 softhsm2 amd64 2.6.1-2.2+b1 [169 kB] Fetched 47.7 MB in 2s (26.4 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19802 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-1_amd64.deb ... Unpacking libpython3.13-minimal:amd64 (3.13.2-1) ... Selecting previously unselected package libexpat1:amd64. Preparing to unpack .../libexpat1_2.6.4-1_amd64.deb ... Unpacking libexpat1:amd64 (2.6.4-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-1_amd64.deb ... Unpacking python3.13-minimal (3.13.2-1) ... Setting up libpython3.13-minimal:amd64 (3.13.2-1) ... Setting up libexpat1:amd64 (2.6.4-1) ... Setting up python3.13-minimal (3.13.2-1) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20136 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.2-2_amd64.deb ... Unpacking python3-minimal (3.13.2-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_13.0.0_all.deb ... Unpacking media-types (13.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.4_all.deb ... Unpacking netbase (6.4) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025a-2_all.deb ... Unpacking tzdata (2025a-2) ... Selecting previously unselected package libffi8:amd64. Preparing to unpack .../4-libffi8_3.4.7-1_amd64.deb ... Unpacking libffi8:amd64 (3.4.7-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:amd64. Preparing to unpack .../6-libreadline8t64_8.2-6_amd64.deb ... Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8 to /lib/x86_64-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8.2 to /lib/x86_64-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8 to /lib/x86_64-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8.2 to /lib/x86_64-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:amd64 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:amd64. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-1_amd64.deb ... Unpacking libpython3.13-stdlib:amd64 (3.13.2-1) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-1_amd64.deb ... Unpacking python3.13 (3.13.2-1) ... Selecting previously unselected package libpython3-stdlib:amd64. Preparing to unpack .../9-libpython3-stdlib_3.13.2-2_amd64.deb ... Unpacking libpython3-stdlib:amd64 (3.13.2-2) ... Setting up python3-minimal (3.13.2-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21146 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.2-2_amd64.deb ... Unpacking python3 (3.13.2-2) ... Selecting previously unselected package libproc2-0:amd64. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_amd64.deb ... Unpacking libproc2-0:amd64 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_amd64.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.45-3+b1_amd64.deb ... Unpacking libmagic-mgc (1:5.45-3+b1) ... Selecting previously unselected package libmagic1t64:amd64. Preparing to unpack .../05-libmagic1t64_1%3a5.45-3+b1_amd64.deb ... Unpacking libmagic1t64:amd64 (1:5.45-3+b1) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.45-3+b1_amd64.deb ... Unpacking file (1:5.45-3+b1) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_amd64.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:amd64. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_amd64.deb ... Unpacking libuchardet0:amd64 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_amd64.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-5_amd64.deb ... Unpacking bsdextrautils (2.40.4-5) ... Selecting previously unselected package libpipeline1:amd64. Preparing to unpack .../11-libpipeline1_1.5.8-1_amd64.deb ... Unpacking libpipeline1:amd64 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_amd64.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:amd64. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_amd64.deb ... Unpacking libtext-charwidth-perl:amd64 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0050_all.deb ... Moving old data out of the way Unpacking ucf (3.0050) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-7_amd64.deb ... Unpacking m4 (1.4.19-7) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-3_all.deb ... Unpacking automake (1:1.17-3) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.1_all.deb ... Unpacking libdebhelper-perl (13.24.1) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-4_all.deb ... Unpacking libtool (2.5.4-4) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:amd64. Preparing to unpack .../27-libelf1t64_0.192-4_amd64.deb ... Unpacking libelf1t64:amd64 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_amd64.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:amd64. Preparing to unpack .../29-libunistring5_1.3-1_amd64.deb ... Unpacking libunistring5:amd64 (1.3-1) ... Selecting previously unselected package libicu72:amd64. Preparing to unpack .../30-libicu72_72.1-6_amd64.deb ... Unpacking libicu72:amd64 (72.1-6) ... Selecting previously unselected package libxml2:amd64. Preparing to unpack .../31-libxml2_2.12.7+dfsg+really2.9.14-0.2+b2_amd64.deb ... Unpacking libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.2+b2) ... Selecting previously unselected package gettext. Preparing to unpack .../32-gettext_0.23.1-1_amd64.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../33-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../34-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../35-debhelper_13.24.1_all.deb ... Unpacking debhelper (13.24.1) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../36-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:amd64. Preparing to unpack .../37-libtcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking libtcl8.6:amd64 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../38-tcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:amd64. Preparing to unpack .../39-tcl-expect_5.45.4-4_amd64.deb ... Unpacking tcl-expect:amd64 (5.45.4-4) ... Selecting previously unselected package expect. Preparing to unpack .../40-expect_5.45.4-4_amd64.deb ... Unpacking expect (5.45.4-4) ... Selecting previously unselected package libidn2-0:amd64. Preparing to unpack .../41-libidn2-0_2.3.8-1_amd64.deb ... Unpacking libidn2-0:amd64 (2.3.8-1) ... Selecting previously unselected package libp11-kit0:amd64. Preparing to unpack .../42-libp11-kit0_0.25.5-3_amd64.deb ... Unpacking libp11-kit0:amd64 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:amd64. Preparing to unpack .../43-libtasn1-6_4.20.0-2_amd64.deb ... Unpacking libtasn1-6:amd64 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:amd64. Preparing to unpack .../44-libgnutls30t64_3.8.9-2_amd64.deb ... Unpacking libgnutls30t64:amd64 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:amd64. Preparing to unpack .../45-libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ... Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:amd64. Preparing to unpack .../46-libunbound8_1.22.0-1+b1_amd64.deb ... Unpacking libunbound8:amd64 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:amd64. Preparing to unpack .../47-libgnutls-dane0t64_3.8.9-2_amd64.deb ... Unpacking libgnutls-dane0t64:amd64 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../48-gnutls-bin_3.8.9-2_amd64.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:amd64. Preparing to unpack .../49-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_amd64.deb ... Unpacking libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:amd64. Preparing to unpack .../50-libglib2.0-0t64_2.83.4-1_amd64.deb ... Unpacking libglib2.0-0t64:amd64 (2.83.4-1) ... Selecting previously unselected package libnspr4:amd64. Preparing to unpack .../51-libnspr4_2%3a4.36-1_amd64.deb ... Unpacking libnspr4:amd64 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../52-libnspr4-dev_2%3a4.36-1_amd64.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:amd64. Preparing to unpack .../53-libnss3_2%3a3.109-1_amd64.deb ... Unpacking libnss3:amd64 (2:3.109-1) ... Selecting previously unselected package libnss3-dev:amd64. Preparing to unpack .../54-libnss3-dev_2%3a3.109-1_amd64.deb ... Unpacking libnss3-dev:amd64 (2:3.109-1) ... Selecting previously unselected package libp11-kit-dev:amd64. Preparing to unpack .../55-libp11-kit-dev_0.25.5-3_amd64.deb ... Unpacking libp11-kit-dev:amd64 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:amd64. Preparing to unpack .../56-libpkgconf3_1.8.1-4_amd64.deb ... Unpacking libpkgconf3:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../57-softhsm2-common_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../58-libsofthsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:amd64. Preparing to unpack .../59-libssl-dev_3.4.1-1_amd64.deb ... Unpacking libssl-dev:amd64 (3.4.1-1) ... Selecting previously unselected package libtommath1:amd64. Preparing to unpack .../60-libtommath1_1.3.0-1_amd64.deb ... Unpacking libtommath1:amd64 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:amd64. Preparing to unpack .../61-libtomcrypt1_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:amd64. Preparing to unpack .../62-libstoken1t64_0.92-1.1+b2_amd64.deb ... Unpacking libstoken1t64:amd64 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../63-libtomcrypt-dev_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:amd64. Preparing to unpack .../64-libstoken-dev_0.92-1.1+b2_amd64.deb ... Unpacking libstoken-dev:amd64 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../65-ninja-build_1.12.1-1_amd64.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../66-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../67-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../68-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../69-python3-typeguard_4.4.2-1_all.deb ... Unpacking python3-typeguard (4.4.2-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../70-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../71-python3-jaraco.context_6.0.1-1_all.deb ... Unpacking python3-jaraco.context (6.0.1-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../72-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../73-python3-pkg-resources_75.8.0-1_all.deb ... Unpacking python3-pkg-resources (75.8.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../74-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../75-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../76-python3-setuptools_75.8.0-1_all.deb ... Unpacking python3-setuptools (75.8.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../77-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:amd64. Preparing to unpack .../78-opensc-pkcs11_0.26.0-1_amd64.deb ... Unpacking opensc-pkcs11:amd64 (0.26.0-1) ... Selecting previously unselected package opensc. Preparing to unpack .../79-opensc_0.26.0-1_amd64.deb ... Unpacking opensc (0.26.0-1) ... Selecting previously unselected package openssl. Preparing to unpack .../80-openssl_3.4.1-1_amd64.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:amd64. Preparing to unpack .../81-p11-kit-modules_0.25.5-3_amd64.deb ... Unpacking p11-kit-modules:amd64 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../82-p11-kit_0.25.5-3_amd64.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../83-pkgconf-bin_1.8.1-4_amd64.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:amd64. Preparing to unpack .../84-pkgconf_1.8.1-4_amd64.deb ... Unpacking pkgconf:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../85-softhsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (13.0.0) ... Setting up libpipeline1:amd64 (1.5.8-1) ... Setting up libtext-charwidth-perl:amd64 (0.04-11+b4) ... Setting up libicu72:amd64 (72.1-6) ... Setting up bsdextrautils (2.40.4-5) ... Setting up libmagic-mgc (1:5.45-3+b1) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:amd64 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.1) ... Setting up libmagic1t64:amd64 (1:5.45-3+b1) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-7) ... Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Setting up file (1:5.45-3+b1) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:amd64 (0.192-4) ... Setting up libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025a-2) ... Current default time zone: 'Etc/UTC' Local time is now: Fri Mar 14 03:52:23 UTC 2025. Universal Time is now: Fri Mar 14 03:52:23 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20220109.1) ... Setting up libunbound8:amd64 (1.22.0-1+b1) ... Setting up libpkgconf3:amd64 (1.8.1-4) ... Setting up libnspr4:amd64 (2:4.36-1) ... Setting up libproc2-0:amd64 (2:4.0.4-7) ... Setting up libunistring5:amd64 (1.3-1) ... Setting up libssl-dev:amd64 (3.4.1-1) ... Setting up libtcl8.6:amd64 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:amd64 (3.4.7-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:amd64 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:amd64 (4.20.0-2) ... Setting up netbase (6.4) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.2+b2) ... Setting up libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-3) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-4) ... Setting up tcl-expect:amd64 (5.45.4-4) ... Setting up libidn2-0:amd64 (2.3.8-1) ... Setting up libnss3:amd64 (2:3.109-1) ... Setting up pkgconf:amd64 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:amd64 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:amd64 (2.83.4-1) ... No schema files found: doing nothing. Setting up libstoken-dev:amd64 (0.92-1.1+b2) ... Setting up libp11-kit0:amd64 (0.25.5-3) ... Setting up ucf (3.0050) ... Setting up libreadline8t64:amd64 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:amd64 (2:3.109-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:amd64 (3.13.2-1) ... Setting up libp11-kit-dev:amd64 (0.25.5-3) ... Setting up libpython3-stdlib:amd64 (3.13.2-2) ... Setting up libgnutls30t64:amd64 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-1) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-4) ... Setting up python3 (3.13.2-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:amd64 (0.26.0-1) ... Setting up p11-kit-modules:amd64 (0.25.5-3) ... Setting up libgnutls-dane0t64:amd64 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.1-1) ... Setting up opensc (0.26.0-1) ... Setting up python3-typeguard (4.4.2-1) ... Setting up debhelper (13.24.1) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.8.