Sat Mar 29 12:05:38 UTC 2025 I: starting to build pkcs11-provider/unstable/amd64 on jenkins on '2025-03-29 12:05' Sat Mar 29 12:05:38 UTC 2025 I: The jenkins build log is/was available at https://jenkins.debian.net/userContent/reproducible/debian/build_service/amd64_23/51252/console.log Sat Mar 29 12:05:38 UTC 2025 I: Downloading source for unstable/pkcs11-provider=1.0-2 --2025-03-29 12:05:38-- http://deb.debian.org/debian/pool/main/p/pkcs11-provider/pkcs11-provider_1.0-2.dsc Connecting to 46.16.76.132:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 2214 (2.2K) [text/prs.lines.tag] Saving to: ‘pkcs11-provider_1.0-2.dsc’ 0K .. 100% 267M=0s 2025-03-29 12:05:38 (267 MB/s) - ‘pkcs11-provider_1.0-2.dsc’ saved [2214/2214] Sat Mar 29 12:05:38 UTC 2025 I: pkcs11-provider_1.0-2.dsc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: pkcs11-provider Binary: pkcs11-provider Architecture: any Version: 1.0-2 Maintainer: Luca Boccassi Homepage: https://github.com/latchset/pkcs11-provider Standards-Version: 4.7.2 Vcs-Browser: https://salsa.debian.org/debian/pkcs11-provider Vcs-Git: https://salsa.debian.org/debian/pkcs11-provider.git Build-Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect , gnutls-bin , libnss3-dev , libp11-kit-dev , libstoken-dev , opensc , openssl , p11-kit , p11-kit-modules , softhsm2 Package-List: pkcs11-provider deb libs optional arch=any Checksums-Sha1: c1f7deab3a3af9fa2c3ef63ed95536c7c5a52707 210633 pkcs11-provider_1.0.orig.tar.gz a8cda47def2b47ce68f39af30d979e0666e9fc30 2708 pkcs11-provider_1.0-2.debian.tar.xz Checksums-Sha256: f62771642f24525305233fab01df361a0893912b7e92d2f550f26f131a7b36c2 210633 pkcs11-provider_1.0.orig.tar.gz cb5076ff1c06ed191e99bea6ae6c947a987845bfdee569ce03b5acf64d27745c 2708 pkcs11-provider_1.0-2.debian.tar.xz Files: 2933ec36edff8ab9c132e82f04cbd4dd 210633 pkcs11-provider_1.0.orig.tar.gz 150356658678552ec13e9329603a734c 2708 pkcs11-provider_1.0-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmfnTy4RHGJsdWNhQGRl Ymlhbi5vcmcACgkQKGv37813JB4rdg/9Ffx6jGzHlH9kWONaEHY5n8i5o8GsHryb +XY+KbRylOUC54kjcp9SUKNn+QVZaiUiGnliiWEJd1zQGMJdwkCoNi/np9D+UcsM HNaAn5zJoWbf36c/nHHTcy1RRovaN3LOoru7wnaCEhMy6axE33cSS79LxXoH8e8p LwJWbZIEZFcIQFuA7iLc8WXf1dAR1E65TEo+7ZK9objKeP5O4lIuY7OS3KUYJMLz /IyhAhN2qWOXNQk/NJ9iml3I0Y0H3+x/0ftPetyocO1uqEPD8fWlAxV5JPYVEkyu MGCwNmXxZIm0M/MzwphJeODJCc+E/tg0nMTEsCv6dS7V2xYxpx6sT3eQ4R5/uOL5 EQL2cP0NKbGQ7fGkJnCwqoQOCveKxo5wJ9/0DpulFX6fyhxnPkVY+5rMekvBdk3o p+qhS9ELD8ztIl+3T+7KOsQX8deoyN5LarZfsX66YXwHlSu5wBge78geJDZnrmNE HH9kduyGffUwfVCACbVFbIc+WSRsQWfY+wCxkE3/it5H2ZrMPLBrkBAmvOeeRSDY u+8czL721y5imQyjdUv4wlk0zk/1tnMDIey3LqLWOZqwJsAjcBtr31KqF98+9SFr I3Zjip/b23c+UF2tMrD/dG6lK3sChLctjy6gsMJGi6gYqxGAu4AySU7lIWIHPABv 73Eb386K3W4= =daLd -----END PGP SIGNATURE----- Sat Mar 29 12:05:38 UTC 2025 I: Checking whether the package is not for us Sat Mar 29 12:05:38 UTC 2025 I: Starting 1st build on remote node ionos11-amd64.debian.net. Sat Mar 29 12:05:38 UTC 2025 I: Preparing to do remote build '1' on ionos11-amd64.debian.net. Sat Mar 29 12:12:33 UTC 2025 I: Deleting $TMPDIR on ionos11-amd64.debian.net. I: pbuilder: network access will be disabled during build I: Current time: Sat Mar 29 00:05:41 -12 2025 I: pbuilder-time-stamp: 1743249941 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: Copying source file I: copying [pkcs11-provider_1.0-2.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-2.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-2.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-2.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/533003/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='amd64' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=20 ' DISTRIBUTION='unstable' HOME='/root' HOST_ARCH='amd64' IFS=' ' INVOCATION_ID='58bfc3c0719b4d8f83e9df3d5674a72b' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='533003' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/pbuilderrc_qjyW --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/b1 --logfile b1/build.log pkcs11-provider_1.0-2.dsc' SUDO_GID='111' SUDO_UID='106' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://46.16.76.132:3128' I: uname -a Linux ionos11-amd64 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Mar 4 11:20 /bin -> usr/bin I: user script /srv/workspace/pbuilder/533003/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: amd64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19805 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 98 newly installed, 0 to remove and 0 not upgraded. Need to get 38.3 MB of archives. After unpacking 141 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian unstable/main amd64 libpython3.13-minimal amd64 3.13.2-2 [859 kB] Get: 2 http://deb.debian.org/debian unstable/main amd64 libexpat1 amd64 2.7.1-1 [108 kB] Get: 3 http://deb.debian.org/debian unstable/main amd64 python3.13-minimal amd64 3.13.2-2 [2210 kB] Get: 4 http://deb.debian.org/debian unstable/main amd64 python3-minimal amd64 3.13.2-2 [27.1 kB] Get: 5 http://deb.debian.org/debian unstable/main amd64 media-types all 13.0.0 [29.3 kB] Get: 6 http://deb.debian.org/debian unstable/main amd64 netbase all 6.5 [12.4 kB] Get: 7 http://deb.debian.org/debian unstable/main amd64 tzdata all 2025b-1 [259 kB] Get: 8 http://deb.debian.org/debian unstable/main amd64 libffi8 amd64 3.4.7-1 [23.9 kB] Get: 9 http://deb.debian.org/debian unstable/main amd64 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian unstable/main amd64 libreadline8t64 amd64 8.2-6 [169 kB] Get: 11 http://deb.debian.org/debian unstable/main amd64 libpython3.13-stdlib amd64 3.13.2-2 [1952 kB] Get: 12 http://deb.debian.org/debian unstable/main amd64 