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.8.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.41-4) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-1_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture amd64 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-17) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86_64 Host machine cpu: x86_64 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.109 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/x86_64-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja dh_auto_build -O--buildsystem=meson cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 ninja -j20 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/x86_64-linux-gnu/libcrypto.so dh_auto_test -O--buildsystem=meson cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=20 meson test --verbose ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu' [1/29] Compiling C object tests/tsession.p/tsession.c.o [2/29] Compiling C object tests/tdigests.p/tdigests.c.o [3/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [4/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [5/29] Compiling C object tests/tlsctx.p/util.c.o [6/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [7/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [8/29] Compiling C object tests/tpkey.p/util.c.o [9/29] Compiling C object tests/ccerts.p/ccerts.c.o [10/29] Linking target tests/tdigests [11/29] Compiling C object tests/tfork.p/tfork.c.o [12/29] Compiling C object tests/tgenkey.p/util.c.o [13/29] Compiling C object tests/tfork.p/util.c.o [14/29] Compiling C object tests/tpkey.p/tpkey.c.o [15/29] Compiling C object tests/ccerts.p/util.c.o [16/29] Compiling C object tests/tcmpkeys.p/util.c.o [17/29] Linking target tests/tsession [18/29] Compiling C object tests/pincache.p/pincache.c.o [19/29] Compiling C object tests/tlssetkey.p/util.c.o [20/29] Linking target tests/tlsctx [21/29] Linking target tests/treadkeys [22/29] Linking target tests/tpkey [23/29] Linking target tests/tcmpkeys [24/29] Linking target tests/ccerts [25/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [26/29] Linking target tests/tfork [27/29] Linking target tests/pincache [28/29] Linking target tests/tlssetkey [29/29] Linking target tests/tgenkey 1/92 pkcs11-provider:softokn / setup RUNNING >>> SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so MALLOC_PERTURB_=143 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ grep -q 'GNU sed' ++ sed --version ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' ++ opensc-tool -i Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ++ exit 0 ######################################## ## Setup NSS Softokn NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.23s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src MALLOC_PERTURB_=92 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ grep -q 'GNU sed' ++ sed --version ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 2114758824 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Creating new Self Sign CA Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Fri Mar 14 03:54:12 UTC 2025 Not After: Sat Mar 14 03:54:12 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:c1:b8:7f:49:3d:c7:e2:b3:c1:98:2d:88:8d:aa:5c 08:7f:e5:f6:02:d1:64:8b:5e:15:2b:6a:f1:79:bc:91 59:d7:4b:d8:cb:3c:fa:8a:93:c7:ff:d9:52:1a:45:03 80:1b:12:ad:f6:96:59:3a:f3:79:b3:3f:84:5c:c2:c1 4b:15:1a:8e:36:5e:20:0c:4d:a3:8b:75:2a:b9:8d:b8 94:70:bb:a0:77:48:99:ae:ed:9b:9b:4d:63:8a:4c:eb 97:36:72:5b:1f:be:f7:6e:31:d4:f7:d4:b7:b5:fa:0d c2:72:83:85:b3:99:eb:dc:52:f6:96:6a:6c:3e:8e:21 68:89:02:a7:9a:c0:f4:6a:4d:03:88:d8:f4:62:3a:d8 1e:86:63:a6:c2:c0:4c:8c:3c:5b:38:e9:3e:60:6d:15 a9:b5:2f:91:b2:8e:f3:a9:f3:df:6a:ec:35:f4:1c:8e 0f:d1:cc:f8:23:e1:2d:b2:c4:de:af:22:1c:af:39:78 22:97:16:26:42:62:49:80:92:13:f5:56:5b:cb:63:d5 43:16:c2:56:33:c2:ec:7b:5b:dd:64:07:6f:19:a4:59 ef:6c:54:0d:8f:18:94:6a:01:0f:d6:55:8c:9c:24:24 21:7a:7b:5a:a1:f2:6d:20:2e:0a:74:a3:fe:9e:e7:31 cd Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:0f6eb415b2f4e30c7f83796c2503499ed93a3671 sha256:ce0f5227fbda39d6981f2c995ebd601c7612e3c8083f2d47c351e8ab1f98267d Public Key PIN: pin-sha256:zg9SJ/vaOdaYHyyZXr1gHHYS48gIPy1Hw1Hoqx+YJn0= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:14 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Fri Mar 14 03:54:14 UTC 2025 Not After: Sat Mar 14 03:54:14 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:de:f9:c6:c5:9a:0a:e4:0a:e7:6b:73:1f:6e:6a:87 1e:82:95:c9:8c:2e:87:c3:af:a4:36:1b:8e:61:81:91 73:5c:a8:50:5e:35:0b:08:26:c9:4c:93:e5:2a:9a:5a 21:8f:0e:f9:ee:cc:d7:73:af:c5:03:44:fe:36:f9:af 3c:ab:cf:f1:1b:e3:64:4a:d0:d0:ae:dc:dd:10:31:1d d6:72:84:c6:1e:48:ca:6e:c0:21:6e:2a:62:3c:05:36 0e:64:dc:aa:ee:86:6e:1a:29:f7:c9:46:24:cf:b9:c9 1c:ba:4b:d6:f3:af:14:b7:3b:67:b4:c0:fa:40:93:d2 4d:a4:bc:48:36:20:d4:89:b9:62:20:97:23:bb:94:49 61:70:9e:93:81:b8:43:28:9f:2b:9c:eb:fc:8e:f1:d1 30:b7:89:a8:53:6b:8b:b5:c5:48:f5:62:c4:af:6d:75 c9:ed:0c:d8:69:32:34:45:5e:e6:be:9a:46:c3:13:ab f8:0d:51:a9:2f:2d:06:70:aa:07:2d:c8:9b:c5:c7:ec a6:7e:41:41:cd:01:3f:c1:5c:f9:35:ed:d5:c7:8c:03 83:ad:6a:08:bd:7b:9f:5d:ad:5c:2b:fe:2c:fb:01:44 41:c3:88:32:b3:23:f8:a4:86:db:d0:2b:44:2d:b9:ee 9b Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 1240baf253e1a8bf0b4e23b7492076c2dd9c332d Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:1240baf253e1a8bf0b4e23b7492076c2dd9c332d sha256:8dabdfe5e22c539dd968937b6d88d162542d8d6d8d22b3497fe916e66200d481 Public Key PIN: pin-sha256:javf5eIsU53ZaJN7bYjRYlQtjW2NIrNJf+kW5mIA1IE= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441048d5c0669100d7f8eee8c63eede1572dffe3331bb036e739779fbff851555c97899025e8e9e0146afbcb803559a62592471059c576f4f7b3fe65a2e3e3bd29630 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:14 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Fri Mar 14 03:54:14 UTC 2025 Not After: Sat Mar 14 03:54:14 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:8d:5c:06:69:10:0d:7f:8e:ee:8c:63:ee:de:15:72 df:fe:33:31:bb:03:6e:73:97:79:fb:ff:85:15:55:c9 78 Y: 00:99:02:5e:8e:9e:01:46:af:bc:b8:03:55:9a:62:59 24:71:05:9c:57:6f:4f:7b:3f:e6:5a:2e:3e:3b:d2:96 30 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 3517f310afaf1cd9001ed9d89057a21a98d36655 Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:3517f310afaf1cd9001ed9d89057a21a98d36655 sha256:cb6af487cb086dbf4e6503ead67cfcfc684f76795016ea79c39146b1259344ba Public Key PIN: pin-sha256:y2r0h8sIbb9OZQPq1nz8/GhPdnlQFup5w5FGsSWTRLo= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441041796901c51a4a2f717b297d1e604b07f96d99bc84a2155b8c727f2435c7210bbd35699826bb4a046031053ac941d96109778c8b152d8d6382324a298767219eb EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Fri Mar 14 03:54:15 UTC 2025 Not After: Sat Mar 14 03:54:15 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 17:96:90:1c:51:a4:a2:f7:17:b2:97:d1:e6:04:b0:7f 96:d9:9b:c8:4a:21:55:b8:c7:27:f2:43:5c:72:10:bb Y: 00:d3:56:99:82:6b:b4:a0:46:03:10:53:ac:94:1d:96 10:97:78:c8:b1:52:d8:d6:38:23:24:a2:98:76:72:19 eb Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 85446d7e5905b5c2924518a22a72769369b9695d Other Information: Public Key ID: sha1:85446d7e5905b5c2924518a22a72769369b9695d sha256:63388c6012d1c0cdbf885af7e2f50823fa649c9d12cb2c93e18c35cb6a1bb2f9 Public Key PIN: pin-sha256:YziMYBLRwM2/iFr34vUII/pknJ0SyyyT4Yw1y2obsvk= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04200a52a892b7d6e220d1762506dde1510d36bbb479b0e3fc948a98fe76e217c69d EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:15 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Fri Mar 14 03:54:15 UTC 2025 Not After: Sat Mar 14 03:54:15 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 0a:52:a8:92:b7:d6:e2:20:d1:76:25:06:dd:e1:51:0d 36:bb:b4:79:b0:e3:fc:94:8a:98:fe:76:e2:17:c6:9d Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 74a8ac6bd7072b2520dff15efdbfaf1a608ca2b6 Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:74a8ac6bd7072b2520dff15efdbfaf1a608ca2b6 sha256:6633096596a8495b12eda8d325f599318998a7e3b0e4e4f4910f9fc54d43fe33 Public Key PIN: pin-sha256:ZjMJZZaoSVsS7ajTJfWZMYmYp+Ow5OT0kQ+fxU1D/jM= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04394f0a48a288d5cdf312927ce78b44fbe3c826c538770ce16ba2b53b6d641c3ad9e11723ff408366bf7e9436955cf1e0d80240d7424450804500 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:16 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Fri Mar 14 03:54:16 UTC 2025 Not After: Sat Mar 14 03:54:16 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: 4f:0a:48:a2:88:d5:cd:f3:12:92:7c:e7:8b:44:fb:e3 c8:26:c5:38:77:0c:e1:6b:a2:b5:3b:6d:64:1c:3a:d9 e1:17:23:ff:40:83:66:bf:7e:94:36:95:5c:f1:e0:d8 02:40:d7:42:44:50:80:45:00 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): fd0498c52c0e22d1190f187fe285f479f2638311 Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:fd0498c52c0e22d1190f187fe285f479f2638311 sha256:2ae6ba188209ec18f48b065524e3d2e0d6808f8d0ce8d362ea6a6e13cebe86ca Public Key PIN: pin-sha256:Kua6GIIJ7Bj0iwZVJOPS4NaAj40M6NNi6mpuE86+hso= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:17 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Fri Mar 14 03:54:17 UTC 2025 Not After: Sat Mar 14 03:54:17 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:c5:90:e0:fd:92:09:e7:36:7a:c6:fe:08:a3:08:d0 ac:48:eb:e0:cb:69:40:e6:0c:a8:38:46:ba:e4:b6:e5 81:ca:3c:0b:c3:9b:a5:56:c8:74:34:3b:8e:85:77:dc 05:cb:99:67:f4:12:95:9b:d7:a9:b8:7d:58:7b:21:78 33:38:a6:d6:27:e5:8c:12:66:a0:50:37:df:0c:9b:80 d0:a4:b4:d0:d8:ec:dc:92:5e:ad:cd:ec:6f:cf:31:89 4f:61:af:5e:da:9d:f0:02:29:04:4b:4a:0c:49:0a:0c 10:51:81:83:2c:15:c9:29:7b:af:6e:20:ab:aa:04:26 b0:44:89:d0:00:13:e4:ae:13:b5:b9:9a:7f:ab:d6:45 e1:bb:f2:94:81:15:fc:8e:aa:58:c9:bd:91:bd:0c:4a ac:ec:f3:39:2a:08:b4:4f:33:cc:28:44:78:25:58:b2 4e:03:25:e1:5a:3e:b3:b1:c8:31:84:84:18:26:8f:cc 63:ee:b9:7a:68:50:e3:a1:df:14:d5:46:62:02:78:c3 12:4a:5f:c2:45:de:9b:c4:29:a8:59:ab:ad:a2:6f:55 74:c8:55:3c:06:4a:74:42:8e:70:13:bb:bc:f4:14:2a 8c:fe:86:1b:32:99:ef:0e:81:2d:4e:04:40:58:e0:0c 03 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 9bbfad5192871405a31156d1c20d1c304bbbebfb Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:9bbfad5192871405a31156d1c20d1c304bbbebfb sha256:3872b3f377dd69b6d61c2d226a2864ecfaed551fbf921374dff7ca13c6c5e1a8 Public Key PIN: pin-sha256:OHKz83fdabbWHC0iaihk7PrtVR+/khN03/fKE8bF4ag= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104a95294ff28d675c6af5e0720cd2a3471df5b8f61fe5e93083cc73ad1217b4138f5ee3d86573f8f95e976ddfbb09510ef6aa101417a3ccc964e02ff595c831aab7f74fb33deaae717a765ae389781eeb41677bacf12d6f489d690e0110d4525d3 EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:18 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Fri Mar 14 03:54:18 UTC 2025 Not After: Sat Mar 14 03:54:18 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:a9:52:94:ff:28:d6:75:c6:af:5e:07:20:cd:2a:34 71:df:5b:8f:61:fe:5e:93:08:3c:c7:3a:d1:21:7b:41 38:f5:ee:3d:86:57:3f:8f:95:e9:76:dd:fb:b0:95:10 ef Y: 6a:a1:01:41:7a:3c:cc:96:4e:02:ff:59:5c:83:1a:ab 7f:74:fb:33:de:aa:e7:17:a7:65:ae:38:97:81:ee:b4 16:77:ba:cf:12:d6:f4:89:d6:90:e0:11:0d:45:25:d3 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): d3c40991a83422edfcac79c6a68a465f1ee8e9db Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:d3c40991a83422edfcac79c6a68a465f1ee8e9db sha256:db001f629838e3df442f52be39c5105a08521cf86da8f75fd7f532de5bf108d8 Public Key PIN: pin-sha256:2wAfYpg4499EL1K+OcUQWghSHPhtqPdf1/Uy3lvxCNg= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 048185040145b84abf51adf0a64dafa6a5c53d36a2a3689f21c57087ea85da483944ec21bc431cf2c960d2676a89d69e2fdb6adf7721fcb8453e1761e1035d208589006c24b800d3b733f35c97fd020e9ceb30ccf6b607cdab4fa5422c205fbb6bd9fed4f3fc57ec2f184264ab64a0e7fa89af3870f64ab44bb36b66fb4f63d2a964ebe9c3f573a5 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Fri Mar 13 15:54:18 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Fri Mar 14 03:54:18 UTC 2025 Not After: Sat Mar 14 03:54:18 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 01:45:b8:4a:bf:51:ad:f0:a6:4d:af:a6:a5:c5:3d:36 a2:a3:68:9f:21:c5:70:87:ea:85:da:48:39:44:ec:21 bc:43:1c:f2:c9:60:d2:67:6a:89:d6:9e:2f:db:6a:df 77:21:fc:b8:45:3e:17:61:e1:03:5d:20:85:89:00:6c 24:b8 Y: 00:d3:b7:33:f3:5c:97:fd:02:0e:9c:eb:30:cc:f6:b6 07:cd:ab:4f:a5:42:2c:20:5f:bb:6b:d9:fe:d4:f3:fc 57:ec:2f:18:42:64:ab:64:a0:e7:fa:89:af:38:70:f6 4a:b4:4b:b3:6b:66:fb:4f:63:d2:a9:64:eb:e9:c3:f5 73:a5 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 961c1902aa977bb6158498b6de92591ff40c23fe Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:961c1902aa977bb6158498b6de92591ff40c23fe sha256:4ece9f275db3ebcf92ab2a39d063ffb398339d8dda34803bbdbc938d713e94f6 Public Key PIN: pin-sha256:Ts6fJ12z68+Sqyo50GP/s5gznY3aNIA7vbyTjXE+lPY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Fri Mar 13 15:54:20 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Fri Mar 14 03:54:20 UTC 2025 Not After: Sat Mar 14 03:54:20 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:a4:4c:ec:98:a1:e7:3e:85:be:fb:5d:97:11:29:a9 37:f7:9f:5d:a2:f6:20:24:06:9a:cd:51:3a:b4:eb:d2 6b:5c:1a:15:9c:4b:7f:53:df:95:79:e5:a5:2b:6e:94 d4:eb:8d:b3:a6:e0:91:67:bb:2a:78:e5:e0:9d:4e:78 e6:9b:0f:fb:0f:54:49:5a:22:ea:c5:59:46:28:48:5b 03:a4:15:24:8f:21:05:36:b1:f1:d1:a2:6a:01:ed:9c 97:27:3c:de:b9:67:e0:a3:e4:2b:28:68:74:4f:62:c3 6e:00:78:51:3d:31:a1:14:15:4b:9e:17:a0:22:bc:26 cc:4c:57:50:c5:c7:3e:41:53:b9:d9:be:0a:97:65:f0 a2:81:56:fb:4a:95:15:1a:7f:ce:88:90:a9:6d:1a:e1 f1:4f:21:a5:c1:9d:fa:66:fd:80:a7:f6:46:8e:10:c0 e6:44:b1:3b:5b:85:e5:34:03:17:10:cf:2f:eb:7b:be b2:5c:7a:da:f1:f7:e2:93:ed:cb:1b:7b:8a:b0:ae:3a 25:56:7d:cf:d6:16:c4:06:f0:44:88:e1:17:0a:63:c3 04:e5:35:45:81:d2:a9:36:55:b7:f7:bf:0a:53:f1:da 4a:78:ce:9f:87:1a:0b:0b:b7:1c:b7:2e:cb:5e:9c:23 b3 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 6a8487ed6631c0e493a205ed8ac9e801deeb28e4 Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:6a8487ed6631c0e493a205ed8ac9e801deeb28e4 sha256:aca93794e770d062ebf51a13903fa7fc8af7f1225e7b472a242c1c86d15ac590 Public Key PIN: pin-sha256:rKk3lOdw0GLr9RoTkD+n/Ir38SJee0cqJCwchtFaxZA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Fri Mar 13 15:54:22 2026 CA expiration time: Fri Mar 13 15:54:12 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Fri Mar 14 03:54:22 UTC 2025 Not After: Sat Mar 14 03:54:22 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0a:38:d2:26:66:1d:91:c5:ad:28:84:ce:f8:a9:0b:24 8c:d6:85:cb:9f:5c:16:cf:12:92:ef:58:66:d6:28:b1 3d:5d:6c:06:aa:9b:e1:a5:a7:e5:2e:e7:20:c9:4b:96 e1:6f:9f:fa:74:62:a1:b6:ad:26:71:ae:5e:de:a4:fb c5:40:d4:7b:91:e8:e4:da:b6:d2:f4:78:ff:b0:4b:7b 45:d3:64:58:7e:75:de:b4:48:bb:14:0f:ae:0c:fb:92 f8:2c:8b:a5:3a:f9:c7:19:14:65:37:5d:a7:30:0e:d5 2a:25:3a:a6:67:25:07:18:07:e9:01:da:a5:a7:f6:06 b4:09:81:3f:88:1c:c5:61:a8:1e:15:7a:63:68:c7:b5 cc:88:58:c5:02:9d:9f:66:51:83:7e:9a:12:57:89:18 d6:ec:46:ca:6f:d0:68:7e:68:2f:7f:83:2e:65:3c:67 48:39:5b:b5:13:92:42:56:96:5d:c6:e8:45:fc:1a:89 17:b7:c1:07:fa:49:d8:34:d8:29:c1:6a:de:6f:dd:72 f1:e7:5e:9b:ae:67:1a:ff:ad:76:94:8d:27:3e:fd:88 d0:fd:56:b4:67:08:30:6a:19:d2:52:4b:7b:5b:21:4d 22:d3:69:93:22:52:dd:77:45:00:1d:be:c4:93:f0:f5 94:00:c7:7a:75:74:68:92:d1:ad:a8:f4:14:e6:a3:94 33:78:bb:73:b5:b9:1e:06:a6:98:9d:55:bf:30:39:7c a0:1a:95:02:4a:e9:e6:a2:cb:e8:50:4d:f7:b5:11:97 a4:c2:2e:3c:c6:b0:98:75:41:7b:c0:1d:7e:27:8e:26 66:35:a8:f2:13:b9:78:32:6b:df:00:1f:6d:33:c2:f0 76:90:f6:32:fe:e5:85:0c:ad:d6:6a:20:0d:4d:6b:82 cb:75:cc:f1:89:be:e0:54:aa:93:2d:d9:14:42:53:51 a8:3d:51:d4:3a:70:64:86:66:18:25:36:1a:69:ab:e1 94:57:a5 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): cb2f4e69491b7cff63f95d4083dd8012f51e0a28 Authority Key Identifier (not critical): 0f6eb415b2f4e30c7f83796c2503499ed93a3671 Other Information: Public Key ID: sha1:cb2f4e69491b7cff63f95d4083dd8012f51e0a28 sha256:a1260a00d7a66e82dfe4ee9e06a994963c8b4ed650c38f687c140a38a79b982b Public Key PIN: pin-sha256:oSYKANemboLf5O6eBqmUljyLTtZQw49ofBQKOKebmCs= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O ---------------------------------------------------------------------------------------------------- Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441041796901c51a4a2f717b297d1e604b07f96d99bc84a2155b8c727f2435c7210bbd35699826bb4a046031053ac941d96109778c8b152d8d6382324a298767219eb EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04394f0a48a288d5cdf312927ce78b44fbe3c826c538770ce16ba2b53b6d641c3ad9e11723ff408366bf7e9436955cf1e0d80240d7424450804500 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 048185040145b84abf51adf0a64dafa6a5c53d36a2a3689f21c57087ea85da483944ec21bc431cf2c960d2676a89d69e2fdb6adf7721fcb8453e1761e1035d208589006c24b800d3b733f35c97fd020e9ceb30ccf6b607cdab4fa5422c205fbb6bd9fed4f3fc57ec2f184264ab64a0e7fa89af3870f64ab44bb36b66fb4f63d2a964ebe9c3f573a5 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 04200a52a892b7d6e220d1762506dde1510d36bbb479b0e3fc948a98fe76e217c69d EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441048d5c0669100d7f8eee8c63eede1572dffe3331bb036e739779fbff851555c97899025e8e9e0146afbcb803559a62592471059c576f4f7b3fe65a2e3e3bd29630 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + sed -e s/export/unset/ -e 's/=.*$//' + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 12.21s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=215 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' ++ grep OpenSC Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.26s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so MALLOC_PERTURB_=209 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' ++ opensc-tool -i ++ grep OpenSC Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.23s 5/92 pkcs11-provider:softokn / basic RUNNING >>> MALLOC_PERTURB_=95 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.12s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> MALLOC_PERTURB_=30 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 4027EE19647F0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 2114758824 - SoftHSM slot ID 0x7e0ca8a8):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 2114758824 - SoftHSM slot ID 0x7e0ca8a8):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 17.95s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=78 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.10s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=140 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.10s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=127 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.13s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=40 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 2.21s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=32 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.12s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=159 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.09s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=161 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.11s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> MALLOC_PERTURB_=57 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 2.02s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> MALLOC_PERTURB_=57 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.10s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=145 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.13s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=29 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.13s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=209 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 3.26s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.06s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=183 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.09s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=156 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 5.50s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=84 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.13s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=76 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.06s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=100 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.10s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=247 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.08s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=17 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.10s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> MALLOC_PERTURB_=226 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.09s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=149 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr ...+......+.+..............+.+...+......+.....+...+......+....+++++++++++++++++++++++++++++++++++++++*..+......+.....+....+++++++++++++++++++++++++++++++++++++++*.....+........+.+......+..+..........+...+...+...........+.+.....+....+........+...+.......+...+...+.....+....+...+..+.............+.....+..................+....+..+....+..+.........+....+..+.......+..+..........+...+...........+......+.+..+................+............+..+...+.........+.+...+...........+.+.........+.....+.............+........+.......+..+.........................+...+.....+.......+...+........+...+......+.+..+.+..+.......+......+.........+.....+............+.+..+......+..........+......+...............+...+........+.........+....+.........+..+...+.+..+....+...+...........+......................+...+..+...+.......+...............+...+..+.........+..........+..............+................+......+..+.++++++ ........+......+...+..+...+.........+.+++++++++++++++++++++++++++++++++++++++*......+...+......+........+.......+++++++++++++++++++++++++++++++++++++++*.......+......+.........+..+.......+.....+.+.....+.+......+..++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:57 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:58 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:59 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:54:59 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:55:00 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 14 03:55:00 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 3.90s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> MALLOC_PERTURB_=14 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.12s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=76 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.11s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=102 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.11s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=17 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.51s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=6 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.09s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=83 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.10s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=209 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.12s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=130 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 1.96s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=21 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.10s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> MALLOC_PERTURB_=44 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.10s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=36 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.10s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> MALLOC_PERTURB_=35 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.11s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> MALLOC_PERTURB_=226 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.09s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.11s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=18 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.09s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> MALLOC_PERTURB_=135 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.09s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=250 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.08s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=81 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.08s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> MALLOC_PERTURB_=120 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.08s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=80 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.09s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=115 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 1.11s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=233 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.10s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=145 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.09s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> MALLOC_PERTURB_=173 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.44s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=63 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.08s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=234 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.10s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=7 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.19s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=51 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.04s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=174 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.13s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> MALLOC_PERTURB_=188 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.09s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=160 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.87s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=89 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.15s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=25 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.08s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=91 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.15s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=254 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.43s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=18 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.15s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=181 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.10s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=108 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.10s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=22 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 40571BCF1F7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 40571BCF1F7F0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 ò ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.34s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=7 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.09s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=163 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.10s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MALLOC_PERTURB_=231 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.09s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=108 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.26s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=177 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.11s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=37 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.12s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=227 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.09s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=186 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9FAABA0EC71E19A6E56646BDFC51845BA94043CF52F78079C6DA7F6894797204 Session-ID-ctx: Resumption PSK: 36341AAEEB3B5E0B61B17BF8833BE7ECC97EAD590F1B5F6B669D791D0BA259E0F40FF561F269C4B554A7163D31CCB328 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ab ca 35 9c 91 7c 47 7a-dd 3f 74 b9 d1 c7 e7 1a ..5..