python3.13 amd64 3.13.2-2 [746 kB] Get: 13 http://deb.debian.org/debian unstable/main amd64 libpython3-stdlib amd64 3.13.2-2 [10.1 kB] Get: 14 http://deb.debian.org/debian unstable/main amd64 python3 amd64 3.13.2-2 [28.1 kB] Get: 15 http://deb.debian.org/debian unstable/main amd64 libproc2-0 amd64 2:4.0.4-7 [64.9 kB] Get: 16 http://deb.debian.org/debian unstable/main amd64 procps amd64 2:4.0.4-7 [878 kB] Get: 17 http://deb.debian.org/debian unstable/main amd64 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian unstable/main amd64 libmagic-mgc amd64 1:5.46-4 [337 kB] Get: 19 http://deb.debian.org/debian unstable/main amd64 libmagic1t64 amd64 1:5.46-4 [109 kB] Get: 20 http://deb.debian.org/debian unstable/main amd64 file amd64 1:5.46-4 [43.5 kB] Get: 21 http://deb.debian.org/debian unstable/main amd64 gettext-base amd64 0.23.1-1 [243 kB] Get: 22 http://deb.debian.org/debian unstable/main amd64 libuchardet0 amd64 0.0.8-1+b2 [68.9 kB] Get: 23 http://deb.debian.org/debian unstable/main amd64 groff-base amd64 1.23.0-7 [1185 kB] Get: 24 http://deb.debian.org/debian unstable/main amd64 bsdextrautils amd64 2.40.4-5 [92.4 kB] Get: 25 http://deb.debian.org/debian unstable/main amd64 libpipeline1 amd64 1.5.8-1 [42.0 kB] Get: 26 http://deb.debian.org/debian unstable/main amd64 man-db amd64 2.13.0-1 [1420 kB] Get: 27 http://deb.debian.org/debian unstable/main amd64 libtext-charwidth-perl amd64 0.04-11+b4 [9476 B] Get: 28 http://deb.debian.org/debian unstable/main amd64 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian unstable/main amd64 ucf all 3.0050 [42.7 kB] Get: 30 http://deb.debian.org/debian unstable/main amd64 m4 amd64 1.4.19-7 [294 kB] Get: 31 http://deb.debian.org/debian unstable/main amd64 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian unstable/main amd64 autotools-dev all 20240727.1 [60.2 kB] Get: 33 http://deb.debian.org/debian unstable/main amd64 automake all 1:1.17-4 [862 kB] Get: 34 http://deb.debian.org/debian unstable/main amd64 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian unstable/main amd64 libdebhelper-perl all 13.24.2 [90.9 kB] Get: 36 http://deb.debian.org/debian unstable/main amd64 libtool all 2.5.4-4 [539 kB] Get: 37 http://deb.debian.org/debian unstable/main amd64 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian unstable/main amd64 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian unstable/main amd64 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian unstable/main amd64 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian unstable/main amd64 libelf1t64 amd64 0.192-4 [189 kB] Get: 42 http://deb.debian.org/debian unstable/main amd64 dwz amd64 0.15-1+b1 [110 kB] Get: 43 http://deb.debian.org/debian unstable/main amd64 libunistring5 amd64 1.3-2 [477 kB] Get: 44 http://deb.debian.org/debian unstable/main amd64 libxml2 amd64 2.12.7+dfsg+really2.9.14-0.4 [698 kB] Get: 45 http://deb.debian.org/debian unstable/main amd64 gettext amd64 0.23.1-1 [1680 kB] Get: 46 http://deb.debian.org/debian unstable/main amd64 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 47 http://deb.debian.org/debian unstable/main amd64 po-debconf all 1.0.21+nmu1 [248 kB] Get: 48 http://deb.debian.org/debian unstable/main amd64 debhelper all 13.24.2 [919 kB] Get: 49 http://deb.debian.org/debian unstable/main amd64 dh-package-notes all 0.15 [6692 B] Get: 50 http://deb.debian.org/debian unstable/main amd64 libtcl8.6 amd64 8.6.16+dfsg-1 [1042 kB] Get: 51 http://deb.debian.org/debian unstable/main amd64 tcl8.6 amd64 8.6.16+dfsg-1 [121 kB] Get: 52 http://deb.debian.org/debian unstable/main amd64 tcl-expect amd64 5.45.4-4 [127 kB] Get: 53 http://deb.debian.org/debian unstable/main amd64 expect amd64 5.45.4-4 [158 kB] Get: 54 http://deb.debian.org/debian unstable/main amd64 libidn2-0 amd64 2.3.8-2 [109 kB] Get: 55 http://deb.debian.org/debian unstable/main amd64 libp11-kit0 amd64 0.25.5-3 [425 kB] Get: 56 http://deb.debian.org/debian unstable/main amd64 libtasn1-6 amd64 4.20.0-2 [49.9 kB] Get: 57 http://deb.debian.org/debian unstable/main amd64 libgnutls30t64 amd64 3.8.9-2 [1464 kB] Get: 58 http://deb.debian.org/debian unstable/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10+b1 [182 kB] Get: 59 http://deb.debian.org/debian unstable/main amd64 libunbound8 amd64 1.22.0-1+b1 [598 kB] Get: 60 http://deb.debian.org/debian unstable/main amd64 libgnutls-dane0t64 amd64 3.8.9-2 [455 kB] Get: 61 http://deb.debian.org/debian unstable/main amd64 gnutls-bin amd64 3.8.9-2 [691 kB] Get: 62 http://deb.debian.org/debian unstable/main amd64 libeac3 amd64 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [51.1 kB] Get: 63 http://deb.debian.org/debian unstable/main amd64 libglib2.0-0t64 amd64 2.84.0-2 [1513 kB] Get: 64 http://deb.debian.org/debian unstable/main amd64 libnspr4 amd64 2:4.36-1 [110 kB] Get: 65 http://deb.debian.org/debian unstable/main amd64 libnspr4-dev amd64 2:4.36-1 [207 kB] Get: 66 http://deb.debian.org/debian unstable/main amd64 libnss3 amd64 2:3.109-1 [1393 kB] Get: 67 http://deb.debian.org/debian unstable/main amd64 libnss3-dev amd64 2:3.109-1 [250 kB] Get: 68 http://deb.debian.org/debian unstable/main amd64 libp11-kit-dev amd64 0.25.5-3 [208 kB] Get: 69 http://deb.debian.org/debian unstable/main amd64 libpkgconf3 amd64 1.8.1-4 [36.4 kB] Get: 70 http://deb.debian.org/debian unstable/main amd64 softhsm2-common amd64 2.6.1-2.2+b1 [12.4 kB] Get: 71 http://deb.debian.org/debian unstable/main amd64 libsofthsm2 amd64 2.6.1-2.2+b1 [252 kB] Get: 72 http://deb.debian.org/debian unstable/main amd64 libssl-dev amd64 3.4.1-1 [2787 kB] Get: 73 http://deb.debian.org/debian unstable/main amd64 libtommath1 amd64 1.3.0-1 [64.3 kB] Get: 74 