|Gz.?t..... 0010 - 0f 52 cb 86 8d 05 61 5c-4b 10 ba 9e a2 c6 5e 92 .R....a\K.....^. 0020 - 36 dc 24 7e 14 86 6c 43-98 06 1e 9c 3f a1 7e 6a 6.$~..lC....?.~j 0030 - fa 3f 2f 96 ce 7e 06 d5-19 22 01 8c 28 65 66 fc .?/..~..."..(ef. 0040 - 01 e9 f4 c0 2d 51 4b 28-78 a2 0a 4a a9 ca 6f 3c ....-QK(x..J..o< 0050 - 05 df 17 a2 a2 30 51 3c-ff d0 5d 66 54 b5 82 d4 .....0Q<..]fT... 0060 - 02 13 36 50 d5 7e 09 71-ef eb 6b 0e 60 1a 61 4f ..6P.~.q..k.`.aO 0070 - b6 09 df 0c 27 cb e9 06-2f 28 b6 9f b4 48 db b7 ....'.../(...H.. 0080 - 97 f9 11 a4 51 e3 f8 a5-8a 30 c1 e6 72 20 cb 44 ....Q....0..r .D 0090 - 15 78 f9 a9 f2 42 3f 2d-70 5c dc 63 13 ad 04 38 .x...B?-p\.c...8 00a0 - d1 1f 50 24 b8 ce fc f9-e1 0f fe 47 bc db 32 c9 ..P$.......G..2. 00b0 - 56 91 da 5a 29 3f fa 7a-c4 07 87 7d 54 db 2d 19 V..Z)?.z...}T.-. 00c0 - 5a 79 e3 6e 70 0f 6c 92-3e 07 8e c0 7c e5 ae b9 Zy.np.l.>...|... Start Time: 1741924512 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F5A7D2298A919C275B1C6AB53DEBA3BBBE808489179E8BEC95908CF87B90B5B7 Session-ID-ctx: Resumption PSK: E0376641E9D112935FB219792F1D811611F9ABCD99C9B4A57FB7FBA9AC5C59F1E1D44B8A0454B96109043CDF6AAF3B13 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ab ca 35 9c 91 7c 47 7a-dd 3f 74 b9 d1 c7 e7 1a ..5..|Gz.?t..... 0010 - 6e 2f cc 2e 06 da 16 87-f4 66 17 11 7b 10 76 06 n/.......f..{.v. 0020 - 9d 57 4d 8a 6f 4d 6e c7-ca 1f 4c 9b 08 d0 17 e5 .WM.oMn...L..... 0030 - f0 63 80 76 eb 62 df 7e-43 dc 61 8c 68 4e e3 ad .c.v.b.~C.a.hN.. 0040 - 10 39 25 e9 96 8a b8 eb-ce c8 f2 d4 0a bc 13 90 .9%............. 0050 - 68 03 8f 02 e5 fc af 9a-d0 90 b1 eb a0 3c b8 7e h............<.~ 0060 - 14 51 83 b5 e3 a7 f5 94-8c 0f a1 70 a7 7d 6b 43 .Q.........p.}kC 0070 - c5 6e a5 a4 7b 42 e3 93-da e3 7e d9 f9 09 21 85 .n..{B....~...!. 0080 - 5a cc 2a ca 12 3b 80 93-a6 05 d4 41 a3 b9 9e f6 Z.*..;.....A.... 0090 - fa 59 63 9f 3c ca 5c 77-af 89 43 ec 37 51 7a 7a .Yc.<.\w..C.7Qzz 00a0 - d9 86 e6 82 b3 92 3b e6-bd d9 0b 81 68 b4 a9 d1 ......;.....h... 00b0 - 80 61 6c 92 d1 a6 f6 84-13 f5 d2 5c a4 5e cb 55 .al........\.^.U 00c0 - 3c e7 e4 a6 81 87 f6 21-d9 fd cd 93 32 0b 3b 12 <......!....2.;. Start Time: 1741924512 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4087C0DBF97F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIFCR7rkRvL/V15mhlCAinbI1hEc1swIGsjZFcmvEmxxS BDDgN2ZB6dESk1+yGXkvHYEWEfmrzZnJtKV/t/uprFxZ8eHUS4oEVLlhCQQ832qv OxOhBgIEZ9OooKIEAgIcIKQGBAQBAAAArgcCBQC+lQBWswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 14 03:55:12 2025 GMT; NotAfter: Apr 13 03:55:12 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUQOMxFnN+QICAP1KJ84oDzaRWKxcwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzE0MDM1NTEyWhcNMjUwNDEzMDM1NTEyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQCkTOyYoec+hb77XZcR Kak3959dovYgJAaazVE6tOvSa1waFZxLf1PflXnlpStulNTrjbOm4JFnuyp45eCd Tnjmmw/7D1RJWiLqxVlGKEhbA6QVJI8hBTax8dGiagHtnJcnPN65Z+Cj5CsoaHRP YsNuAHhRPTGhFBVLnhegIrwmzExXUMXHPkFTudm+Cpdl8KKBVvtKlRUaf86IkKlt GuHxTyGlwZ36Zv2Ap/ZGjhDA5kSxO1uF5TQDFxDPL+t7vrJcetrx9+KT7csbe4qw rjolVn3P1hbEBvBEiOEXCmPDBOU1RYHSqTZVt/e/ClPx2kp4zp+HGgsLtxy3Lste nCOzAgMBAAGjaTBnMB0GA1UdDgQWBBQPcdPtkyS3ZbTScN7MXTrMetPGejAfBgNV HSMEGDAWgBQPcdPtkyS3ZbTScN7MXTrMetPGejAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAUhub5fHz8kdk dU4TTgq9uEj5htQP8l05fODQuHfuPDYFWXewKXZRZsJ3E3gIB1bcItoF2eXGO2YC aoyK4Na76uERgB1ratSn7+wNy375iqL0FW4BLdFJv0h70cWhVau+zQtseVAPApbI jTYUd1Lp6V1DiVpEkqFRouY12IL5kKmrjjlsy0oy8e+i6U3HEJZI04A8hGvy+MbF 5iDj1P9kdD5YOYfvMf15u24CM1tz7HTmsyIdqqT+AwUatO6BEKUL6I3uJTBRgbD5 W3YxqdNRPD2N8HRyPkiH5KTbuvPM6t1EnqAsxPFZpaEVJNueWkUvBggcXBw/JjQ8 G05iv3OCug== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 00C7D57CED12FCD2FA7A94CD0A6B8FF3D77934726D78D214548D701ECFF2A9ED Session-ID-ctx: Resumption PSK: 682D7BC27FFF35751972A7B4D31978CA24382B6AAC84198792BF418113FE002362C3E865EFCC018016CFF8C95739B4ED PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b9 c5 ec 3b e5 55 80 c0-f3 f6 e5 e4 a0 cc 8b 09 ...;.U.......... 0010 - 0a fc b3 bd 65 72 3e 6a-0f 40 4b 8c b3 45 53 ee ....er>j.@K..ES. 0020 - c8 d5 bf 7e 1a fa 70 09-28 2d 78 e8 a1 b5 35 dc ...~..p.(-x...5. 0030 - 41 f0 8c ea a2 7f 74 99-a1 0e da d8 98 c0 e4 e5 A.....t......... 0040 - 2a a4 4a 3a e2 54 01 cc-48 25 6d 91 06 10 e9 dd *.J:.T..H%m..... 0050 - 19 f6 e1 98 5f 89 e8 c3-9f 83 17 76 79 e4 e5 3a ...._......vy..: 0060 - 16 b8 3b 7c 11 2f 7b 09-d0 8a 05 ac 7b 7f ea 7c ..;|./{.....{..| 0070 - 86 3d f7 3c 52 ee be a7-f5 db ae b6 4e 47 8d 8e .=. Start Time: 1741924512 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6E039665C467555B93CC370045AD1C1BDCA19C0D546D79A6504F75BEF93CC7F0 Session-ID-ctx: Resumption PSK: 881BF9844C6C16916F2E47C4510D383072E744D7541D2FE05C4AB25C529494CD5ABD490EF25ACDDDD5B5D6C7F81413C1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b9 c5 ec 3b e5 55 80 c0-f3 f6 e5 e4 a0 cc 8b 09 ...;.U.......... 0010 - 7e d0 5b 2e 72 1f 00 fa-55 bd 47 b3 70 eb 3c ad ~.[.r...U.G.p.<. 0020 - f2 22 ea e7 42 3e ce 94-b2 64 5f 21 88 3d cb 6a ."..B>...d_!.=.j 0030 - 37 7e e8 45 c6 2d 20 9e-69 46 17 5d 0d 87 3e ac 7~.E.- .iF.]..>. 0040 - 59 1a 06 aa 87 3d b9 e3-e1 c3 97 41 95 dd 1e c8 Y....=.....A.... 0050 - 55 35 44 35 9f 09 58 b6-df 60 50 91 e6 42 1d 38 U5D5..X..`P..B.8 0060 - 24 81 80 d7 f5 64 40 44-bc 90 e3 39 55 83 1b 6c $....d@D...9U..l 0070 - bb d4 40 ca 9b d6 b7 32-9f e9 dd 37 c4 bc 6a 12 ..@....2...7..j. 0080 - 0e 01 a6 5e 58 3c 53 bd-20 db 78 7b 04 9b 69 ff ...^X...`..f 00a0 - 7a 5d 55 70 73 55 ee 21-92 d9 db 47 e8 14 16 4e z]UpsU.!...G...N 00b0 - 42 1c 2f df 4b fd 5b e7-58 a1 d2 ca a5 9d 2a dd B./.K.[.X.....*. 00c0 - 85 a1 53 14 7d 39 ab 9f-0d ca a4 95 b4 a0 14 45 ..S.}9.........E Start Time: 1741924512 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A7D84B1A7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIG2ea6UXZJ+2UxAMcszxahY5hT0RRVTnV216JVAx4IGU BDCIG/mETGwWkW8uR8RRDTgwcudE11QdL+BcSrJcUpSUzVq9SQ7yWs3d1bXWx/gU E8GhBgIEZ9OooKIEAgIcIKQGBAQBAAAArgcCBQDP2gsaswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 14 03:55:13 2025 GMT; NotAfter: Apr 13 03:55:13 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUXJA1c8EI5qdxTx8fQi+TLQVDBlkwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzE0MDM1NTEzWhcNMjUwNDEzMDM1NTEzWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwo40iZmHZHFrSiEzvip CySM1oXLn1wWzxKS71hm1iixPV1sBqqb4aWn5S7nIMlLluFvn/p0YqG2rSZxrl7e pPvFQNR7kejk2rbS9Hj/sEt7RdNkWH513rRIuxQPrgz7kvgsi6U6+ccZFGU3Xacw DtUqJTqmZyUHGAfpAdqlp/YGtAmBP4gcxWGoHhV6Y2jHtcyIWMUCnZ9mUYN+mhJX iRjW7EbKb9Bofmgvf4MuZTxnSDlbtROSQlaWXcboRfwaiRe3wQf6Sdg02CnBat5v 3XLx516brmca/612lI0nPv2I0P1WtGcIMGoZ0lJLe1shTSLTaZMiUt13RQAdvsST 8PWUAMd6dXRoktGtqPQU5qOUM3i7c7W5HgammJ1VvzA5fKAalQJK6eaiy+hQTfe1 EZekwi48xrCYdUF7wB1+J44mZjWo8hO5eDJr3wAfbTPC8HaQ9jL+5YUMrdZqIA1N a4LLdczxib7gVKqTLdkUQlNRqD1R1DpwZIZmGCU2Gmmr4ZRXpQIDAQABo2kwZzAd BgNVHQ4EFgQUEGW2Qp1953HDwdkC0MSB1DKKnLAwHwYDVR0jBBgwFoAUEGW2Qp19 53HDwdkC0MSB1DKKnLAwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAARj2ddba25AviOEPXMINNn11HuzBlQ+ 9P0LJEI+am/rSyP+LEOgLFVcSMXLFBpST7WkNEEpoTPP7Ap76WQTa5IuQfi0cYIm DbUBxBxpHFGvY37/OGvw90QwNvpgKeWdYEN2GLKsLRL7t4hiPlb6yRy6w429DngL T15EqloBOv/Jefyz3y0ZdFFlECuNzuJ49uz8BNSmxC0QIWGBwZn4MMwdnoVa40B9 f5HyNSlxZbQx2SxUyDoZH5bXtgNujxCAqg12i2DW3+ZePSR34Jx8Dd35EGaKQr6C XV/jTVfU9mduZp+uB+v5MYr0ISau/0GBIM+YPZrgToUYfUJjvDysui+nBk+F14g4 nZ4aYx2Io9UbiHFVUTj3eMwzcC8EYc33Yba5df9/d2Cz0P32M7J3BNj6HDPTAuj1 /Y7n0Vul2UWBj/L60XlePZnya0n8wMplxeCYs/1kDlbqbH1gCN0mJE6gWG5pfyky /UZNeHlDobFJt4NMFr1t37D71imLDA/7rDNFCg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7A418DB52A8343852EABE5902DF054DBB51C46EC33B545776A1A8E4D13B7372E Session-ID-ctx: Resumption PSK: 468442AB9B94DD84020338CDE2C89768F760CCD9CF1ECFF6757C0C8168F5BF4F0685B67E63AAF781FCA4479E8AE91612 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 3e ec 62 9f 43 7a 00 7f-6d 65 44 49 21 54 f6 79 >.b.Cz..meDI!T.y 0010 - b0 93 4b 92 4e 17 bb e7-b1 e5 49 93 50 05 0c 73 ..K.N.....I.P..s 0020 - 2c 20 70 fe e5 37 3f 50-77 f1 c6 70 e1 cb 19 63 , p..7?Pw..p...c 0030 - 0d b9 b1 01 bb 5a 45 09-81 75 2e eb 33 3e 1d c2 .....ZE..u..3>.. 0040 - 1c bc 6e 14 e6 e5 2f fc-f4 c7 ec 80 19 94 87 b8 ..n.../......... 0050 - 1f d5 a0 bc 34 b0 3e a5-87 a5 38 90 79 df 28 0f ....4.>...8.y.(. 0060 - c7 55 28 4b a3 d5 e9 48-4f a9 b8 6f da 9d 22 81 .U(K...HO..o..". 0070 - 26 10 00 bf f3 41 de 8e-35 b7 ed 0e 40 5b 48 be &....A..5...@[H. 0080 - f9 8d ab ac be fc 05 9a-fc 68 f8 e2 4e 09 66 45 .........h..N.fE 0090 - 9d fd 24 80 f0 f3 ad ea-75 f7 9b e7 b3 95 61 ee ..$.....u.....a. 00a0 - 42 a5 49 0a 31 5e df 2c-f1 93 1f b1 c3 99 55 99 B.I.1^.,......U. 00b0 - cb 6a c5 66 a0 b8 51 48-23 e8 0f aa 6c e0 5b f5 .j.f..QH#...l.[. 00c0 - 94 40 96 89 14 bb 76 70-ce fc 90 e2 9f 35 bc ba .@....vp.....5.. Start Time: 1741924513 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 19997F58A7E25C72AC1C9E26045A4B9F21817E7173E3444B3EF1029E992A5862 Session-ID-ctx: Resumption PSK: D0895C40517D487AD992E66869CE0F05E85ABC7E73532942C66E72455602B0A4B18D7CA9C06FB01D5111DE782026C338 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 3e ec 62 9f 43 7a 00 7f-6d 65 44 49 21 54 f6 79 >.b.Cz..meDI!T.y 0010 - 8b 68 41 22 f5 7e 8f 29-1b d6 d3 78 f7 98 a9 3d .hA".~.)...x...= 0020 - 4f be 5f 13 da bc 2c ea-4d e8 82 9f 24 20 a6 3d O._...,.M...$ .= 0030 - 96 91 88 af 5c 76 ba 00-da 78 1a 4d 55 22 c2 c5 ....\v...x.MU".. 0040 - e9 bf 5c 8a c1 88 31 90-d9 6a c4 ef bd 6f 49 7b ..\...1..j...oI{ 0050 - 56 39 85 5e 5d f6 03 d1-5a 2a 4d ec f4 af b1 e4 V9.^]...Z*M..... 0060 - ab 99 d8 d9 5a 4c d4 5c-87 ea ae 77 d5 a2 b4 f7 ....ZL.\...w.... 0070 - 71 d7 0c 64 ba cd 50 41-db 2e 8a e4 03 b9 bc bb q..d..PA........ 0080 - a8 3c 8e 40 8a fa 51 f4-89 aa 1b da 7e 84 be 03 .<.@..Q.....~... 0090 - 00 d4 a0 31 39 8c 59 61-3b d3 b0 94 e6 7f af a3 ...19.Ya;....... 00a0 - 55 cf 8b e9 67 08 f5 c5-d0 08 3a d1 d3 b3 f4 10 U...g.....:..... 00b0 - ed ff a0 40 a5 fb c8 95-47 5b aa 84 e0 49 13 cf ...@....G[...I.. 00c0 - 57 27 c1 b7 42 ec 0f 13-b8 46 44 6e 03 68 e4 f6 W'..B....FDn.h.. Start Time: 1741924513 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4027C063E37F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIG8RHQm5n4/5huf0Bu561uV8JRaGxRmp00TMv+7lXTDr BDDQiVxAUX1IetmS5mhpzg8F6Fq8fnNTKULGbnJFVgKwpLGNfKnAb7AdURHeeCAm wzihBgIEZ9OooaIEAgIcIKQGBAQBAAAArgYCBAHx8WKzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1000 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 69E95E071FC825BBD73341AE004D97D15119149AA9B2AF855E76968D84D1E586 Session-ID-ctx: Resumption PSK: 2A83C6C5937CCEBA1B6198A18BC56D95203A628DFA4DCBE53FF79813FB14E686B726D764064EA362E8CAB38B76708019 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 de 1f 1b 30 bc da 01-c5 29 c9 8a aa 51 f8 ca ....0....)...Q.. 0010 - 33 86 d1 c9 49 08 87 07-5a 5c 6e d1 c3 4a 7c 03 3...I...Z\n..J|. 0020 - 50 0f 2a 2d 85 f9 a5 4a-a2 38 85 2c b9 39 40 87 P.*-...J.8.,.9@. 0030 - dd 4a 37 c4 a5 19 13 fd-1e 8a 5a cc c7 3e b6 23 .J7.......Z..>.# 0040 - 0d 8e 89 47 2b 3f 38 05-49 fc 3a fd 5f 78 a3 6a ...G+?8.I.:._x.j 0050 - e9 b5 98 84 5a 5b b3 d8-3c d7 04 7a ac d8 1f 01 ....Z[..<..z.... 0060 - 02 10 8f 12 82 50 af 56-bb f2 3d db f2 b6 b3 5f .....P.V..=...._ 0070 - a9 c6 03 5c b3 7f 6e 4a-95 da 25 43 dc 21 6f 12 ...\..nJ..%C.!o. 0080 - e9 61 4c f9 0c d4 3c 79-30 df dd 34 70 e0 79 f3 .aL.....e....9... 00c0 - 6a 64 1d 11 6a cf a9 79-d3 28 b2 06 4d 44 4d 30 jd..j..y.(..MDM0 Start Time: 1741924514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 86EF4170314D17F6D3ABAF5A48AAD99A61B596A296410A45E3CEDCBC1653CEBF Session-ID-ctx: Resumption PSK: 080BFDB6CB475298467339BB848A0D0FE3640B2F658BED3497BE72E0200FF8FFAC9A626F6DB13194CD4D2BD529160A31 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 de 1f 1b 30 bc da 01-c5 29 c9 8a aa 51 f8 ca ....0....)...Q.. 0010 - 1a a2 5a b2 87 4c a0 cf-cd 72 db 33 15 cb 75 44 ..Z..L...r.3..uD 0020 - 2a 5f bb 94 f3 04 f2 1c-03 51 0d 46 46 e9 92 f3 *_.......Q.FF... 0030 - 7d e7 39 2e f8 93 fe d7-4f 5f 38 21 a9 d8 47 4e }.9.....O_8!..GN 0040 - cd c3 f7 6c ed d7 48 2f-fe c5 dc 08 74 74 f5 ed ...l..H/....tt.. 0050 - 6c ff 29 59 b2 dd 5c 9e-78 08 97 94 b0 5e 44 44 l.)Y..\.x....^DD 0060 - ac 32 67 16 b1 ba 00 19-ab 94 7e 57 45 59 72 b1 .2g.......~WEYr. 0070 - 9c 1f eb 21 af f9 a1 b2-ba e2 32 de c4 b0 fd a2 ...!......2..... 0080 - 11 b8 f6 8e 8b 44 4c 6e-83 52 0a 7c eb d3 b0 d0 .....DLn.R.|.... 0090 - 52 69 3c 0e 6c df 91 cf-7b 63 dc a8 34 f4 46 3d Ri<.l...{c..4.F= 00a0 - 48 04 49 8c 52 19 7e be-c0 19 5b a8 95 17 04 94 H.I.R.~...[..... 00b0 - 18 fb 83 eb 46 91 ce 7e-c3 11 72 f4 c8 38 1c c5 ....F..~..r..8.. 00c0 - fb c0 7b bc 43 1d e2 76-f3 d4 af 25 58 ea 80 56 ..{.C..v...%X..V Start Time: 1741924514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40274FF4DF7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIL6j4ROeeKa5k1Nm85ciCNplF6Izd7Fm/rSMQyziA2lT BDAIC/22y0dSmEZzObuEig0P42QLL2WL7TSXvnLgIA/4/6yaYm9tsTGUzU0r1SkW CjGhBgIEZ9OooqIEAgIcIKQGBAQBAAAArgcCBQCEo0AoswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:15 2025 GMT; NotAfter: Mar 14 03:54:15 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE1WhcNMjYwMzE0MDM1NDE1WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAApSqJK31uIg0XYlBt3hUQ02u7R5sOP8lIqY/nbiF8ado4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFHSorGvXByslIN/xXv2/rxpgjKK2MB8GA1UdIwQY MBaAFA9utBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQBBK3yt 6KpRN80SNzwRVGOanzcwvmIFnlBrQFx3jJ62kqKAIivFH4pYBjERB+CxMFMWxwGg QmiSKgVh11Rgcrr38fIjg8w6tPc1zyrv6EZ9Lfq1JPO3vKurq5zOlydC7HY/Pndq JefvvBJRP1iHzU7y8nNvCK3Y2QFNhah2bzskRMuCcx8jeWF8O+l2YLJoXY4Gg75K /0qjhs3vPuzXCqLm8065yMkNMj0AZcM6FuV/y9qDjABkZ5Sz/3iF3iXCY+fKKyLh wz2ZqFG7OLxoCg5tNg1Xvtd+DkT2QOOy6whJrS+bw++BGyXy5KAQopkmuCSlvIyJ eWv+b5lrKaL+pRls -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9ACBE8D4F8F2FCAD84EC94D09D11C013D1EB88927005AD16DB4F1545A02BECEB Session-ID-ctx: Resumption PSK: 6793525D172D6E6DBFC27AAAEA8D43A3738423819A074D84B4DF905D4EE04E4EBC74CB8B923317EFB65B0CAF17E366A5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f3 79 30 ec 52 48 6f 07-0e 46 b1 36 b8 3f 07 7a .y0.RHo..F.6.?.z 0010 - 0a 76 40 3c 1c a6 e0 1c-36 94 9d 91 c3 ce 8f e0 .v@<....6....... 