http://deb.debian.org/debian unstable/main amd64 libtomcrypt1 amd64 1.18.2+dfsg-7+b2 [402 kB] Get: 75 http://deb.debian.org/debian unstable/main amd64 libstoken1t64 amd64 0.92-1.1+b2 [28.6 kB] Get: 76 http://deb.debian.org/debian unstable/main amd64 libtomcrypt-dev amd64 1.18.2+dfsg-7+b2 [1261 kB] Get: 77 http://deb.debian.org/debian unstable/main amd64 libstoken-dev amd64 0.92-1.1+b2 [8196 B] Get: 78 http://deb.debian.org/debian unstable/main amd64 ninja-build amd64 1.12.1-1 [142 kB] Get: 79 http://deb.debian.org/debian unstable/main amd64 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 80 http://deb.debian.org/debian unstable/main amd64 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 81 http://deb.debian.org/debian unstable/main amd64 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 82 http://deb.debian.org/debian unstable/main amd64 python3-typeguard all 4.4.2-1 [37.3 kB] Get: 83 http://deb.debian.org/debian unstable/main amd64 python3-inflect all 7.3.1-2 [32.4 kB] Get: 84 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.context all 6.0.1-1 [8276 B] Get: 85 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 86 http://deb.debian.org/debian unstable/main amd64 python3-pkg-resources all 75.8.0-1 [222 kB] Get: 87 http://deb.debian.org/debian unstable/main amd64 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 88 http://deb.debian.org/debian unstable/main amd64 python3-zipp all 3.21.0-1 [10.6 kB] Get: 89 http://deb.debian.org/debian unstable/main amd64 python3-setuptools all 75.8.0-1 [724 kB] Get: 90 http://deb.debian.org/debian unstable/main amd64 meson all 1.7.0-1 [639 kB] Get: 91 http://deb.debian.org/debian unstable/main amd64 opensc-pkcs11 amd64 0.26.1-1 [924 kB] Get: 92 http://deb.debian.org/debian unstable/main amd64 opensc amd64 0.26.1-1 [410 kB] Get: 93 http://deb.debian.org/debian unstable/main amd64 openssl amd64 3.4.1-1 [1427 kB] Get: 94 http://deb.debian.org/debian unstable/main amd64 p11-kit-modules amd64 0.25.5-3 [271 kB] Get: 95 http://deb.debian.org/debian unstable/main amd64 p11-kit amd64 0.25.5-3 [403 kB] Get: 96 http://deb.debian.org/debian unstable/main amd64 pkgconf-bin amd64 1.8.1-4 [30.2 kB] Get: 97 http://deb.debian.org/debian unstable/main amd64 pkgconf amd64 1.8.1-4 [26.2 kB] Get: 98 http://deb.debian.org/debian unstable/main amd64 softhsm2 amd64 2.6.1-2.2+b1 [169 kB] Fetched 38.3 MB in 3s (13.6 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19805 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-2_amd64.deb ... Unpacking libpython3.13-minimal:amd64 (3.13.2-2) ... Selecting previously unselected package libexpat1:amd64. Preparing to unpack .../libexpat1_2.7.1-1_amd64.deb ... Unpacking libexpat1:amd64 (2.7.1-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-2_amd64.deb ... Unpacking python3.13-minimal (3.13.2-2) ... Setting up libpython3.13-minimal:amd64 (3.13.2-2) ... Setting up libexpat1:amd64 (2.7.1-1) ... Setting up python3.13-minimal (3.13.2-2) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20139 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.2-2_amd64.deb ... Unpacking python3-minimal (3.13.2-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_13.0.0_all.deb ... Unpacking media-types (13.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.5_all.deb ... Unpacking netbase (6.5) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025b-1_all.deb ... Unpacking tzdata (2025b-1) ... Selecting previously unselected package libffi8:amd64. Preparing to unpack .../4-libffi8_3.4.7-1_amd64.deb ... Unpacking libffi8:amd64 (3.4.7-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:amd64. Preparing to unpack .../6-libreadline8t64_8.2-6_amd64.deb ... Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8 to /lib/x86_64-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libhistory.so.8.2 to /lib/x86_64-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8 to /lib/x86_64-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/x86_64-linux-gnu/libreadline.so.8.2 to /lib/x86_64-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:amd64 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:amd64. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-2_amd64.deb ... Unpacking libpython3.13-stdlib:amd64 (3.13.2-2) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-2_amd64.deb ... Unpacking python3.13 (3.13.2-2) ... Selecting previously unselected package libpython3-stdlib:amd64. Preparing to unpack .../9-libpython3-stdlib_3.13.2-2_amd64.deb ... Unpacking libpython3-stdlib:amd64 (3.13.2-2) ... Setting up python3-minimal (3.13.2-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21150 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.2-2_amd64.deb ... Unpacking python3 (3.13.2-2) ... Selecting previously unselected package libproc2-0:amd64. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_amd64.deb ... Unpacking libproc2-0:amd64 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_amd64.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.46-4_amd64.deb ... Unpacking libmagic-mgc (1:5.46-4) ... Selecting previously unselected package libmagic1t64:amd64. Preparing to unpack .../05-libmagic1t64_1%3a5.46-4_amd64.deb ... Unpacking libmagic1t64:amd64 (1:5.46-4) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.46-4_amd64.deb ... Unpacking file (1:5.46-4) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_amd64.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:amd64. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_amd64.deb ... Unpacking libuchardet0:amd64 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_amd64.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-5_amd64.deb ... Unpacking bsdextrautils (2.40.4-5) ... Selecting previously unselected package libpipeline1:amd64. Preparing to unpack .../11-libpipeline1_1.5.8-1_amd64.deb ... Unpacking libpipeline1:amd64 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_amd64.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:amd64. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_amd64.deb ... Unpacking libtext-charwidth-perl:amd64 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0050_all.deb ... Moving old data out of the way Unpacking ucf (3.0050) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-7_amd64.deb ... Unpacking m4 (1.4.19-7) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20240727.1_all.deb ... Unpacking autotools-dev (20240727.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-4_all.deb ... Unpacking automake (1:1.17-4) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.2_all.deb ... Unpacking libdebhelper-perl (13.24.2) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-4_all.deb ... Unpacking libtool (2.5.4-4) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:amd64. Preparing to unpack .../27-libelf1t64_0.192-4_amd64.deb ... Unpacking libelf1t64:amd64 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_amd64.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:amd64. Preparing to unpack .../29-libunistring5_1.3-2_amd64.deb ... Unpacking libunistring5:amd64 (1.3-2) ... Selecting previously unselected package libxml2:amd64. Preparing to unpack .../30-libxml2_2.12.7+dfsg+really2.9.14-0.4_amd64.deb ... Unpacking libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.4) ... Selecting previously unselected package gettext. Preparing to unpack .../31-gettext_0.23.1-1_amd64.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../32-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../33-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../34-debhelper_13.24.2_all.deb ... Unpacking debhelper (13.24.2) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../35-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:amd64. Preparing to unpack .../36-libtcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking libtcl8.6:amd64 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../37-tcl8.6_8.6.16+dfsg-1_amd64.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:amd64. Preparing to unpack .../38-tcl-expect_5.45.4-4_amd64.deb ... Unpacking tcl-expect:amd64 (5.45.4-4) ... Selecting previously unselected package expect. Preparing to unpack .../39-expect_5.45.4-4_amd64.deb ... Unpacking expect (5.45.4-4) ... Selecting previously unselected package libidn2-0:amd64. Preparing to unpack .../40-libidn2-0_2.3.8-2_amd64.deb ... Unpacking libidn2-0:amd64 (2.3.8-2) ... Selecting previously unselected package libp11-kit0:amd64. Preparing to unpack .../41-libp11-kit0_0.25.5-3_amd64.deb ... Unpacking libp11-kit0:amd64 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:amd64. Preparing to unpack .../42-libtasn1-6_4.20.0-2_amd64.deb ... Unpacking libtasn1-6:amd64 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:amd64. Preparing to unpack .../43-libgnutls30t64_3.8.9-2_amd64.deb ... Unpacking libgnutls30t64:amd64 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:amd64. Preparing to unpack .../44-libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ... Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:amd64. Preparing to unpack .../45-libunbound8_1.22.0-1+b1_amd64.deb ... Unpacking libunbound8:amd64 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:amd64. Preparing to unpack .../46-libgnutls-dane0t64_3.8.9-2_amd64.deb ... Unpacking libgnutls-dane0t64:amd64 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../47-gnutls-bin_3.8.9-2_amd64.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:amd64. Preparing to unpack .../48-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_amd64.deb ... Unpacking libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:amd64. Preparing to unpack .../49-libglib2.0-0t64_2.84.0-2_amd64.deb ... Unpacking libglib2.0-0t64:amd64 (2.84.0-2) ... Selecting previously unselected package libnspr4:amd64. Preparing to unpack .../50-libnspr4_2%3a4.36-1_amd64.deb ... Unpacking libnspr4:amd64 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../51-libnspr4-dev_2%3a4.36-1_amd64.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:amd64. Preparing to unpack .../52-libnss3_2%3a3.109-1_amd64.deb ... Unpacking libnss3:amd64 (2:3.109-1) ... Selecting previously unselected package libnss3-dev:amd64. Preparing to unpack .../53-libnss3-dev_2%3a3.109-1_amd64.deb ... Unpacking libnss3-dev:amd64 (2:3.109-1) ... Selecting previously unselected package libp11-kit-dev:amd64. Preparing to unpack .../54-libp11-kit-dev_0.25.5-3_amd64.deb ... Unpacking libp11-kit-dev:amd64 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:amd64. Preparing to unpack .../55-libpkgconf3_1.8.1-4_amd64.deb ... Unpacking libpkgconf3:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../56-softhsm2-common_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../57-libsofthsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:amd64. Preparing to unpack .../58-libssl-dev_3.4.1-1_amd64.deb ... Unpacking libssl-dev:amd64 (3.4.1-1) ... Selecting previously unselected package libtommath1:amd64. Preparing to unpack .../59-libtommath1_1.3.0-1_amd64.deb ... Unpacking libtommath1:amd64 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:amd64. Preparing to unpack .../60-libtomcrypt1_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:amd64. Preparing to unpack .../61-libstoken1t64_0.92-1.1+b2_amd64.deb ... Unpacking libstoken1t64:amd64 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../62-libtomcrypt-dev_1.18.2+dfsg-7+b2_amd64.