0020 - 12 3b f6 cf 0f d1 93 be-94 13 21 95 c0 32 05 74 .;........!..2.t 0030 - aa f5 12 59 9a bb 32 8e-ba e0 dd c8 ab 58 97 14 ...Y..2......X.. 0040 - 33 39 86 be 78 ff 6f 80-8f c7 a5 7c fa 10 9e 47 39..x.o....|...G 0050 - ce 9e 5f 67 ba ef 75 b7-2c 4f 61 69 ba 93 71 d8 .._g..u.,Oai..q. 0060 - 0c 4c 79 a5 6d e0 aa 21-50 7f c4 2e 62 04 c7 6d .Ly.m..!P...b..m 0070 - 2e c1 e6 e8 85 16 54 08-79 4e 64 b8 2c 0a b7 0b ......T.yNd.,... 0080 - a4 92 c1 61 d5 bd ce 23-93 7d 01 a9 b7 ad 0d 94 ...a...#.}...... 0090 - b2 53 11 3b 0a d0 f8 0b-17 ad 69 dd fb de bf 82 .S.;......i..... 00a0 - 0b 40 68 76 37 12 b8 93-58 12 be de f2 9c b5 cb .@hv7...X....... 00b0 - 80 a0 36 77 77 66 aa f9-0a 9d a8 54 14 e2 9e ed ..6wwf.....T.... 00c0 - 44 c0 1a 28 8f 64 9e 27-62 f1 00 a6 d7 d2 7d 05 D..(.d.'b.....}. Start Time: 1741924514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 89F6C3A61E7106080D4E2A2EBEDDEC5478FCCDFC521C3D5DA73FE5D716DC7D2D Session-ID-ctx: Resumption PSK: 7AB98BEA6EBB241042FBD8EECAAC86CEAE5FCE03AE5930FAA92F4EE4802C4315CA4D5D53F99FD39499AAC85636B01D36 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - f3 79 30 ec 52 48 6f 07-0e 46 b1 36 b8 3f 07 7a .y0.RHo..F.6.?.z 0010 - bc e7 8f 3f 2b 54 4c 0a-dc d1 29 1e 5a 03 60 a3 ...?+TL...).Z.`. 0020 - c1 e9 9e ec bc a5 a4 5f-81 8a 4e 66 52 5d 6d 9d ......._..NfR]m. 0030 - c5 00 e1 ba fe 95 1f 2f-9a 63 5e 6b 4e a3 29 4d ......./.c^kN.)M 0040 - b7 e6 4d 80 7d ca 17 bb-8f 61 38 57 5c 89 10 8e ..M.}....a8W\... 0050 - 9e b4 08 cb 58 73 ef 40-33 bb 97 72 20 b5 3b 92 ....Xs.@3..r .;. 0060 - a5 99 0b ce 1a 88 56 3e-77 d0 af c7 42 fd ba f5 ......V>w...B... 0070 - e5 c5 95 2b 6d 0f 5c 2b-15 cf 47 ef c3 3f 66 d4 ...+m.\+..G..?f. 0080 - 81 5b 1b 58 0e bf f8 82-b5 67 98 de 08 06 12 e1 .[.X.....g...... 0090 - a0 56 e6 54 97 70 8f 89-0c c4 5e 66 c2 cb 8e eb .V.T.p....^f.... 00a0 - 6a 8e 77 ff ea b9 e0 8b-9b 44 7a d7 84 3a 45 d0 j.w......Dz..:E. 00b0 - 0f 6c 3e 00 72 fa b1 66-ce e9 6b 21 dc 98 a6 95 .l>.r..f..k!.... 00c0 - 49 c9 58 56 dd 36 d6 dc-ff e2 4e b5 ad 2b 16 f2 I.XV.6....N..+.. Start Time: 1741924514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40077DB8897F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIF+Vc5UC9FMiqWjm5ffJGk8NJUa1G4/3JFlyut2dh7IF BDB6uYvqbrskEEL72O7KrIbOrl/OA65ZMPqpL07kgCxDFcpNXVP5n9OUmarIVjaw HTahBgIEZ9OooqIEAgIcIKQGBAQBAAAArgYCBGKiC92zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:16 2025 GMT; NotAfter: Mar 14 03:54:16 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE2WhcNMjYwMzE0MDM1NDE2WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgBPCkiiiNXN8xKSfOeLRPvjyCbFOHcM4WuitTttZBw62eEXI/9Ag2a/fpQ2lVzx 4NgCQNdCRFCARQCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU/QSYxSwO ItEZDxh/4oX0efJjgxEwHwYDVR0jBBgwFoAUD260FbL04wx/g3lsJQNJntk6NnEw DQYJKoZIhvcNAQELBQADggEBAGRSSuRuCNFy9OxTxDxhMqlPMqyEymba80MvPTAs dCD1ZyK1VLrguJOSD23e6z1zmzM9c88B38gqrOAoruFd1bzyqQfl6q4ZkDgMUy2e oIlr6Vr7WTc74MMjtZwuhPhzMuLEEtnR0iue76+Ufn9A8KIb1obajbWZoUnVC9a+ V5yufbpHLOvW13sZkoCO/34TI6tlX4bkSitwWc/GJQSnFs8sjhtBeqah8TJz3X/f vQ0OG0N104zdRyvhgSy4sQy74kNhOFlbcWD51KuTH5NHirCAJas70CHnV3WXKoia FvcAYGS10LA2kA+LD3HQhTJGIt/T8VaognHFlXqQOcah7gM= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: E638D1B17AA1F7B22E3F249EC7B74AF3E458F531DE1F8108D0E19EF04263608F Session-ID-ctx: Resumption PSK: 30F4D0D41D23F36DFF216BA21634E36EFA7DC85A84CC9AD07136A4C7704C7A50B2D037DDEA11DE6673F2DEDD84B4A0D2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 7d 03 6d 50 3e e9 03 46-d6 39 24 4e 7d 67 ec 8b }.mP>..F.9$N}g.. 0010 - 2a 4e a4 00 e4 60 19 68-de c2 eb b2 67 d1 31 d4 *N...`.h....g.1. 0020 - fe 8f 74 32 d9 ad ea f9-35 c3 a4 d4 ef 70 59 18 ..t2....5....pY. 0030 - 38 a0 ad c4 b3 18 b3 de-c5 54 37 88 d8 44 8e d3 8........T7..D.. 0040 - 8b 97 16 be 6e 9c 47 d3-3a 18 19 d6 0c 57 3b d3 ....n.G.:....W;. 0050 - 50 eb f5 4d cc 49 5b 6c-5b 8f 6d 81 10 3e a2 b7 P..M.I[l[.m..>.. 0060 - 6b 85 1c 37 57 21 97 4d-9e 36 5c b4 11 96 45 aa k..7W!.M.6\...E. 0070 - 14 62 7e 37 30 44 9c f4-33 eb 98 be 07 98 b0 08 .b~70D..3....... 0080 - 15 07 f4 46 71 86 a6 7e-82 e8 04 44 73 a6 86 af ...Fq..~...Ds... 0090 - 37 1a 2a d1 37 21 b0 1a-a9 45 c9 32 0b 95 87 73 7.*.7!...E.2...s 00a0 - f5 0c 89 76 d0 48 78 58-80 05 44 b1 a7 37 f9 42 ...v.HxX..D..7.B 00b0 - 40 10 9b 0c ed 4d 8a f7-b9 7f 83 a9 6f 32 50 0b @....M......o2P. 00c0 - 79 81 6e bc d6 0d 71 cf-f9 11 fa d8 4f 13 88 33 y.n...q.....O..3 Start Time: 1741924515 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: E2805A7BBD37FC1C2D306AD3285639FEA94E0FED999001DDF66EC471F2D5A843 Session-ID-ctx: Resumption PSK: A4BD18261F7E6EFAFEFE276ED5A7DC02BCBEB6EC82D5D33313C2BAC95BBAC2CB63615FA77D7EAC992A0AD375EFAF4E78 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 7d 03 6d 50 3e e9 03 46-d6 39 24 4e 7d 67 ec 8b }.mP>..F.9$N}g.. 0010 - d2 0b a5 45 90 4b 3d 98-d8 b3 72 0d be ff 06 cd ...E.K=...r..... 0020 - 01 38 d2 15 c8 ce aa 0d-98 87 15 89 3e 40 50 c6 .8..........>@P. 0030 - 9c c0 32 15 11 ee b7 c2-a0 e7 c7 ef dd f0 d6 cb ..2............. 0040 - 86 fd 36 fd dc 76 ba 94-d0 85 ac 3f 5b cc 75 db ..6..v.....?[.u. 0050 - a8 d5 1a 99 9f 29 f6 d8-65 f7 08 b8 96 ec 2a 73 .....)..e.....*s 0060 - fb f5 c7 cc 5b ea b6 61-d5 91 4c 39 ea 77 36 1c ....[..a..L9.w6. 0070 - 3f 6d e1 09 39 17 20 0b-59 24 24 c5 a6 e4 41 56 ?m..9. .Y$$...AV 0080 - 12 7e f4 26 3f 45 38 bc-c9 1c cb 94 f4 1a c6 fb .~.&?E8......... 0090 - b8 18 25 9b c6 9d fd d3-b5 3a f8 1c 75 58 74 b6 ..%......:..uXt. 00a0 - d3 d4 7d 62 2a e5 ad 63-60 4f 70 2a c5 a2 cb 71 ..}b*..c`Op*...q 00b0 - 3d 0f 48 0a d8 77 6f 3f-7a 4c c1 aa a7 0c 03 3f =.H..wo?zL.....? 00c0 - 21 04 ef f4 20 34 cd 4f-30 d6 1e 10 a8 de 3c 06 !... 4.O0.....<. Start Time: 1741924515 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40873A2F007F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEICQa0WtEkPb7Xt0RPEQCaYKgO5/4bPc7b85SvRa8v3zP BDCkvRgmH35u+v7+J27Vp9wCvL627ILV0zMTwrrJW7rCy2NhX6d9fqyZKgrTde+v TnihBgIEZ9Ooo6IEAgIcIKQGBAQBAAAArgYCBCLqVrezAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA TLS SUCCESSFUL Q Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 8D51EC91BA33BC03551279A3B31E9F970CCA1B9CDDC24519BC112A885A509D8B Session-ID-ctx: Master-Key: AFF77F9D43002F7203147FFFD6B0252E2FBA4ABE7B09B269FCEC231AFE28198453F05C62CD59F54F8CACA55D2F0ADA06 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d9 88 13 a3 de ee 4e 08-b0 23 5c 31 e8 45 c1 0f ......N..#\1.E.. 0010 - 69 52 cf c6 26 be 43 42-17 d9 64 ef 23 98 bb 31 iR..&.CB..d.#..1 0020 - c9 24 d1 05 cc 58 08 8b-e6 78 fa 36 05 6c 7d 71 .$...X...x.6.l}q 0030 - c5 70 8a b5 d8 c3 56 90-9b f0 55 9b bf 22 d4 23 .p....V...U..".# 0040 - a3 0e ed f6 e4 84 d4 fb-17 3c 30 04 f7 e7 f8 8c .........<0..... 0050 - cc 86 c6 1f 4e e5 c5 af-b3 26 18 b8 3a a1 62 55 ....N....&..:.bU 0060 - bf 5a 12 08 c9 55 2f 8b-b1 cd ea 82 55 47 70 b2 .Z...U/.....UGp. 0070 - a0 23 cb b1 77 fc 41 ee-62 e0 fc 9a 79 a4 2a 5c .#..w.A.b...y.*\ 0080 - 51 de d7 e8 e4 ee 81 f7-4e ba 2b eb 9a 05 38 e1 Q.......N.+...8. 0090 - b1 12 97 e7 b7 18 98 5c-6b 1e e4 04 59 2a ec 53 .......\k...Y*.S 00a0 - 1e c6 81 14 0d 77 69 3a-d6 e0 22 6b f1 92 fe 92 .....wi:.."k.... Start Time: 1741924515 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40275BA45A7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDCv93+dQwAvcgMUf//WsCUuL7pKvnsJsmn87CMa/igZ hFPwXGLNWfVPjKylXS8K2gahBgIEZ9Ooo6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4EC4D28AA78E35F8F0F7BC6489CA276DEED98EF84E9F68BA13E85A2AA63F51AF Session-ID-ctx: Resumption PSK: F80FD98E846AB3A7903BB40747F1CD8688162CAD19ED82C4810F53AC778BF612224F5CFB2A56C711EF24622C519DB6CF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 31 52 0b f4 aa e8 80 1b-e5 b8 60 17 d4 c3 5d 10 1R........`...]. 0010 - 63 75 2f 8b af 03 f3 09-da b1 f5 08 43 22 06 fc cu/.........C".. 0020 - 57 80 7d 45 e6 86 81 ca-c5 3b 3b 94 52 ef 7f 6a W.}E.....;;.R..j 0030 - 76 e1 74 47 6a 48 28 6c-e4 51 75 43 f4 23 4d 0c v.tGjH(l.QuC.#M. 0040 - 06 cf 0d a1 44 85 6c e7-4a c6 e0 61 fc 0c 0d bb ....D.l.J..a.... 0050 - 0d 4a ee 52 2c f5 15 22-57 a2 dd 42 7e 70 85 9b .J.R,.."W..B~p.. 0060 - ee cf 13 dd 44 a4 25 f4-6a a0 d6 6b 07 28 77 72 ....D.%.j..k.(wr 0070 - 4a 74 d3 ef 87 22 96 1e-ea a7 83 a7 29 4d aa 66 Jt..."......)M.f 0080 - e7 64 5b 57 29 6a 54 d2-44 0b 11 d3 ad 65 bd 6e .d[W)jT.D....e.n 0090 - 51 9b ad 43 af b8 6b 8d-71 63 d3 45 05 fe 19 09 Q..C..k.qc.E.... 00a0 - 57 47 f4 21 13 5d ae a6-6b 15 3a c9 ff c2 f7 13 WG.!.]..k.:..... 00b0 - a3 7c 58 ca 66 78 5e 15-9b 28 56 bb aa c1 8c 35 .|X.fx^..(V....5 00c0 - 0e 8a 9a 12 5c 2f 32 33-49 3d db 1d 2c b2 03 4a ....\/23I=..,..J Start Time: 1741924516 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 961428071D8F807359F3CC7A59D9D2F5A688061EE49144624F5088E62411B7DC Session-ID-ctx: Resumption PSK: BD4A6D590FA14166EB87F9810CB3DEFA9D461764C8E41B312667FB874EA836C117CF837612C3411BB725F81D75DBA72A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 31 52 0b f4 aa e8 80 1b-e5 b8 60 17 d4 c3 5d 10 1R........`...]. 0010 - 14 29 65 29 09 aa 7f 8b-f2 61 55 5d 63 75 66 52 .)e).....aU]cufR 0020 - 14 ff f5 6f 9b d2 2c 02-ee 90 eb 2e db 3c 15 1a ...o..,......<.. 0030 - 06 e5 fb 76 50 6b 55 1d-8b e3 7a 1d bd 26 6a 7a ...vPkU...z..&jz 0040 - 5e a8 17 c7 87 36 63 e5-de 39 e9 e4 43 87 d2 72 ^....6c..9..C..r 0050 - 2e 4e 17 0c c3 0f 95 16-98 02 b0 38 ce aa 21 41 .N.........8..!A 0060 - 17 27 4b bb 61 44 f9 b4-9f fb 99 0f 2b 71 f0 3c .'K.aD......+q.< 0070 - aa 37 1e dc ce 54 bc c0-1b 35 10 8b be d9 58 75 .7...T...5....Xu 0080 - ad 5d 71 ed 71 ff db bf-1c 56 ec 08 09 ce d2 64 .]q.q....V.....d 0090 - e0 8b 62 08 bd 41 99 a4-84 cf 6d 76 c6 53 1a 77 ..b..A....mv.S.w 00a0 - 9e d2 2b 73 4a 4c 2e 91-78 72 58 14 dc 97 dd 2d ..+sJL..xrX....- 00b0 - 78 52 e1 97 39 90 46 06-c1 12 7d 27 a1 25 1d 2c xR..9.F...}'.%., 00c0 - 3f b5 71 f0 bb 1a 9a e6-50 86 8e 81 46 aa c5 d4 ?.q.....P...F... Start Time: 1741924516 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4027BC3E3F7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIFByUfiiLP3Zzj9NPaS4XmMLU+6JK7uWIQUoS4jb8K4q BDC9Sm1ZD6FBZuuH+YEMs976nUYXZMjkGzEmZ/uHTqg2wRfPg3YSw0EbtyX4HXXb pyqhBgIEZ9OopKIEAgIcIKQGBAQBAAAArgYCBB+MHjGzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1085 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 0860EF01EA1A660A373275A92EDE664493BEE7986F0086A69EDA62F7E69CD485 Session-ID-ctx: Master-Key: 337463DD118687AA1687AF47A4FF9F33B9CA2210A7CA415B80F79C455853D371C3B2303A760B8A95A85109E505397E0A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8b f4 59 59 01 0e ad cd-36 64 84 f3 8e 8f 37 8b ..YY....6d....7. 0010 - 99 20 b4 01 39 a1 d5 e8-01 72 70 54 08 d4 73 39 . ..9....rpT..s9 0020 - 94 c7 d0 fc ed 9c 19 be-f6 6b 4a 3d 7f ac a7 ad .........kJ=.... 0030 - 67 d1 ff 40 81 24 11 81-85 54 a6 3f cb ff 5f 63 g..@.$...T.?.._c 0040 - 9b a1 21 eb 65 fe 0a 76-69 24 1e 43 3c f6 c3 1a ..!.e..vi$.C<... 0050 - 3a f6 a1 e7 bf a7 9c e9-e5 c0 1f a1 57 f1 ae 00 :...........W... 0060 - fe 56 da be a4 62 c8 12-1b 1b f6 40 d2 4b d0 bf .V...b.....@.K.. 0070 - 02 1e f7 f3 ab 0b 22 63-f1 93 fb 00 f2 16 d3 a6 ......"c........ 0080 - a4 7d 27 e8 77 ea 81 4c-4a a9 8c 0e db 7e 5c 2e .}'.w..LJ....~\. 0090 - 95 fc 45 21 7a e0 a4 fa-fd a2 ad 78 9b ca 70 4e ..E!z......x..pN 00a0 - 9e ab 52 9f 9f 71 d7 62-8d 59 5a bf 9d c3 4c c2 ..R..q.b.YZ...L. Start Time: 1741924516 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4087FC831F7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDAzdGPdEYaHqhaHr0ek/58zucoiEKfKQVuA95xFWFPT ccOyMDp2C4qVqFEJ5QU5fgqhBgIEZ9OopKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: E38B933B0A40386A78222124E76CB9EAA50B5649789507BA5F6599D8DDFE4C9C Session-ID-ctx: Master-Key: C7AC0557EE1A055CA5493E1A4D5DD2B44CF90979B193661ABD3D34C0B2B397039CEC826277F3E02E61F3FCD1082683B8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ac c8 28 93 99 03 e0 a0-f8 0a 85 18 bc 26 8e 54 ..(..........&.T 0010 - 75 8e 92 a7 50 d0 22 65-b5 7c 66 b6 0d dc c9 27 u...P."e.|f....' 0020 - 96 35 67 93 3f ff 7f 35-9a 01 3d be ec 18 e0 85 .5g.?..5..=..... 0030 - 61 72 8b 7d a7 0c 7a 45-21 8f d2 a1 50 78 71 08 ar.}..zE!...Pxq. 0040 - fd 60 a0 de fb 05 b0 8e-41 56 d1 38 2b 19 a3 94 .`......AV.8+... 0050 - 23 48 bd b2 59 f0 a7 b6-48 52 5f 41 1d 6a f8 01 #H..Y...HR_A.j.. 0060 - 33 e9 e9 1b e2 b0 ff 39-73 57 a4 8f 16 1a a4 ed 3......9sW...... 0070 - 1a f2 3e 29 a5 e0 8f 62-ca ab 31 66 17 f0 c4 bf ..>)...b..1f.... 0080 - 66 fd 2b de 6d 8d 7d 21-1b c2 bc 60 da c4 f8 78 f.+.m.}!...`...x 0090 - 31 8b 44 86 88 87 d7 a8-be 4c 48 99 25 a2 ef f6 1.D......LH.%... 00a0 - e6 cd 6b 90 05 18 be 17-9b 6d ae 0f 5e 1a 49 cc ..k......m..^.I. Start Time: 1741924517 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40D7D6652B7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDDHrAVX7hoFXKVJPhpNXdK0TPkJebGTZhq9PTTAsrOX A5zsgmJ38+AuYfP80Qgmg7ihBgIEZ9OopaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1059 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4F0EF8693607DFBC4193E8CAD5000EBC56CACB36827A98FD515EF247A2C43D91 Session-ID-ctx: Resumption PSK: ACCEE27240B038DDFA4CC5E85440E31994CAB1B4D31CEAC66772E7C7C5F53462B64C6AE52421E3BBD2732EB5B55A78D8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 63 2e 4b cd d3 28 23 65-2e 79 9e de 62 11 10 be c.K..(#e.y..b... 0010 - 1b d1 0c 02 0a b2 af 39-66 29 69 5d da e9 90 af .......9f)i].... 