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:amd64. Preparing to unpack .../63-libstoken-dev_0.92-1.1+b2_amd64.deb ... Unpacking libstoken-dev:amd64 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../64-ninja-build_1.12.1-1_amd64.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../65-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../66-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../67-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../68-python3-typeguard_4.4.2-1_all.deb ... Unpacking python3-typeguard (4.4.2-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../69-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../70-python3-jaraco.context_6.0.1-1_all.deb ... Unpacking python3-jaraco.context (6.0.1-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../71-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../72-python3-pkg-resources_75.8.0-1_all.deb ... Unpacking python3-pkg-resources (75.8.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../73-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../74-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../75-python3-setuptools_75.8.0-1_all.deb ... Unpacking python3-setuptools (75.8.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../76-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:amd64. Preparing to unpack .../77-opensc-pkcs11_0.26.1-1_amd64.deb ... Unpacking opensc-pkcs11:amd64 (0.26.1-1) ... Selecting previously unselected package opensc. Preparing to unpack .../78-opensc_0.26.1-1_amd64.deb ... Unpacking opensc (0.26.1-1) ... Selecting previously unselected package openssl. Preparing to unpack .../79-openssl_3.4.1-1_amd64.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:amd64. Preparing to unpack .../80-p11-kit-modules_0.25.5-3_amd64.deb ... Unpacking p11-kit-modules:amd64 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../81-p11-kit_0.25.5-3_amd64.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../82-pkgconf-bin_1.8.1-4_amd64.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:amd64. Preparing to unpack .../83-pkgconf_1.8.1-4_amd64.deb ... Unpacking pkgconf:amd64 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../84-softhsm2_2.6.1-2.2+b1_amd64.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (13.0.0) ... Setting up libpipeline1:amd64 (1.5.8-1) ... Setting up libtext-charwidth-perl:amd64 (0.04-11+b4) ... Setting up bsdextrautils (2.40.4-5) ... Setting up libmagic-mgc (1:5.46-4) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:amd64 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.2) ... Setting up libmagic1t64:amd64 (1:5.46-4) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-7) ... Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... Setting up file (1:5.46-4) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:amd64 (0.192-4) ... Setting up libeac3:amd64 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025b-1) ... Current default time zone: 'Etc/UTC' Local time is now: Sat Mar 29 12:08:36 UTC 2025. Universal Time is now: Sat Mar 29 12:08:36 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20240727.1) ... Setting up libunbound8:amd64 (1.22.0-1+b1) ... Setting up libpkgconf3:amd64 (1.8.1-4) ... Setting up libnspr4:amd64 (2:4.36-1) ... Setting up libproc2-0:amd64 (2:4.0.4-7) ... Setting up libunistring5:amd64 (1.3-2) ... Setting up libssl-dev:amd64 (3.4.1-1) ... Setting up libtcl8.6:amd64 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:amd64 (3.4.7-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:amd64 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:amd64 (4.20.0-2) ... Setting up netbase (6.5) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:amd64 (2.12.7+dfsg+really2.9.14-0.4) ... Setting up libtomcrypt1:amd64 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-4) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-4) ... Setting up tcl-expect:amd64 (5.45.4-4) ... Setting up libidn2-0:amd64 (2.3.8-2) ... Setting up libnss3:amd64 (2:3.109-1) ... Setting up pkgconf:amd64 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:amd64 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:amd64 (2.84.0-2) ... No schema files found: doing nothing. Setting up libstoken-dev:amd64 (0.92-1.1+b2) ... Setting up libp11-kit0:amd64 (0.25.5-3) ... Setting up ucf (3.0050) ... Setting up libreadline8t64:amd64 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:amd64 (2:3.109-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:amd64 (3.13.2-2) ... Setting up libp11-kit-dev:amd64 (0.25.5-3) ... Setting up libpython3-stdlib:amd64 (3.13.2-2) ... Setting up libgnutls30t64:amd64 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-2) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-4) ... Setting up python3 (3.13.2-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:amd64 (0.26.1-1) ... Setting up p11-kit-modules:amd64 (0.25.5-3) ... Setting up libgnutls-dane0t64:amd64 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.1-1) ... Setting up opensc (0.26.1-1) ... Setting up python3-typeguard (4.4.2-1) ... Setting up debhelper (13.24.2) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.8.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.8.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.41-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-2_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-2 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture amd64 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-19) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86_64 Host machine cpu: x86_64 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.109 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/x86_64-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja debian/rules execute_before_dh_auto_build make[1]: Entering directory '/build/reproducible-path/pkcs11-provider-1.0' # meson test does not compile with verbosity, but doesn't matter as it's test binaries blhc: ignore-line-regexp: .* Compiling C object tests.* make[1]: Leaving directory '/build/reproducible-path/pkcs11-provider-1.0' dh_auto_build -O--buildsystem=meson cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 ninja -j20 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/x86_64-linux-gnu/libcrypto.so debian/rules override_dh_auto_test make[1]: Entering directory '/build/reproducible-path/pkcs11-provider-1.0' dh_auto_test -- -t 10 cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=20 meson test --verbose -t 10 ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu' [1/29] Compiling C object tests/tlssetkey.p/util.c.o [2/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [3/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [4/29] Compiling C object tests/tlsctx.p/util.c.o [5/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [6/29] Compiling C object tests/tpkey.p/tpkey.c.o [7/29] Compiling C object tests/tdigests.p/tdigests.c.o [8/29] Compiling C object tests/ccerts.p/ccerts.c.o [9/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [10/29] Compiling C object tests/tfork.p/tfork.c.o [11/29] Compiling C object tests/tsession.p/tsession.c.o [12/29] Linking target tests/tlssetkey [13/29] Linking target tests/treadkeys [14/29] Compiling C object tests/tgenkey.p/util.c.o [15/29] Linking target tests/tlsctx [16/29] Compiling C object tests/tpkey.p/util.c.o [17/29] Compiling C object tests/ccerts.p/util.c.o [18/29] Linking target tests/tdigests [19/29] Compiling C object tests/pincache.p/pincache.c.o [20/29] Linking target tests/tsession [21/29] Compiling C object tests/tfork.p/util.c.o [22/29] Compiling C object tests/tcmpkeys.p/util.c.o [23/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [24/29] Linking target tests/tfork [25/29] Linking target tests/tpkey [26/29] Linking target tests/pincache [27/29] Linking target tests/ccerts [28/29] Linking target tests/tcmpkeys [29/29] Linking target tests/tgenkey 1/92 pkcs11-provider:softokn / setup RUNNING >>> MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so MALLOC_PERTURB_=254 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests SHARED_EXT=.so MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ grep -q 'GNU sed' ++ sed --version ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ######################################## ## Setup NSS Softokn ++ echo 'NSS'\''s certutil command is required' ++ exit 0 NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.15s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=226 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests SHARED_EXT=.so MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat Using softhsm path /usr/lib/softhsm/libsofthsm2.so ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1955688093 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Creating new Self Sign CA Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Sat Mar 29 12:10:21 UTC 2025 Not After: Sun Mar 29 12:10:21 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:a3:1f:bd:61:3e:bc:a0:7e:77:a0:ca:e7:65:4e:1c 2f:dd:ab:09:82:92:12:19:7c:c5:2f:b4:64:32:12:ea 0d:59:da:42:ca:84:1c:80:f9:bb:3b:f8:25:0f:6d:cc 3e:9a:7c:6e:5a:e7:96:56:c3:d6:bc:6d:fd:c8:c7:9e 5b:f8:0d:b2:4b:6c:bd:a6:9c:d6:2a:88:7f:f6:aa:94 ed:ef:77:a3:85:45:0e:31:dc:63:3d:84:59:84:ac:43 c3:8c:8d:47:ed:47:4a:cc:5c:03:9d:23:fa:12:4d:17 c3:0f:4f:3f:85:9d:cf:5e:2d:13:19:69:e0:9e:95:f3 9b:6b:83:93:be:1d:4c:2c:18:81:fe:4b:1d:46:91:c8 e2:89:17:66:63:db:67:5e:01:9d:22:cd:06:05:47:1f 0f:4a:88:c4:cb:59:8c:85:35:83:ca:57:1c:cb:82:32 f9:1a:f3:41:13:9f:62:08:cd:7c:b8:56:b0:d8:e7:e5 44:ee:3c:da:08:a1:bf:8f:0d:0f:7e:46:e1:de:c1:ce fc:f5:b3:25:f3:3e:8f:87:0f:4e:1e:9c:86:25:80:da 14:7f:c5:77:0f:9c:7c:bb:f5:db:4c:0c:98:91:b7:4c 34:45:5a:dd:59:ad:6e:f2:32:70:4d:7d:14:dd:4f:86 45 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d sha256:ee62b58e39c4a83bf72d7fae8e44655b28e65c6a61dcc20ad08caba82e5bb134 Public Key PIN: pin-sha256:7mK1jjnEqDv3LX+ujkRlWyjmXGph3MIK0IyrqC5bsTQ= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:22 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Sat Mar 29 12:10:22 UTC 2025 Not After: Sun Mar 29 12:10:22 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:b1:5a:9c:b7:35:71:79:b2:80:e5:38:e6:55:fb:89 91:ba:86:59:18:74:b2:00:9b:d3:16:cd:02:17:30:47 42:11:17:5c:25:68:8c:ce:de:51:99:33:00:64:0a:8c 1a:f2:07:0a:2a:ef:d9:c4:1b:db:5a:41:66:d0:3a:26 bc:68:dc:64:d8:03:f8:5a:ae:e3:fa:b7:0f:a1:97:1e 22:94:14:4e:78:2d:b9:e0:5d:ba:5e:c0:0b:eb:2a:5e e2:5a:1e:b4:89:a4:02:32:8d:47:6b:c7:be:47:dc:1b c7:29:e8:1a:fe:8a:10:85:f6:6a:5c:e4:bb:a9:f8:8e 72:c4:74:14:8d:ec:c3:95:4b:d4:a1:d9:0c:fa:40:9d 32:ea:11:85:a6:25:a9:5f:9d:02:b1:dc:e3:71:61:6f 27:6e:ab:29:2c:83:1c:fa:98:ab:df:7f:50:5b:1f:ed 73:3f:76:bd:17:3e:97:b1:6e:f1:a5:fc:d3:c0:fe:2d 55:0d:00:dc:d5:1f:d5:bb:29:5c:f2:b6:d2:05:b0:24 b8:3a:fd:ef:b0:34:46:dd:b8:19:7d:2b:c1:83:88:bb 7f:2a:47:62:6e:a1:68:64:b3:32:16:a7:3f:9f:36:48 08:55:b6:3e:7f:66:4c:8a:ae:8e:74:1e:fa:8e:c1:19 6b Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): fcb51b5549911a87aa9e5d450e76db6556e68587 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:fcb51b5549911a87aa9e5d450e76db6556e68587 sha256:bf24ea8d3b985a3569a06be6280daf5edc9ebe892a4bc7a236879ee05597fda6 Public Key PIN: pin-sha256:vyTqjTuYWjVpoGvmKA2vXtyevokqS8eiNoee4FWX/aY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104006fa03e2897d8922c5bb3acc909fefbea9d263a5e27c81b27d392a8a5e1215f863c73537a579e25a497b452456da895b2bdafa8b4658132dc24686fc5ddeb72 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:23 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Sat Mar 29 12:10:23 UTC 2025 Not After: Sun Mar 29 12:10:23 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 6f:a0:3e:28:97:d8:92:2c:5b:b3:ac:c9:09:fe:fb:ea 9d:26:3a:5e:27:c8:1b:27:d3:92:a8:a5:e1:21:5f Y: 00:86:3c:73:53:7a:57:9e:25:a4:97:b4:52:45:6d:a8 95:b2:bd:af:a8:b4:65:81:32:dc:24:68:6f:c5:dd:eb 72 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 69364acd3be10e3a05c0379671d3bd8888157c48 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:69364acd3be10e3a05c0379671d3bd8888157c48 sha256:659dbe066098ff993de2fceaf7c23b8036f02b3dc6dbdedc7f31b7bd934ad1da Public Key PIN: pin-sha256:ZZ2+BmCY/5k94vzq98I7gDbwKz3G297cfzG3vZNK0do= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104a2f6b80ba1c4ef5fdbd605b1c603d9b2f5b676d78e4867c848b7ca9b139ba5aa6157160517e27594af3e96d98bac49a80f0b7f71c930693d7513154f0e248c0c EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Sat Mar 29 12:10:24 UTC 2025 Not After: Sun Mar 29 12:10:24 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:a2:f6:b8:0b:a1:c4:ef:5f:db:d6:05:b1:c6:03:d9 b2:f5:b6:76:d7:8e:48:67:c8:48:b7:ca:9b:13:9b:a5 aa Y: 61:57:16:05:17:e2:75:94:af:3e:96:d9:8b:ac:49:a8 0f:0b:7f:71:c9:30:69:3d:75:13:15:4f:0e:24:8c:0c Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 237b6cd73a8abcfcdd832d25145823341bb1cba6 Other Information: Public Key ID: sha1:237b6cd73a8abcfcdd832d25145823341bb1cba6 sha256:40c077b8f3386b6b414026fcd87b28d2f4cf49d4e9265c5a8b84d4e553acd3a5 Public Key PIN: pin-sha256:QMB3uPM4a2tBQCb82Hso0vTPSdTpJlxai4TU5VOs06U= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 042047eeb77108131621bd9e19b4dad3b5d16fd8c9ffa4207f3bb68407f68d3db8ce EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:24 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Sat Mar 29 12:10:24 UTC 2025 Not After: Sun Mar 29 12:10:24 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: 47:ee:b7:71:08:13:16:21:bd:9e:19:b4:da:d3:b5:d1 6f:d8:c9:ff:a4:20:7f:3b:b6:84:07:f6:8d:3d:b8:ce Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): bed9d0e841c812c4a150650321cae95dc424d6f5 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:bed9d0e841c812c4a150650321cae95dc424d6f5 sha256:aba8487bc8b5d482f5e5f1357a7baf50ea8dcd792b847a081ac531dd554191bf Public Key PIN: pin-sha256:q6hIe8i11IL15fE1enuvUOqNzXkrhHoIGsUx3VVBkb8= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04396788f4b39c208d9942eef67318aa82383c97d2ce1c846eb367a25eb61557b8f50d6ac18b5e18301242c85a38c5688fafc6d7b8a828c3a21900 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:25 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Sat Mar 29 12:10:25 UTC 2025 Not After: Sun Mar 29 12:10:25 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: 67:88:f4:b3:9c:20:8d:99:42:ee:f6:73:18:aa:82:38 3c:97:d2:ce:1c:84:6e:b3:67:a2:5e:b6:15:57:b8:f5 0d:6a:c1:8b:5e:18:30:12:42:c8:5a:38:c5:68:8f:af c6:d7:b8:a8:28:c3:a2:19:00 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): b3dd3b7ed96876419633d2fe03c237f2773af614 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:b3dd3b7ed96876419633d2fe03c237f2773af614 sha256:3ab7801e2d5317c1cfeebc1129eb75ea1c55f19c6cf06fddf2557636e6492864 Public Key PIN: pin-sha256:OreAHi1TF8HP7rwRKet16hxV8Zxs8G/d8lV2NuZJKGQ= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert ## generate RSA key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:27 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Sat Mar 29 12:10:27 UTC 2025 Not After: Sun Mar 29 12:10:27 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:a1:bd:6d:18:04:a2:9d:3d:68:44:31:dd:57:42:d8 0e:0f:4f:e1:ec:97:29:6a:8b:b2:b6:61:fb:ae:44:aa bd:ee:f0:09:32:28:14:2e:f4:01:7d:78:9c:3e:01:1d d2:00:8d:7c:bb:7f:db:09:e5:25:3d:67:15:25:74:08 d3:38:f5:13:c8:76:e6:d3:5c:f2:ea:d7:4c:0a:45:cf 25:27:12:e7:9f:89:52:71:ac:96:00:27:32:84:5f:0f 11:bf:cc:43:3f:3a:a2:6e:68:98:a2:c9:98:fa:9a:fc a1:aa:ff:c5:be:09:db:f9:99:56:98:dd:b5:88:fc:69 22:61:86:6e:d2:ce:15:ac:b0:98:a8:c4:89:16:86:66 12:9f:91:a4:2c:68:08:90:cb:57:97:c4:28:77:07:e6 f1:33:25:cb:5f:07:55:a0:a7:c6:72:8f:38:d9:5d:53 7f:b3:0d:76:74:d7:c1:85:2c:09:5e:33:ff:12:60:7a 16:c9:78:c6:2b:77:72:74:9d:95:d9:b2:17:4b:4e:22 1c:67:a9:9b:5a:df:83:31:91:23:1b:80:94:8f:0f:fc 86:af:78:5d:19:14:0a:49:29:12:e8:bc:b8:7b:f9:0e d6:ae:fe:95:87:a9:67:34:57:a7:18:ee:37:a2:aa:42 21 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 6621f42e14c5a0dafba1087126bd3e39006a4caf Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:6621f42e14c5a0dafba1087126bd3e39006a4caf sha256:c0ab5df38ec928f101cf528fdece1c9946c3c4a1db0dada646fd2a83ffbfe125 Public Key PIN: pin-sha256:wKtd847JKPEBz1KP3s4cmUbDxKHbDa2mRv0qg/+/4SU= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 0461042f1c320c07f754a61518b9fc29b65546cf01d7664de4e3b1615007459c1f1aa5b9eafff2b1233c9f897632e3939c3b1d5c8a4de6d197d984ce9ca81df1444b0d0afe063acd364e00c94fa14baedaae5abc42afaf35a9210e416bc29a71dfd6d6 EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:28 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Sat Mar 29 12:10:28 UTC 2025 Not After: Sun Mar 29 12:10:28 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 2f:1c:32:0c:07:f7:54:a6:15:18:b9:fc:29:b6:55:46 cf:01:d7:66:4d:e4:e3:b1:61:50:07:45:9c:1f:1a:a5 b9:ea:ff:f2:b1:23:3c:9f:89:76:32:e3:93:9c:3b:1d Y: 5c:8a:4d:e6:d1:97:d9:84:ce:9c:a8:1d:f1:44:4b:0d 0a:fe:06:3a:cd:36:4e:00:c9:4f:a1:4b:ae:da:ae:5a bc:42:af:af:35:a9:21:0e:41:6b:c2:9a:71:df:d6:d6 