0020 - ae f7 05 e0 81 8c b6 01-9a f7 0e 53 8a be c2 50 ...........S...P 0030 - 15 d6 63 5d 11 71 d0 18-09 6c 39 a6 df 34 0c 75 ..c].q...l9..4.u 0040 - 46 39 91 94 33 4a 57 d8-67 d9 d1 ac 6a 50 53 a8 F9..3JW.g...jPS. 0050 - 5d 2e e4 1f d1 8d 80 b1-28 5b bd f8 68 2c 10 92 ].......([..h,.. 0060 - 7f fb 32 58 a5 82 8f 5c-f5 7f 7b 4b 38 3f 20 bf ..2X...\..{K8? . 0070 - 07 0b ec e3 a5 55 c4 23-56 31 67 9f 4a 79 1b 76 .....U.#V1g.Jy.v 0080 - d3 20 2e 01 e7 00 a2 1e-ad b2 7f 82 3f 4d eb 04 . ..........?M.. 0090 - f8 84 09 cb ef 90 45 16-ec 2b 70 e0 5b e8 bc 5c ......E..+p.[..\ 00a0 - b7 df c6 ec 25 e3 9b 2f-c5 24 2e cb 04 62 4d 7f ....%../.$...bM. 00b0 - aa 99 ae 2d 7e 44 7b 2c-2d d9 2b a7 23 aa aa a3 ...-~D{,-.+.#... 00c0 - 64 83 e9 fc 27 37 d5 66-72 6f d6 f7 2d c2 4a 6a d...'7.fro..-.Jj Start Time: 1741924517 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 54A7C82B5DD15B55C50C5032687D76C2DBC4F3A56C20F6B288D504AA2555A3A5 Session-ID-ctx: Resumption PSK: 793BD9A0CC7CA82E1F1FE8250C65892237A2C3B5221B168559C71AD71DC7C9D73856A862594292B8C58D4814AD727171 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 63 2e 4b cd d3 28 23 65-2e 79 9e de 62 11 10 be c.K..(#e.y..b... 0010 - 85 68 59 99 93 51 11 38-8f 8d 5d 13 08 fb 83 42 .hY..Q.8..]....B 0020 - 44 cd 04 fa 65 8f 69 e0-ce 78 7d 23 72 ff c2 b7 D...e.i..x}#r... 0030 - f2 dc 95 84 be 76 12 97-93 1d b7 a6 be 3a 14 ca .....v.......:.. 0040 - 02 b6 67 38 af f6 6b fd-9e da 5a 81 62 09 5f b0 ..g8..k...Z.b._. 0050 - 05 83 09 c5 a3 7e eb f0-6e 68 09 d3 40 ee 58 d6 .....~..nh..@.X. 0060 - 9c f0 6b fa d7 a2 9a 8b-02 a8 e8 25 d3 4a 8e 29 ..k........%.J.) 0070 - dd 42 9a 85 d2 67 e4 67-86 c9 8e f5 a9 17 50 49 .B...g.g......PI 0080 - 5f c1 36 72 e7 bd e5 76-c9 7c 53 86 95 7f f6 42 _.6r...v.|S....B 0090 - 39 bb e0 23 0d 18 aa f9-97 7e bc 7a 87 1b f7 78 9..#.....~.z...x 00a0 - 3e 08 21 80 3a b5 a6 8c-ec 4f 66 42 d6 45 12 19 >.!.:....OfB.E.. 00b0 - b0 2d 57 a2 bd 73 61 8a-b8 1c 33 31 1b 23 29 44 .-W..sa...31.#)D 00c0 - 03 15 c6 60 bf 7e 71 37-8d ae 0b a5 c1 19 42 88 ...`.~q7......B. Start Time: 1741924517 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A71231827F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIBvIGjvjTeMKEjYxS3RphFH5xPTYI+lPsy33EU+TCIWu BDB5O9mgzHyoLh8f6CUMZYkiN6LDtSIbFoVZxxrXHcfJ1zhWqGJZQpK4xY1IFK1y cXGhBgIEZ9OopaIEAgIcIKQGBAQBAAAArgcCBQCbggfxswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A1E4830B6B99AC161F5900641B2BC85A9C18A5B545444A8E3B16B183B68E8252 Session-ID-ctx: Resumption PSK: 1B0CA3B795036F7D765EA88898C83BF4EEED058DB1AA0CAE4B89CDB47BEF08AB0091EAB2889D7FAA4FDD6B8E6EA619C6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 02 35 20 a7 2c 6e b6 3d-2b 60 08 c5 39 0b ad 56 .5 .,n.=+`..9..V 0010 - c9 92 56 27 eb 15 35 3d-32 58 22 63 9f ff 66 a4 ..V'..5=2X"c..f. 0020 - 02 c0 36 a1 43 78 c8 a6-b6 fa 87 d3 43 a6 e7 47 ..6.Cx......C..G 0030 - 01 e7 4d b0 d3 34 bf 79-33 a4 19 ef 8e 6f 92 44 ..M..4.y3....o.D 0040 - c9 3b 2e db 90 80 79 2c-70 84 a7 0c 62 e7 2f 2a .;....y,p...b./* 0050 - c8 5e ca 6c 4a 31 e5 a9-7d 0a 30 e0 3c 36 fc 36 .^.lJ1..}.0.<6.6 0060 - af e6 b1 f1 ca e6 9f 3c-0c dc ac 2e b6 c3 bb 5a .......<.......Z 0070 - 28 f7 32 43 28 e5 3e 97-03 39 27 13 fb b8 d8 39 (.2C(.>..9'....9 0080 - 14 02 e0 2e 69 10 5d 5b-14 78 a6 18 36 cd 51 0b ....i.][.x..6.Q. 0090 - 38 c1 23 07 76 44 24 ab-41 ef 52 de 24 33 16 01 8.#.vD$.A.R.$3.. 00a0 - 76 fb 2c ca 82 4c 8a 9b-c3 14 de c8 30 7a c4 cf v.,..L......0z.. 00b0 - 78 eb 3d 06 c3 ea 19 5b-db f0 f5 30 8a 3f b6 0e x.=....[...0.?.. 00c0 - 69 0a 8d 55 34 f0 37 c6-e4 b0 dd d4 ab dc d5 31 i..U4.7........1 Start Time: 1741924518 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 317DAFE243ECFDE8E53B19E65733BE49E79F52CF4EE311E10DDD774DD4DA725E Session-ID-ctx: Resumption PSK: 074B9280D808A7C1619854C4D3FFF1166102DA9528E8CD1BA39F11DFAE4CE0BC1DC2960200E96515C79CF6DD46906C56 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 02 35 20 a7 2c 6e b6 3d-2b 60 08 c5 39 0b ad 56 .5 .,n.=+`..9..V 0010 - 05 68 19 55 25 e7 7c f7-0c e0 dc b4 0d 9b 91 bf .h.U%.|......... 0020 - 70 78 d6 04 d6 af 6f d6-02 c6 7c 70 ea fd 00 84 px....o...|p.... 0030 - 87 6a b9 a8 74 a6 f2 6a-5a 2d 83 5b df 96 95 14 .j..t..jZ-.[.... 0040 - ea d4 68 c6 60 0f 03 4d-78 27 c1 07 e8 ba 56 2c ..h.`..Mx'....V, 0050 - 29 de 47 02 87 be c0 59-b7 fa ad 06 92 ae 6e ba ).G....Y......n. 0060 - 39 26 2d f3 23 33 98 2b-7e 4a 7f dd 4c 1c 92 f3 9&-.#3.+~J..L... 0070 - ec 03 cc 96 70 bf 8d 6e-1b 36 fa f5 43 95 e0 20 ....p..n.6..C.. 0080 - b7 04 60 bf af 4e 1b 26-84 fb c3 96 75 3e 94 73 ..`..N.&....u>.s 0090 - 7c 21 40 b5 0c e1 9a ac-b9 41 24 2a 2a 4a 95 43 |!@......A$**J.C 00a0 - 1e 7f eb 5d 53 94 fc 62-5c 04 a6 ba 56 cb 73 41 ...]S..b\...V.sA 00b0 - e8 b8 17 01 1c ed 78 78-d7 ee 44 03 c6 a7 75 a5 ......xx..D...u. 00c0 - 19 db 05 a6 c8 ad 54 d5-e6 05 17 df fc 4b 77 4e ......T......KwN Start Time: 1741924518 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40079025567F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIOVOmDNW+ftZd2bLW60GLNY2nPGoACvZELsixnBd/dyp BDAHS5KA2AinwWGYVMTT//EWYQLalSjozRujnxHfrkzgvB3ClgIA6WUVx5z23UaQ bFahBgIEZ9OopqIEAgIcIKQGBAQBAAAArgcCBQCjXko6swMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 14 03:55:18 2025 GMT; NotAfter: Apr 13 03:55:18 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUFDYT4kDDt/Yete1J5Yc44co7N7QwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzE0MDM1NTE4WhcNMjUwNDEzMDM1NTE4WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQCkTOyYoec+hb77XZcR Kak3959dovYgJAaazVE6tOvSa1waFZxLf1PflXnlpStulNTrjbOm4JFnuyp45eCd Tnjmmw/7D1RJWiLqxVlGKEhbA6QVJI8hBTax8dGiagHtnJcnPN65Z+Cj5CsoaHRP YsNuAHhRPTGhFBVLnhegIrwmzExXUMXHPkFTudm+Cpdl8KKBVvtKlRUaf86IkKlt GuHxTyGlwZ36Zv2Ap/ZGjhDA5kSxO1uF5TQDFxDPL+t7vrJcetrx9+KT7csbe4qw rjolVn3P1hbEBvBEiOEXCmPDBOU1RYHSqTZVt/e/ClPx2kp4zp+HGgsLtxy3Lste nCOzAgMBAAGjaTBnMB0GA1UdDgQWBBQPcdPtkyS3ZbTScN7MXTrMetPGejAfBgNV HSMEGDAWgBQPcdPtkyS3ZbTScN7MXTrMetPGejAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAT7M40Rg5nalj jWbk8Y9NkgrwShpzrKKTXK2ynhXKTnW5VSNuxvkzw7a710WUJ3mHwLiPC33pyAWA Vx1FOzWjHC0iD909VO5qrFnjgD0SNqcmQnZykgrdJagv/XDOvsmKiYme2HbW/d/S 1ztOvXrxTxAZdfq/daZSrof2iWrDsIOXuFqfsGTRVLfqNYaQ2Yy2gpbUkaWvkQKB 12hgLSDWY39MczBH15jmL1jr1YXKF45NBtr5KiWzo8C+XvCNUHhOs65VDmMraVvn tK8jYy5CzjeobwgzvLjkTtlihzYLQePasUUHOtgSTu6rfQjFB3Ojs72DFv10pF1b vNPHpDaPRA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 71BD843E6AD158ABBA2177DB06DEE6DE11F17B7802DAD179492035FB284C2D6F Session-ID-ctx: Resumption PSK: C465F47A5872FE657D280C8FCE3A70F3B2E4FC370FD99110A3CF99ED273E42D68D6712D933D723A8959F97E5FE1D9232 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fc 21 8d 26 14 81 bc b7-9f d6 c6 8e 96 bf 10 00 .!.&............ 0010 - dd 86 65 41 68 8c 07 87-85 ee f8 89 77 9b c5 e6 ..eAh.......w... 0020 - 09 36 e0 a2 90 01 fc 54-f4 4d 10 d8 2d d4 57 72 .6.....T.M..-.Wr 0030 - fc cf a5 a3 fd f9 ed a9-04 34 40 85 2b 8e 17 1a .........4@.+... 0040 - 51 4c d7 7d 3d 9e 34 3c-35 c3 e4 be 4e 0d 46 8b QL.}=.4<5...N.F. 0050 - 43 0a 8f 80 b8 81 b8 da-8f 9b 1c 5d fd 97 54 15 C..........]..T. 0060 - f1 8c 5c a8 11 0e c5 5c-74 33 1d d2 92 5c 92 0f ..\....\t3...\.. 0070 - 43 bd ca dd 72 c9 7c a1-2c e0 10 5f 43 be f6 f9 C...r.|.,.._C... 0080 - 77 99 c3 d1 32 a4 f3 c7-83 0b e2 8d 3f 68 80 ce w...2.......?h.. 0090 - b1 77 cf c2 e9 3b 2e 41-70 30 f7 01 f9 6f 06 b0 .w...;.Ap0...o.. 00a0 - 38 e0 50 32 1d 1f 00 e3-7b 01 02 c4 69 0e 59 b2 8.P2....{...i.Y. 00b0 - 8d b5 be c9 54 93 81 88-d5 00 f1 c1 87 f6 2f 16 ....T........./. 00c0 - 15 cd 0c b1 f4 8d 89 97-4e 1d 41 a0 18 1b 89 96 ........N.A..... Start Time: 1741924519 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AD97E3880DEF9FD2E610C9D6BFB9AD79E6CA6E588C5525CC1785BAA459188BAE Session-ID-ctx: Resumption PSK: DA71BC75DE0FF4D870FCF7A043A108C0E4A196E8A6DCD0EB81B085FBD442BE6D12C69813CCD0AE12F4F61024486BAF65 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - fc 21 8d 26 14 81 bc b7-9f d6 c6 8e 96 bf 10 00 .!.&............ 0010 - c2 67 79 4b 41 95 c8 aa-7b 42 2f 6c 09 0a 6f 16 .gyKA...{B/l..o. 0020 - d9 7a 80 66 e7 49 3b 70-7f 83 00 a2 43 cb 58 70 .z.f.I;p....C.Xp 0030 - 0e 9c f1 b5 74 ca 49 69-25 6a 92 29 34 8c 1a e7 ....t.Ii%j.)4... 0040 - 1f c0 65 f7 b4 2f 3a 1e-bc e8 23 60 91 3e 00 e0 ..e../:...#`.>.. 0050 - 43 6a 6c de 35 d5 a7 a8-65 76 b8 d4 63 0e 93 bc Cjl.5...ev..c... 0060 - f9 e0 82 15 43 88 db a1-7c d3 25 94 cd b8 00 36 ....C...|.%....6 0070 - 66 8e f9 89 76 a4 9a 07-f7 ed 84 14 a8 c9 d4 1d f...v........... 0080 - 9b 8a 79 cd 45 fc 38 ec-a2 ab d5 11 6d e9 dc a2 ..y.E.8.....m... 0090 - fd de f7 63 c1 f9 a4 08-98 87 52 5e 8f 89 75 b2 ...c......R^..u. 00a0 - f2 d9 20 7d 6b 35 d6 10-0c 75 c8 29 2c 56 2f e5 .. }k5...u.),V/. 00b0 - e8 3b fc ab 67 1d fb 0c-54 c8 39 03 4a 20 15 1a .;..g...T.9.J .. 00c0 - 76 83 db 9b 10 46 13 d9-6b 1f ba 54 5e 54 b8 e3 v....F..k..T^T.. Start Time: 1741924519 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40273FA7CD7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIHF0gVUZzZGbi80jkYaOwYhXlJRedLn1lkfI7Tzr3GmQ BDDacbx13g/02HD896BDoQjA5KGW6Kbc0OuBsIX71EK+bRLGmBPM0K4S9PYQJEhr r2WhBgIEZ9Oop6IEAgIcIKQGBAQBAAAArgYCBDVCNTSzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 14 03:55:19 2025 GMT; NotAfter: Apr 13 03:55:19 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUfaMnyEYDaQqxeYE2ktWyABReJK8wPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzE0MDM1NTE5WhcNMjUwNDEzMDM1NTE5WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwo40iZmHZHFrSiEzvip CySM1oXLn1wWzxKS71hm1iixPV1sBqqb4aWn5S7nIMlLluFvn/p0YqG2rSZxrl7e pPvFQNR7kejk2rbS9Hj/sEt7RdNkWH513rRIuxQPrgz7kvgsi6U6+ccZFGU3Xacw DtUqJTqmZyUHGAfpAdqlp/YGtAmBP4gcxWGoHhV6Y2jHtcyIWMUCnZ9mUYN+mhJX iRjW7EbKb9Bofmgvf4MuZTxnSDlbtROSQlaWXcboRfwaiRe3wQf6Sdg02CnBat5v 3XLx516brmca/612lI0nPv2I0P1WtGcIMGoZ0lJLe1shTSLTaZMiUt13RQAdvsST 8PWUAMd6dXRoktGtqPQU5qOUM3i7c7W5HgammJ1VvzA5fKAalQJK6eaiy+hQTfe1 EZekwi48xrCYdUF7wB1+J44mZjWo8hO5eDJr3wAfbTPC8HaQ9jL+5YUMrdZqIA1N a4LLdczxib7gVKqTLdkUQlNRqD1R1DpwZIZmGCU2Gmmr4ZRXpQIDAQABo2kwZzAd BgNVHQ4EFgQUEGW2Qp1953HDwdkC0MSB1DKKnLAwHwYDVR0jBBgwFoAUEGW2Qp19 53HDwdkC0MSB1DKKnLAwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAQ4JLPDQvwwhGbNsme9trG5OniCPtq4 WfsJiF7P//B9l+CzbXX0Y552Nb1dXHmQND7ZwYfXdhQpRewFkEtUn89j8xcNe6Q2 qheDNmLuGnQMhG3FKXVfr6aH0/C9ir0dFEboNQI4oRQDmOOJT5kWjJmgyJKEJhjM dl2kS9wh/eqQfIH85WeUa26uKstZRmN2VFugJ86/A0YokxoCMWNtgFHD6c6hiHIl wS87q5t768siQ/1XB7dmh9WXnFCrKck27BnyUOTGMp0kA7KOFMuB69bOFSEzijg9 YhxHQz+/OQEx68m1RzBqbMV/k42gO+jsXteokty386XTT54y07TYSTwyFTeecsr9 rVSrNGk4fMUdftcf6QNMyqYp0vyhPhbl57xIAKoqffsrXpfSYCLLytR1UOW+U75i F9EN1sIbSMPQeuoS3H0AsDy4O3OqNMn9KkUxL+S5nqAat82p1XSdWQYQ5jFgBA9S KFvvgOtyNV5qyHU8h5yK17CrtUvPMfl4SdiVZw== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0779C46C6A5E623A02F91A113B7274DCAA40246907AF74166FD7027133D302AF Session-ID-ctx: Resumption PSK: DE472B80FC2779A95D4D264183268930E8B99717A25F0843F824F4EDCE5B90BC0222313BAC7BF0946A9B8FE052933A7E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 26 46 35 02 59 6f db f2-83 f8 c3 9c d0 d3 f7 e3 &F5.Yo.......... 0010 - 68 92 d1 f9 4f 01 8d e9-38 4c 13 24 f5 da bc c0 h...O...8L.$.... 0020 - 4c 7d 77 5d 75 a2 31 5a-dd ae 7c a5 73 78 00 c3 L}w]u.1Z..|.sx.. 0030 - d5 fa b3 e2 14 7a ea 2a-d3 3e ef a8 ba 67 80 db .....z.*.>...g.. 0040 - 4a 08 7d f1 30 cd 99 9d-2d 7c f0 27 14 ea 83 b9 J.}.0...-|.'.... 0050 - 62 50 f4 02 57 79 37 4a-c6 44 31 31 4e 78 20 67 bP..Wy7J.D11Nx g 0060 - 7e a1 a0 b8 e9 96 a3 f4-76 07 c5 c1 60 72 5a 2b ~.......v...`rZ+ 0070 - 57 2a 78 0b 61 c5 d8 b4-3f 2b 5d 7f 0a 47 9c f9 W*x.a...?+]..G.. 0080 - ef 85 1f b5 16 c6 ec 88-c1 c2 51 c6 5e fb 56 33 ..........Q.^.V3 0090 - fc a7 72 a9 e0 26 4e 8d-82 5d fe 79 ad d4 51 96 ..r..&N..].y..Q. 00a0 - 3d c3 1c a8 93 0a 68 eb-6a 3b bc 30 00 18 18 68 =.....h.j;.0...h 00b0 - 5b e8 40 88 91 90 bf ed-e7 a9 27 e8 30 c5 b8 09 [.@.......'.0... 00c0 - 27 02 3e 10 c7 90 a2 05-72 b1 13 2f 38 ee fa da '.>.....r../8... Start Time: 1741924520 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: E8499DD0AFA2F2D67BCE0C7EABE7BDAEE12B26C3D0515EBF8549FDC8F1BB2636 Session-ID-ctx: Resumption PSK: 5E6C254A21795BE4966C7F467310E65C16B867036F6885AFDAB326CB2A100372A848A5467A3444EDA2790B59CFDDE004 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 26 46 35 02 59 6f db f2-83 f8 c3 9c d0 d3 f7 e3 &F5.Yo.......... 0010 - 0b f7 6c 6e 65 b3 b0 09-05 48 18 ef 64 dc 38 f9 ..lne....H..d.8. 0020 - 34 d8 0d d4 4e e1 1d 5a-be 21 eb 4c 41 31 54 c7 4...N..Z.!.LA1T. 0030 - 6c 86 57 81 ed 6e 9f ce-31 5f 0f ff 69 ff 09 c6 l.W..n..1_..i... 0040 - d9 e1 7d be 1d 65 f4 c5-92 d2 7e 85 ea 1d 4d 55 ..}..e....~...MU 0050 - d3 1f 3c a1 c9 28 35 51-64 39 5e b8 96 2a 36 af ..<..(5Qd9^..*6. 0060 - 1a a8 45 65 00 9f ef d8-b0 74 e7 1f a0 25 ed 5b ..Ee.....t...%.[ 0070 - b0 42 9b 17 93 d1 b1 58-0b 05 4a 95 b2 89 d8 95 .B.....X..J..... 0080 - c7 31 84 85 03 5a 98 60-75 58 a4 62 32 60 cf 31 .1...Z.`uX.b2`.1 0090 - ee 07 52 3a f6 f7 d0 fb-07 59 c2 14 a5 c5 e2 3e ..R:.....Y.....> 00a0 - c8 d3 a8 2f 10 1f 94 b9-6f 8c 05 84 75 b5 53 f4 .../....o...u.S. 00b0 - 0f e9 ef ca 0e 31 17 d6-88 40 02 a5 3b d9 5e 89 .....1...@..;.^. 00c0 - 84 37 27 ec 2a 37 3f c1-b3 0e 91 20 28 a4 26 b1 .7'.*7?.... (.&. Start Time: 1741924520 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40877E7E197F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIMtKHQJpilfNeENokyHJgyreApBGljrHsVJ4NzqggwQd BDBebCVKIXlb5JZsf0ZzEOZcFrhnA29oha/asybLKhADcqhIpUZ6NETtonkLWc/d 4AShBgIEZ9OoqKIEAgIcIKQGBAQBAAAArgcCBQDru0FIswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B2DE97550E8090DFC266A8548501677976ACF7953BFDD8897DF9BC889853A3B1 Session-ID-ctx: Resumption PSK: EEF05C8D6B37E4BE6AF0AE5EC26C5F3F707662FBDAFC19DB0A1B05FD9DAF4A9D7E2813A138AEBF4E6791DE2611CBD179 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 39 64 e0 89 0d 18 8c a3-56 4a 53 61 74 1c 93 43 9d......VJSat..C 0010 - 43 1b 06 69 70 67 3f b2-75 46 2c 16 29 5d a9 69 C..ipg?.uF,.)].i 0020 - f6 b8 c7 6c 49 28 cd 49-56 a5 fe 66 d1 77 97 66 ...lI(.IV..f.w.f 0030 - 26 64 a2 6e cb 0e e3 46-23 93 bd 58 bf 8d 9b df &d.n...F#..X.... 0040 - 32 f0 25 6c d3 f7 7e 93-0d 2f 6f 6e 62 2f 04 c6 2.%l..~../onb/.. 0050 - b9 57 04 f6 83 4a 35 74-46 36 ff 6d 8f ad 93 ee .W...J5tF6.m.... 0060 - f6 35 1c 82 96 6d f9 56-f2 d5 cc 18 72 c7 7d e6 .5...m.V....r.}. 0070 - 92 30 bf f8 2e dd a6 cd-16 5c 38 eb c5 8e 6d 44 .0.......\8...mD 0080 - 9b d9 df 04 07 eb ea 6e-7a 22 fe 18 02 f7 59 cf .......nz"....Y. 0090 - 2c d6 99 30 a2 60 30 16-5b cb 9d e8 9e db c3 75 ,..0.`0.[......u 00a0 - 16 c6 a0 63 a6 14 5c 30-21 50 aa 51 fd 22 e5 48 ...c..\0!P.Q.".H 00b0 - a9 88 a3 ac 55 f1 13 b8-3b 41 2c 66 8a 38 f8 26 ....U...;A,f.8.& 00c0 - ae e7 5e d9 97 2a e7 7a-52 82 b5 98 fc 8e 1c f6 ..^..*.zR....... Start Time: 1741924520 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FC36E9BFBA96B2B04CAC7C42BACEA7C3E161CC11DB51096AA59745790B55C764 Session-ID-ctx: Resumption PSK: F95AF9F42FF2E270F83F89EE9CC48B9B3A5A853EBB6988233993827E47BE3D0869A3D0AFA7305DB0BEF73F9F5252F6FA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 39 64 e0 89 0d 18 8c a3-56 4a 53 61 74 1c 93 43 9d......VJSat..C 0010 - 1d fa f3 13 31 97 be 72-72 d7 bd 2a 19 d9 e9 8d ....1..rr..*.... 0020 - 9f 42 87 f8 36 25 c4 a5-b1 af 69 17 cb 00 dc f9 .B..6%....i..... 0030 - f3 6c 5e 89 eb 11 c2 ca-29 cd 1e 7b 29 61 fc 99 .l^.....)..{)a.. 0040 - a4 35 18 16 b5 93 93 4f-b1 09 00 20 06 7c 7e 2c .5.....O... .|~, 0050 - 23 f8 4b ff ca 2b 34 34-9e f2 3d fd 9e 92 ab 5d #.K..+44..=....] 0060 - 8e 51 70 ec 01 ac 56 f2-40 7d 26 e5 ed 68 35 14 .Qp...V.@}&..h5. 0070 - b7 42 46 6c d6 ce 45 10-c0 11 b6 83 38 d9 d6 21 .BFl..E.....8..! 0080 - a1 b8 95 99 71 fd 73 03-86 c0 7c cb e8 ea 3f 78 ....q.s...|...?x 0090 - ba 0d 88 3b 47 18 5c c5-b7 82 8a 93 51 83 15 49 ...;G.\.....Q..I 00a0 - 7b 56 7e 97 3b e3 45 3a-96 79 77 82 3d 07 9f 8e {V~.;.E:.yw.=... 00b0 - 21 47 4c b8 98 2c b9 d9-6f ef 93 23 cf 20 3d 2d !GL..,..o..#. =- 00c0 - 46 b8 d4 08 89 5e 2b f2-07 91 13 34 30 ae c2 e0 F....^+....40... Start Time: 1741924520 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A79D5E117F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIC+jrREXHJrzr2+8ZjK54SjQLpmBoyVXUug84a2NDHNb BDD5Wvn0L/LicPg/ie6cxIubOlqFPrtpiCM5k4J+R749CGmj0K+nMF2wvvc/n1JS 9vqhBgIEZ9OoqKIEAgIcIKQGBAQBAAAArgcCBQDGZLGfswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:15 2025 GMT; NotAfter: Mar 14 03:54:15 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE1WhcNMjYwMzE0MDM1NDE1WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAApSqJK31uIg0XYlBt3hUQ02u7R5sOP8lIqY/nbiF8ado4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFHSorGvXByslIN/xXv2/rxpgjKK2MB8GA1UdIwQY MBaAFA9utBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQBBK3yt 6KpRN80SNzwRVGOanzcwvmIFnlBrQFx3jJ62kqKAIivFH4pYBjERB+CxMFMWxwGg QmiSKgVh11Rgcrr38fIjg8w6tPc1zyrv6EZ9Lfq1JPO3vKurq5zOlydC7HY/Pndq JefvvBJRP1iHzU7y8nNvCK3Y2QFNhah2bzskRMuCcx8jeWF8O+l2YLJoXY4Gg75K /0qjhs3vPuzXCqLm8065yMkNMj0AZcM6FuV/y9qDjABkZ5Sz/3iF3iXCY+fKKyLh wz2ZqFG7OLxoCg5tNg1Xvtd+DkT2QOOy6whJrS+bw++BGyXy5KAQopkmuCSlvIyJ eWv+b5lrKaL+pRls -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9C625BF704D264740B30BFE44D3D3C4F5EC1E16ABEB90120FE755D0C60A4AA7A Session-ID-ctx: Resumption PSK: CFD6B04336C7B9ADCE1B6B1F33B439A80518195E23E291252AE017E8059E51BADEF1F0A30EFA623FCE62DEDA46F52078 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 33 67 07 56 b1 81 b8 56-2f 1b 1f 74 d7 b7 ed 5a 3g.V...V/..t...Z 0010 - b8 d0 82 3e a4 bf b8 fc-30 74 75 4f 0b 64 24 42 ...>....0tuO.d$B 0020 - 31 ae 54 cf 61 a4 3d 88-f3 0a 7f 5b b4 e0 9c a7 1.T.a.=....[.... 0030 - 8d d0 1b c4 33 8d 71 c8-c7 97 89 fc 7e fe b7 cc ....3.q.....~... 0040 - d5 29 ae ff 3b b8 86 59-33 b9 10 fd ea a6 26 71 .)..;..Y3.....&q 0050 - b9 5e 91 5a ec fa ec 14-91 2f 58 23 2d ad 43 08 .^.Z...../X#-.C. 0060 - 63 72 60 0b f1 68 25 cb-db 0d e6 97 e6 3c b6 26 cr`..h%......<.& 0070 - d0 59 0a f4 96 be 0d fb-a9 ca 06 18 f0 bd ce 03 .Y.............. 0080 - a0 74 7f bf 93 73 87 66-17 1a 8a b7 10 01 22 65 .t...s.f......"e 0090 - 26 ea 47 41 65 a5 59 d5-92 e7 65 ce 2f 6c 2a a6 &.GAe.Y...e./l*. 00a0 - 0d db 0e 28 32 32 83 d7-c9 61 0d 21 8a e2 9a ad ...(22...a.!.... 00b0 - 38 a5 b2 c6 73 f8 17 49-66 85 7a 93 73 45 ff e2 8...s..If.z.sE.. 00c0 - b4 cd 61 17 b8 7f d3 7c-1e e4 71 f2 e4 4a df 1f ..a....|..q..J.. Start Time: 1741924521 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8468B7881E58DDA06D423220A1779743B305F98A98AE91E7B0CDE88B2FF46515 Session-ID-ctx: Resumption PSK: 53A545EA5AD86BD9FD93F07BAE9FECF89E5AECEB7E4D1CB4603569A07B9E59E6098D9D80A5DDFF9F83485D69DA04EFE2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 33 67 07 56 b1 81 b8 56-2f 1b 1f 74 d7 b7 ed 5a 3g.V...V/..t...Z 0010 - dd 9a a2 16 67 a1 dd 9a-c6 cd c9 6e e0 09 3f e9 ....g......n..?. 0020 - 8f 2d 2f 84 c2 04 ce ee-bb f0 a2 ba ea ea 19 47 .-/............G 0030 - 38 98 b4 cd 5b 61 ba e1-f4 25 0e 35 a3 a4 87 9b 8...[a...%.5.... 0040 - 26 d8 15 b1 12 a3 7e 6d-cc f2 f0 d7 57 58 ef 50 &.....~m....WX.P 0050 - 64 c1 16 ff 95 45 75 9b-65 54 5e 1e 85 08 da 33 d....Eu.eT^....3 0060 - 1d 1f dc e9 85 c4 90 ac-f5 1c 17 f4 e8 90 dc 99 ................ 0070 - 2f db 9a f8 d7 6a 61 5f-92 ce 84 a4 c3 62 a3 63 /....ja_.....b.c 0080 - b5 55 3a 31 16 4f 66 c7-b7 f7 30 2d 90 8e db d5 .U:1.Of...0-.... 0090 - a4 67 f5 c8 5c 5c 05 7d-74 33 6e 35 eb ea cc d7 .g..\\.}t3n5.... 00a0 - 37 43 76 e5 ec 42 af bf-d4 2c 0b f8 1f 55 ff 51 7Cv..B...,...U.Q 00b0 - a7 7f 5a c6 52 7a c6 32-2a c3 91 61 a6 fe fe e6 ..Z.Rz.2*..a.... 00c0 - ea 34 23 35 2f 6f d9 2f-73 23 4f 4f 89 c6 52 9d .4#5/o./s#OO..R. Start Time: 1741924521 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40877397F37F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEINd7yr8zw5it7M4JBalxZ6KQ6NouH7AVMAyXxPJB+eqi BDBTpUXqWthr2f2T8Huun+z4nlrs635NHLRgNWmge55Z5gmNnYCl3f+fg0hdadoE 7+KhBgIEZ9OoqaIEAgIcIKQGBAQBAAAArgYCBDGQG+WzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:16 2025 GMT; NotAfter: Mar 14 03:54:16 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE2WhcNMjYwMzE0MDM1NDE2WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgBPCkiiiNXN8xKSfOeLRPvjyCbFOHcM4WuitTttZBw62eEXI/9Ag2a/fpQ2lVzx 4NgCQNdCRFCARQCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU/QSYxSwO ItEZDxh/4oX0efJjgxEwHwYDVR0jBBgwFoAUD260FbL04wx/g3lsJQNJntk6NnEw DQYJKoZIhvcNAQELBQADggEBAGRSSuRuCNFy9OxTxDxhMqlPMqyEymba80MvPTAs dCD1ZyK1VLrguJOSD23e6z1zmzM9c88B38gqrOAoruFd1bzyqQfl6q4ZkDgMUy2e oIlr6Vr7WTc74MMjtZwuhPhzMuLEEtnR0iue76+Ufn9A8KIb1obajbWZoUnVC9a+ V5yufbpHLOvW13sZkoCO/34TI6tlX4bkSitwWc/GJQSnFs8sjhtBeqah8TJz3X/f vQ0OG0N104zdRyvhgSy4sQy74kNhOFlbcWD51KuTH5NHirCAJas70CHnV3WXKoia FvcAYGS10LA2kA+LD3HQhTJGIt/T8VaognHFlXqQOcah7gM= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 3DCC7D07B62608994C71CD0F8C751C0B3DC5606DF7714419CFE43AA1ABDD9A9A Session-ID-ctx: Resumption PSK: 004A6A9AEF4C3EC67B5590F1532655A3598FE361180CE6568F917EF77E0A90C43AF72A90419F1126654C896CE2A7797B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 19 6d 5f 01 76 92 fb b2-19 89 4d aa 83 85 c9 a9 .m_.v.....M..... 0010 - 2b 71 c0 eb 6e 5e b5 b5-43 43 c1 f5 0b 10 3d 03 +q..n^..CC....=. 0020 - 52 2c d8 a0 9b 32 11 d8-ef ca f7 95 99 6d e2 14 R,...2.......m.. 0030 - a3 48 d6 2b c5 b0 9f 52-80 f5 df bc b5 a7 36 85 .H.+...R......6. 0040 - 78 66 92 55 fe 2b 2a 14-8f 8c df 0a e2 8b 34 4b xf.U.+*.......4K 0050 - 6d d1 62 65 e1 fc 27 78-2c c3 5c e1 6a ce 76 c0 m.be..'x,.\.j.v. 0060 - 09 b7 12 85 94 57 e5 f9-cd 19 af 18 8f 7e d8 9b .....W.......~.. 0070 - 29 b5 72 23 f8 e9 78 c8-55 d4 d0 d8 4b d0 0b 9e ).r#..x.U...K... 0080 - 3f 7d c2 b7 25 50 ae 07-c0 da 2a a0 d9 42 0a a8 ?}..%P....*..B.. 0090 - 2d f8 e6 61 e9 8f a7 71-02 d1 f7 5c af 23 fe ea -..a...q...\.#.. 00a0 - fa 0e 80 6c ec 66 cf 8d-7e 88 ed 89 b9 4b 0b e7 ...l.f..~....K.. 00b0 - 23 b8 20 f0 58 58 4f 71-dd 34 82 92 42 18 f8 25 #. .XXOq.4..B..% 00c0 - 39 62 7a 6b d0 3a cd 20-32 a3 fc 29 24 c9 86 9b 9bzk.:. 2..)$... Start Time: 1741924522 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A26742D7BC17FDBE68FBFC8A906C3C34B2D5012AD90CF0ADEADBFEB1FC80766A Session-ID-ctx: Resumption PSK: 4232176B998836A7EED5E115688ECE37D0CDCE3DBD6F8B3B597B3E68E6279BF2312B286ADC510D89F790A3E54B0AEF21 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 19 6d 5f 01 76 92 fb b2-19 89 4d aa 83 85 c9 a9 .m_.v.....M..... 0010 - de cc 51 fb 9c b7 91 2b-a8 d3 f4 79 72 83 2c 7b ..Q....+...yr.,{ 0020 - 6e 08 23 03 31 13 94 05-ce 8a 87 2f d9 74 b7 87 n.#.1....../.t.. 0030 - 9c a2 80 eb 29 9d c5 a3-39 85 f3 d6 bd 9f a1 17 ....)...9....... 0040 - dc 89 56 c0 33 87 8e f2-c8 60 b1 1c 0c 62 3c bb ..V.3....`...b<. 0050 - 76 80 15 16 75 77 3f 97-b1 74 1e 39 5d ba 6f 50 v...uw?..t.9].oP 0060 - 14 0c 05 2b e4 06 e6 7b-24 5e 81 51 16 c7 16 67 ...+...{$^.Q...g 0070 - 98 b7 58 a6 f4 d7 d6 5e-00 a9 3c ab a3 87 1f 2f ..X....^..<..../ 0080 - 63 37 10 a5 d7 77 33 1f-92 83 26 0e 8a 25 48 c0 c7...w3...&..%H. 0090 - 49 02 4b 4b 53 d3 5e 79-71 c1 9f 9f cc 37 8e 79 I.KKS.^yq....7.y 00a0 - e1 4f 29 65 5c bf c6 ea-34 95 46 56 30 af 23 10 .O)e\...4.FV0.#. 00b0 - 89 a3 0e ab ab 3a fd 23-46 bb d8 34 02 6b 43 4e .....:.#F..4.kCN 00c0 - f4 fd b4 55 72 bb 5a 91-48 06 3c c4 69 ec cb 80 ...Ur.Z.H.<.i... Start Time: 1741924522 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A7DB4E537F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIHPDAw3Dw2DTEHF48qblZHEAGj3pQSP91hw50jYF0u4X BDBCMhdrmYg2p+7V4RVojs430M3OPb1viztZez5o5ieb8jErKGrcUQ2J95Cj5UsK 7yGhBgIEZ9OoqqIEAgIcIKQGBAQBAAAArgYCBBJm2L+zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 6279494490B8F47EFB582D542D54A921760D7183D95C971D61937D6559A2E19D Session-ID-ctx: Master-Key: 68626C72B23BFA2843A581264D1AAFDC3BA20E73BB909978B818AADCB558B76952778DD1078B967202A2E4D4C7D3E006 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - b0 27 64 80 6e 39 12 6e-b7 80 0a b5 7d 38 30 cf .'d.n9.n....}80. 0010 - 1f 49 b3 26 87 05 9f 62-bf 9b da e0 4e c4 8c e1 .I.&...b....N... 0020 - 8a a4 2e c6 02 16 41 24-dd 89 cf d4 40 83 5f 74 ......A$....@._t 0030 - 29 0c 17 a2 cf 35 6e bd-b5 ca c1 36 03 c5 ee fc )....5n....6.... 0040 - fe 2a 6e ca a7 0b de fc-a5 4c 01 de 50 29 e2 df .*n......L..P).. 0050 - bb 9e b5 b0 21 e2 ff 44-d4 c0 97 12 b8 2d 1d bf ....!..D.....-.. 0060 - bd ba b7 da 34 1f 52 dc-6f 28 ca 30 37 2b f5 52 ....4.R.o(.07+.R 0070 - c0 09 04 da da f1 58 63-f7 ac d0 47 20 a5 6a 35 ......Xc...G .j5 0080 - 50 56 a2 44 4b a2 20 01-b3 5f b9 fc fd 9d ca e0 PV.DK. .._...... 0090 - ae 64 a0 f9 c9 d1 85 6e-51 ce 35 69 6c 8f 45 6e .d.....nQ.5il.En 00a0 - cc fd ac 2e c7 9c 2a 6b-7a ad e8 ce ff 67 f5 24 ......*kz....g.$ Start Time: 1741924522 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4007ECDC437F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDBoYmxysjv6KEOlgSZNGq/cO6IOc7uQmXi4GKrctVi3 aVJ3jdEHi5ZyAqLk1MfT4AahBgIEZ9OoqqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN75xsWaCuQK52tzH25qhx6ClcmMLofDr6Q2 G45hgZFzXKhQXjULCCbJTJPlKppaIY8O+e7M13OvxQNE/jb5rzyrz/Eb42RK0NCu 3N0QMR3WcoTGHkjKbsAhbipiPAU2DmTcqu6Gbhop98lGJM+5yRy6S9bzrxS3O2e0 wPpAk9JNpLxINiDUibliIJcju5RJYXCek4G4QyifK5zr/I7x0TC3iahTa4u1xUj1 YsSvbXXJ7QzYaTI0RV7mvppGwxOr+A1RqS8tBnCqBy3Im8XH7KZ+QUHNAT/BXPk1 7dXHjAODrWoIvXufXa1cK/4s+wFEQcOIMrMj+KSG29ArRC257psCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQSQLryU+GovwtOI7dJIHbC3ZwzLTAf BgNVHSMEGDAWgBQPbrQVsvTjDH+DeWwlA0me2To2cTANBgkqhkiG9w0BAQsFAAOC AQEAA4Fg2W7ne/OpP/pWnnJI6LeGyeBPyBVWhNGL38/p9p2jdA0O2hQdNvyLi9lI ZcLz77vYTdZCmITnJLqH2Jwd2jq5QHJmzYkJpp4Q8HAHkq8Y3ZQRhlAjp1LZhYov jHRaj3qZpDabEJU5illa26nyjPYeEjpCX4qMWJQhj0Qh1+V6y+wYoMIObLpyBtvF dUcplbSp+yovFXhm4zEA8szbCUQjZoFCvbi6j73ukspPB7aWB35dm8yHXrVCHTb1 sprOKjFwKvDn3RG9EcJLbM8kGNLbvfvIkMGl6NPlOhlQ2Gmkw78KXgm2vqIyswMw mK5oyns9zCW12yV5vJWyO2KrXw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 05D46D20AF5D3EDFC4AADB75C978F7ACC3A65A2DDB87A889E5A088C831DE5B49 Session-ID-ctx: Resumption PSK: 31F2A4FD0CA2FEF005CBB8926A074385624B17EEB536CCAE8B68FE58A25D6CE1452933495753DE687D3EB347B8298D91 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 94 f5 fd 45 84 b1 99 c3-48 62 36 ad 0a e8 37 3a ...E....Hb6...7: 0010 - 88 54 11 42 09 55 ff c7-bc f6 51 7c 54 66 68 f8 .T.B.U....Q|Tfh. 0020 - 72 a6 fc c6 20 54 2a f5-9a bf 29 5a cd 92 13 a2 r... T*...)Z.... 0030 - 50 47 7e 08 57 cf 1e f2-80 96 82 d2 39 35 6a cc PG~.W.......95j. 0040 - 2e 56 3d 80 16 83 76 25-a7 61 d0 8b 25 33 89 6b .V=...v%.a..%3.k 0050 - 4f b6 dc 9b 3e 04 b5 8c-dc c0 4b e5 6d f1 b9 fa O...>.....K.m... 0060 - 70 27 a1 fa 51 81 54 17-f2 32 10 44 c8 3b e1 f5 p'..Q.T..2.D.;.. 0070 - 9e 10 2c e8 b7 4d ba c2-56 34 e6 86 ea 62 ca c6 ..,..M..V4...b.. 0080 - 51 27 be 9f a4 5c 09 23-fd 83 bb 18 41 e1 eb 20 Q'...\.#....A.. 0090 - dd 5a 7d 95 fa ed a0 91-e3 fa 4c fe 4e 1e 27 b8 .Z}.......L.N.'. 00a0 - 62 f4 cb 24 3a 64 60 49-a1 e2 23 40 da 6d 63 30 b..$:d`I..#@.mc0 00b0 - e4 81 e4 6a 77 81 0f 28-bd 2d 5d e7 18 bf f5 02 ...jw..(.-]..... 00c0 - fa 39 40 06 32 75 ca a9-63 48 9a c4 2f 80 08 59 .9@.2u..cH../..Y Start Time: 1741924523 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 83216D33B4C3910A54CBE436B25CDEB6BD7851ADD7142F13F7E52FB5FF175106 Session-ID-ctx: Resumption PSK: 3309DAF115D9E41D873D2A77E681786F9271985985851B7F4C61B6EC2C3C9643D650B6032627E2F28875B10344E7A19F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 94 f5 fd 45 84 b1 99 c3-48 62 36 ad 0a e8 37 3a ...E....Hb6...7: 0010 - 1e ba 78 aa 1f ff a2 77-5f e0 06 15 00 ea 5e 14 ..x....w_.....^. 0020 - 56 1b c6 71 bd 65 80 6c-d9 6f 04 97 ce 48 07 d9 V..q.e.l.o...H.. 0030 - 35 ca 3e 1d c6 c7 16 9c-89 9d 5d fd 5e 3a 7c 9f 5.>.......].^:|. 0040 - 06 41 ba 7b b8 53 c0 6c-4b c2 91 20 af d0 2e 8a .A.{.S.lK.. .... 0050 - 1c fd 19 6a 80 3e 76 c7-50 a3 81 31 ee 73 40 88 ...j.>v.P..1.s@. 0060 - 05 36 cf 70 f4 7e f8 b4-10 1f 5a 8a 3d 6d 27 84 .6.p.~....Z.=m'. 0070 - c6 41 11 3c ce 71 92 0f-7a 8e 0e 47 75 d1 1d 70 .A.<.q..z..Gu..p 0080 - 00 be 6e 4f 9d 45 85 c6-f5 2a ab 8b 60 29 1d f7 ..nO.E...*..`).. 0090 - a0 16 34 33 2a 09 1d a6-f9 27 da 70 1e 9e 57 26 ..43*....'.p..W& 00a0 - 78 18 b9 41 62 47 d8 b4-33 83 0e d3 73 9b 73 dd x..AbG..3...s.s. 00b0 - d8 e4 84 e3 06 6d 67 ed-fb 80 33 4b 98 12 30 3d .....mg...3K..0= 00c0 - d2 51 be 48 0b b8 64 06-65 f5 4f 0b 73 5b 69 8b .Q.H..d.e.O.s[i. Start Time: 1741924523 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A7F7A9967F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIHyrBALAi6efUUkJEHBFe7AXriDxvqelhfJh35/9AcuI BDAzCdrxFdnkHYc9KnfmgXhvknGYWYWFG39MYbbsLDyWQ9ZQtgMmJ+LyiHWxA0Tn oZ+hBgIEZ9Ooq6IEAgIcIKQGBAQBAAAArgYCBGtEY3azAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1085 bytes and written 290 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: ED07CF22D0AA68303B591F2B1BBFD140F7CC8FB7DA87A59A1071C3A469EA7808 Session-ID-ctx: Master-Key: E1D2B017A40AD2BC8EF1E612C60FBEC194A970F9FFBA0DD067C13C7E50CF26BFEDC2ABC601DAF59EA3FA9CF2676BBF3C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 52 ab 2f b7 f3 9f 52 b7-43 49 e9 bc 04 13 69 b0 R./...R.CI....i. 0010 - 57 ac 25 d0 73 33 a1 e0-2a b9 62 32 81 18 79 f3 W.%.s3..*.b2..y. 0020 - b0 62 a4 6c 1f d1 c7 71-fc 6a 82 d4 1b ed 5f fe .b.l...q.j...._. 0030 - 9d a5 fa fa 50 a5 6c be-1e 44 12 1f 15 19 47 51 ....P.l..D....GQ 0040 - 13 bd e4 b8 61 76 49 aa-ed 29 48 45 c3 2c 93 8f ....avI..)HE.,.. 0050 - 21 00 7a 05 1a 54 1f 66-8f 93 2e fb 6f 8a 17 ff !.z..T.f....o... 0060 - 27 ee 9f be 0f 96 8d be-21 a0 68 9a 31 df 51 cf '.......!.h.1.Q. 0070 - 5a 0b fc e8 17 88 9d 7f-5c fe e4 ca 64 9e c0 fb Z.......\...d... 0080 - 9f 85 4a 09 04 e8 cc 1b-3c 45 ab 7a bf ce 4a a9 ..J..........0.q=j.... 0010 - f2 04 ec b7 ac 9f 6f c6-ef c2 b1 f9 3d 94 36 7a ......o.....=.6z 0020 - 01 8a 6a b4 2e ee 92 3b-34 77 be 14 55 b8 a4 0f ..j....;4w..U... 0030 - a0 3e 7b 25 0c 18 fb 67-1e 97 72 e9 b4 42 41 f1 .>{%...g..r..BA. 0040 - c5 0b 9b 0d c7 80 3f 23-20 d1 58 17 74 28 34 19 ......?# .X.t(4. 0050 - a2 36 50 5e e4 d8 5e cb-0b 34 cb b3 9c 05 dd 0e .6P^..^..4...... 0060 - 48 fb 02 7e 87 ad 15 16-0f ea 43 eb b6 f6 b0 40 H..~......C....@ 0070 - 13 b6 3c 30 22 41 ad 6c-4c ae 28 e9 3b 94 44 6b ..<0"A.lL.(.;.Dk 0080 - 97 47 2d 75 31 51 2e 78-8b a7 3f 23 41 39 52 9b .G-u1Q.x..?#A9R. 0090 - 50 0b 2d 66 26 ce c5 b8-84 d0 0f 8e 17 04 11 a6 P.-f&........... 00a0 - 4d a6 9f b4 7c ee eb 4d-e7 7c 4e 11 5c d8 90 f0 M...|..M.|N.\... Start Time: 1741924525 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4027A624AD7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDAlPx827UN6Pi7Li4jLlcbJc23VSU7LQGZO1TVc1RBi YnTZAGQzGLluB95iItDbtQehBgIEZ9OorKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 14 03:54:14 2025 GMT; NotAfter: Mar 14 03:54:14 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzE0MDM1NDE0WhcNMjYwMzE0MDM1NDE0WjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAASNXAZpEA1/ju6MY+7eFXLf/jMxuwNuc5d5+/+FFVXJeJkC Xo6eAUavvLgDVZpiWSRxBZxXb097P+ZaLj470pYwo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFDUX8xCvrxzZAB7Z2JBXohqY02ZVMB8GA1UdIwQYMBaAFA9u tBWy9OMMf4N5bCUDSZ7ZOjZxMA0GCSqGSIb3DQEBCwUAA4IBAQADPS6KCOe9Af90 1qDfEmzNzkcjHSy096YS0e1DsPrP2aCGkb+ZMdrxT1KR8xQ8ydKv4qyH6YzhAnfd AkA1qbN5nVLdLjHOe8F1d9CX0huLEBVuNyNbsba+OA8XIsLecadQjVILIvukuopp wCNDFCLG3TTaGPBKDpvIY2b/UP/hwV0UhhBmhg2hHHLdRztXxNfGviv8oKOkxFLF qjO7f0RKO7523NcIojv7knTSeVHuBWVeCAmHxQZaLbmaRtPLqSmsBj4kdxbLd46V qaM/4PKbfu+dIeaNvtLjqKWt2WlvDZS72aRBjpkYEiPWbfDuCsr40ZV2+paHgogY JAJxk++v -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7076905A85F828CA52557568ADB1373CC10BFDD199CF6F5D9432B53B3B8DC8D8 Session-ID-ctx: Resumption PSK: 9C1A790C6AF5A7B25896BEC4B3B5C8C3D2EA42FD802EF3756CCCA87B97B52DE44A498F4B34EF45D1CA940714F68963F8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 3d 4d c9 cd 50 72 cf 26-fe 1e 09 0f 70 9d 10 36 =M..Pr.&....p..6 0010 - e6 b1 fd f7 59 ac fd 9f-b1 56 f1 7e 43 7c 89 46 ....Y....V.~C|.F 0020 - fe c4 09 78 5a 92 ee 7a-dd 98 52 9b 6d 78 3d c6 ...xZ..z..R.mx=. 0030 - 0a b2 7c 78 56 bb c3 87-3a 5d f5 7e 53 02 f9 8e ..|xV...:].~S... 0040 - 10 47 5f cd 32 f9 71 eb-42 41 e3 b6 7c c8 e8 10 .G_.2.q.BA..|... 0050 - 77 5c bb 59 07 1f ee ab-56 b7 51 2e 2d 9a b4 e4 w\.Y....V.Q.-... 0060 - 53 6b c5 70 07 f9 2f 21-07 e4 e1 63 62 30 5e a9 Sk.p../!...cb0^. 0070 - 6a 36 01 13 c1 7d 57 28-f8 a3 b1 b4 06 bd ba 20 j6...}W(....... 0080 - be 1c 38 a7 23 9e ee 9b-c0 62 7d b0 f5 b2 d5 10 ..8.#....b}..... 0090 - 42 88 d1 2f 70 4a a4 15-92 36 69 03 34 f7 46 3d B../pJ...6i.4.F= 00a0 - 5a 30 a2 a0 b0 86 ed 19-07 f4 41 59 0b 24 53 48 Z0........AY.$SH 00b0 - fa f9 3a ff 5c 20 bf 4b-38 05 72 fc 55 c9 b9 bb ..:.\ .K8.r.U... 00c0 - 66 0d 6a ee be 71 38 db-65 6d a6 12 d7 71 b1 fc f.j..q8.em...q.. Start Time: 1741924526 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 71B9B687101D501B307D6E4355C2219DBDEE77351D56ED1E626D78526AD3DE16 Session-ID-ctx: Resumption PSK: F309E8F3506EF2558F2D7373B33809272AB38A310B5A989E56143EB0DBF8F9CA522BAFE31C15D1C591292118E3CCE3FC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 3d 4d c9 cd 50 72 cf 26-fe 1e 09 0f 70 9d 10 36 =M..Pr.&....p..6 0010 - 75 37 16 40 04 e9 00 45-52 0e 04 03 44 20 e9 a5 u7.@...ER...D .. 0020 - 24 89 49 1c 1b 60 82 00-b2 80 f4 4d 91 8f 8e 73 $.I..`.....M...s 0030 - 26 ca 69 bb 07 1b 51 50-de c1 8f 8d e4 66 80 33 &.i...QP.....f.3 0040 - 2c 9e 2d 60 49 ad ea 6a-a0 2b 49 94 59 e3 8e fa ,.-`I..j.+I.Y... 0050 - cc 54 7e c0 2c 1a 58 63-c6 b2 0a bd 11 4d 76 bf .T~.,.Xc.....Mv. 0060 - 19 98 8f 24 ec 56 c1 93-e1 66 8f c0 e7 5a cb 5b ...$.V...f...Z.[ 0070 - 66 16 11 15 bd 94 d0 35-6f 6b 7c 11 82 a8 5e c3 f......5ok|...^. 0080 - da dd 65 18 64 0e 44 f0-23 c7 7c fa 80 e1 e7 2e ..e.d.D.#.|..... 0090 - 99 c3 93 e2 41 5d 31 5d-46 10 05 73 8f f5 a4 7f ....A]1]F..s.... 00a0 - 76 30 0f ba c5 82 68 6a-11 bb 8c 63 01 7a 74 af v0....hj...c.zt. 00b0 - 51 04 82 28 1f 6a 45 a0-25 4c 79 4c 3d bc 7a fb Q..(.jE.%LyL=.z. 00c0 - b3 ed 56 70 43 05 c2 53-77 c0 ff c5 19 d6 14 7d ..VpC..Sw......} Start Time: 1741924526 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40D7DBB3847F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGh1TTNEwXyJvNo1NfqVg1kN/qj4M0Nm/YQpHhsr8WHn BDDzCejzUG7yVY8tc3OzOAknKrOKMQtamJ5WFD6w2/j5ylIrr+McFdHFkSkhGOPM 4/yhBgIEZ9OorqIEAgIcIKQGBAQBAAAArgcCBQDxHvKqswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGh1TTNEwXyJvNo1NfqVg1kN/qj4M0Nm/YQpHhsr8WHn BDDzCejzUG7yVY8tc3OzOAknKrOKMQtamJ5WFD6w2/j5ylIrr+McFdHFkSkhGOPM 4/yhBgIEZ9OorqIEAgIcIKQGBAQBAAAArgcCBQDxHvKqswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 15.76s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=90 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.10s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=148 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.10s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=169 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.09s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=56 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.25s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=102 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.12s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=164 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.12s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> MALLOC_PERTURB_=59 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.11s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=141 MESON_TEST_ITERATION=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%75%65%DB%E2%3A%68%91%3A%D4%68%C3%D0%9A%BE%66%ED;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%EE%CC%C2%38%AC%4F%E1%56%ED%96%A9%73%19%72%3C%E8;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%98%6F%B1%88%8A%24%9A%4B%54%F4%FC%DB%11%9E%F1%5D;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%1A%B3%5A%D0%4B%B6%E0%6B%A7%40%BB%27%69%C1%EF%EF;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%D2%EC%7F%A1%AF%C2%79%D6%90%5B%15%CA%57%8A%91%6D;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%59%66%EE%DD%F2%5B%8C%37%02%A5%A0%FA%35%36%C9%62;object=Test-Ed-gen-5966eedd;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%5B%5B%33%68%D3%28%D2%4D%EE%9B%5C%A4%CF%6A%98%AD;object=Test-EC-gen-5b5b3368;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%E5%CA%34%CD%75%79%E7%34%79%8A%39%C4%0A%0C%2C%EE;object=Test-RSA-Key-Usage-e5ca34cd;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%C7%DC%B3%08%D0%50%E6%BF%DB%71%E5%09%80%44%CB%EB;object=Test-RSA-gen-c7dcb308;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%2A%5F%C8%F8%2F%68%60%D4%67%EF%69%59%20%BB%5F%BC;object=Test-Ed-gen-2a5fc8f8;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%4D%89%F7%DF%09%E3%A7%F2%57%47%E7%90%17%FE%E0%62;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6bab5e7dfe0ca8a8;token=SoftHSM%20Token;id=%85%BB%76%3A%D1%1B%89%D7%47%D1%F1%9B%99%F2%4A%1E;object=Test-RSA-PSS-gen-85bb763a;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=6bab5e7dfe0ca8a8 openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%00%00 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=caCert openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 10.73s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=214 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.11s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=39 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.11s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=244 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.20s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=202 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.10s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MALLOC_PERTURB_=52 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.13s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=185 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.15s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> MALLOC_PERTURB_=59 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.12s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=79 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.13s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MESON_TEST_ITERATION=1 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=97 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.18s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/meson-logs/testlog.txt create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-x86_64-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/x86_64-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-1_amd64.deb'. dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-1_amd64.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-1_amd64.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-1_amd64.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/58241 and its subdirectories I: Current time: Thu Mar 13 15:56:07 -12 2025 I: pbuilder-time-stamp: 1741924567 Fri Mar 14 03:56:09 UTC 2025 I: 1st build successful. Starting 2nd build on remote node ionos15-amd64.debian.net. Fri Mar 14 03:56:09 UTC 2025 I: Preparing to do remote build '2' on ionos15-amd64.debian.net. Fri Mar 14 04:01:44 UTC 2025 I: Deleting $TMPDIR on ionos15-amd64.debian.net. Fri Mar 14 04:01:44 UTC 2025 I: pkcs11-provider_1.0-1_amd64.changes: Format: 1.8 Date: Tue, 11 Feb 2025 19:09:10 +0000 Source: pkcs11-provider Binary: pkcs11-provider pkcs11-provider-dbgsym Architecture: amd64 Version: 1.0-1 Distribution: unstable Urgency: medium Maintainer: Luca Boccassi Changed-By: Luca Boccassi Description: pkcs11-provider - OpenSSL 3 provider for PKCS11 Changes: pkcs11-provider (1.0-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.0' Checksums-Sha1: f8dba708a5b680eb6e13753690683c50c94339ef 309232 pkcs11-provider-dbgsym_1.0-1_amd64.deb 03a0d28463ffac6e1c203e28593ce1220cf7390c 7238 pkcs11-provider_1.0-1_amd64.buildinfo fcd3faaa38f2f04ac0895eed7849473c19a19c29 124384 pkcs11-provider_1.0-1_amd64.deb Checksums-Sha256: 5758eb4127ea8750828e65bbfc0929bded1fbffa1dbeeba44656a4043d4a1e18 309232 pkcs11-provider-dbgsym_1.0-1_amd64.deb ed2c4ede8bacfcc5a21593dccce099360f1ad825940249d52c17e95df1417c3a 7238 pkcs11-provider_1.0-1_amd64.buildinfo 1d1a02649d71a5dec22a78f37660226cddfd533d1533a0e29fd6b26c9c991152 124384 pkcs11-provider_1.0-1_amd64.deb Files: 2ad860dd822cef5396a2f46d6b19cff6 309232 debug optional pkcs11-provider-dbgsym_1.0-1_amd64.deb 782fa78f5f3c3653f82fcd971ae5be74 7238 libs optional pkcs11-provider_1.0-1_amd64.buildinfo 3984b78246e9682ab8d6f362efdd2fb9 124384 libs optional pkcs11-provider_1.0-1_amd64.deb Fri Mar 14 04:01:46 UTC 2025 I: diffoscope 289 will be used to compare the two builds: Running as unit: rb-diffoscope-amd64_19-48214.service # Profiling output for: /usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/pkcs11-provider_1.0-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/pkcs11-provider_1.0-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/pkcs11-provider_1.0-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/b1/pkcs11-provider_1.0-1_amd64.changes /srv/reproducible-results/rbuild-debian/r-b-build.x1NYqhxM/b2/pkcs11-provider_1.0-1_amd64.changes ## command (total time: 0.000s) 0.000s 1 call cmp (internal) ## has_same_content_as (total time: 0.000s) 0.000s 1 call diffoscope.comparators.binary.FilesystemFile ## main (total time: 0.003s) 0.003s 2 calls outputs 0.000s 1 call cleanup Finished with result: success Main processes terminated with: code=exited/status=0 Service runtime: 246ms CPU time consumed: 236ms Fri Mar 14 04:01:46 UTC 2025 I: diffoscope 289 found no differences in the changes files, and a .buildinfo file also exists. Fri Mar 14 04:01:46 UTC 2025 I: pkcs11-provider from trixie built successfully and reproducibly on amd64. Fri Mar 14 04:01:47 UTC 2025 I: Submitting .buildinfo files to external archives: Fri Mar 14 04:01:47 UTC 2025 I: Submitting 8.0K b1/pkcs11-provider_1.0-1_amd64.buildinfo.asc Fri Mar 14 04:01:48 UTC 2025 I: Submitting 8.0K b2/pkcs11-provider_1.0-1_amd64.buildinfo.asc Fri Mar 14 04:01:49 UTC 2025 I: Done submitting .buildinfo files to http://buildinfo.debian.net/api/submit. Fri Mar 14 04:01:49 UTC 2025 I: Done submitting .buildinfo files. Fri Mar 14 04:01:49 UTC 2025 I: Removing signed pkcs11-provider_1.0-1_amd64.buildinfo.asc files: removed './b1/pkcs11-provider_1.0-1_amd64.buildinfo.asc' removed './b2/pkcs11-provider_1.0-1_amd64.buildinfo.asc'