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): c76049f3915d0d04e0879ef1713cefb15dd8c67b Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:c76049f3915d0d04e0879ef1713cefb15dd8c67b sha256:885388a9f7357c58645603c4191dd0a31a636fe21d1d5602975801d42ea929c7 Public Key PIN: pin-sha256:iFOIqfc1fFhkVgPEGR3Qoxpjb+IdHVYCl1gB1C6pKcc= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850400748fb3434f884e3383dece203c0cf49526dd32d7e407a24fd6574961810443472a8e2efba5cc91dd35042f3a6945e6ed893929ead6b0fd5d9e0edd02968389e0070046a4f952d4f6553caaf92eceb5c41a62d8c2cc68076c2a1005b04f57f4579005d89c584002962fe5ce1bbeedf2aa96656bcf625c6b89dea376aabede52d5c89c69 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 00:10:29 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Sat Mar 29 12:10:29 UTC 2025 Not After: Sun Mar 29 12:10:29 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 74:8f:b3:43:4f:88:4e:33:83:de:ce:20:3c:0c:f4:95 26:dd:32:d7:e4:07:a2:4f:d6:57:49:61:81:04:43:47 2a:8e:2e:fb:a5:cc:91:dd:35:04:2f:3a:69:45:e6:ed 89:39:29:ea:d6:b0:fd:5d:9e:0e:dd:02:96:83:89:e0 07 Y: 46:a4:f9:52:d4:f6:55:3c:aa:f9:2e:ce:b5:c4:1a:62 d8:c2:cc:68:07:6c:2a:10:05:b0:4f:57:f4:57:90:05 d8:9c:58:40:02:96:2f:e5:ce:1b:be:ed:f2:aa:96:65 6b:cf:62:5c:6b:89:de:a3:76:aa:be:de:52:d5:c8:9c 69 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 7e7f414dc77019d43d349870c8080d0f08730a74 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:7e7f414dc77019d43d349870c8080d0f08730a74 sha256:522968055805ecb8881e6f233246683d3fcc6f1fa56b9a81cd41727fd7ed6a90 Public Key PIN: pin-sha256:UiloBVgF7LiIHm8jMkZoPT/Mbx+la5qBzUFyf9ftapA= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' + echo 'pkcs11:type=cert;object=ecCert3' + echo '' + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 pkcs11:type=cert;object=ecCert3 Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Sun Mar 29 00:10:30 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Sat Mar 29 12:10:30 UTC 2025 Not After: Sun Mar 29 12:10:30 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:cd:ef:d3:98:ce:b1:fe:15:65:21:89:6c:28:db:7b 23:a3:da:38:36:5c:cb:a0:de:94:c8:93:b2:4e:de:ed c6:4c:de:32:92:a7:62:b6:e3:75:58:78:2e:29:8d:33 ec:3e:a3:fc:b1:91:62:86:92:57:d5:2a:54:11:5a:33 07:3a:59:12:a8:5c:c6:66:f4:85:07:fe:33:27:ef:0a e1:40:53:09:06:8a:78:30:2b:5f:39:31:96:86:ae:3c ac:cd:a6:dd:67:9a:cc:b8:ac:e7:a7:bb:47:63:61:c0 db:63:bf:65:a0:d2:5d:b2:b9:ca:f4:da:c7:1e:1a:92 bb:72:05:cc:64:ce:72:85:39:ba:25:89:a1:33:7a:49 de:6d:7a:bd:a5:ac:04:7e:50:2e:a4:ab:28:f6:45:bf 16:1f:b0:bd:1a:b9:be:30:01:d5:e3:16:53:1a:a4:f8 e4:4c:c6:44:a3:04:35:44:ce:bc:40:42:4a:66:39:e4 df:bf:9d:4d:0a:56:01:32:39:c6:ad:e9:94:90:1c:ad 6b:e6:3d:cf:ed:74:4f:2f:71:95:6e:20:9f:66:3c:61 43:cf:c7:b6:64:f0:2b:b0:de:70:2c:e1:f6:37:cf:88 5c:74:c2:7e:db:7a:23:65:3c:42:39:30:3c:68:8e:8f db Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): fd2f1790da0ac985480be3497885487531c9535b Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:fd2f1790da0ac985480be3497885487531c9535b sha256:b35791346bd319171b7a4d2b3f0688f3df116ea35c553d4ecb14d67efa240863 Public Key PIN: pin-sha256:s1eRNGvTGRcbek0rPwaI898RbqNcVT1OyxTWfvokCGM= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Sun Mar 29 00:10:33 2026 CA expiration time: Sun Mar 29 00:10:21 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Sat Mar 29 12:10:33 UTC 2025 Not After: Sun Mar 29 12:10:33 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0c:34:67:16:06:9a:47:ce:cb:ea:1b:68:83:a8:58:a4 56:fd:d8:29:70:e3:08:ee:78:a4:56:39:b4:f0:e3:3d 1d:75:86:e6:3f:ea:d1:97:0d:34:16:47:0a:18:de:ec 97:49:98:1d:c3:49:f3:40:d3:df:1b:94:96:93:4a:6d 88:a2:04:ae:fe:a0:3e:14:ef:0f:94:d6:41:c5:6c:39 d2:8b:49:b3:67:3f:6d:37:30:bd:b5:6f:2c:a6:33:54 a9:62:57:cc:d0:5f:08:19:bb:4d:a9:24:1f:2c:61:68 dd:6e:77:8d:30:82:82:8d:88:71:24:97:af:0b:4f:36 83:38:c2:a1:55:c4:88:6c:96:01:d5:5e:ff:ba:d7:19 3e:e2:a6:45:37:e6:13:46:b5:f0:28:14:0d:7b:90:ee d2:08:7d:8b:4a:a2:36:f3:3b:9f:37:97:f3:97:0f:64 5e:99:83:15:50:47:4c:3e:71:9b:05:9b:34:14:13:71 b7:72:71:bc:3b:2d:12:0d:37:93:94:87:c5:c1:9d:2c 1e:d1:63:3f:a8:27:db:21:d0:95:f6:bc:3f:98:3d:60 44:70:04:84:74:0b:5b:e4:77:62:fb:d0:18:cb:76:48 3a:ac:3c:e4:9d:49:53:4d:d4:03:0f:36:c4:40:24:ce 17:6e:5e:61:bf:64:b5:a8:22:a1:79:67:c9:45:54:62 19:af:53:8c:54:13:c7:c3:1a:6f:44:d4:33:a3:f0:bc 42:b4:7d:c1:ce:be:71:63:4c:8a:de:fe:89:d9:d8:c7 a8:3a:e2:ec:3b:e2:d2:35:78:cf:85:a2:7d:32:aa:6f 21:d4:fa:ad:42:7c:ac:75:11:9b:b5:f8:21:53:e9:1a cf:cb:a9:10:94:37:8f:42:68:ef:13:81:5b:6b:59:dc 9a:1f:d1:9a:61:6e:1f:09:53:21:fa:a5:35:a2:95:c9 61:bd:79:a3:57:23:be:a5:48:5c:58:32:d8:02:5d:80 fd:31:81 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 654d8bffefbcb54b06ebf9483a2c87b187f081c6 Authority Key Identifier (not critical): 4bdd8570a19a78b55b09a9f4340cf255d7e7eb2d Other Information: Public Key ID: sha1:654d8bffefbcb54b06ebf9483a2c87b187f081c6 sha256:7441b7ecb88d13f22a20f66dc3c80108154288a9504474fe7a8cb10cc16fe686 Public Key PIN: pin-sha256:dEG37LiNE/IqIPZtw8gBCBVCiKlQRHT+eoyxDMFv5oY= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104006fa03e2897d8922c5bb3acc909fefbea9d263a5e27c81b27d392a8a5e1215f863c73537a579e25a497b452456da895b2bdafa8b4658132dc24686fc5ddeb72 EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 042047eeb77108131621bd9e19b4dad3b5d16fd8c9ffa4207f3bb68407f68d3db8ce EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104a2f6b80ba1c4ef5fdbd605b1c603d9b2f5b676d78e4867c848b7ca9b139ba5aa6157160517e27594af3e96d98bac49a80f0b7f71c930693d7513154f0e248c0c EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Public Key Object; EC EC_POINT 528 bits EC_POINT: 0481850400748fb3434f884e3383dece203c0cf49526dd32d7e407a24fd6574961810443472a8e2efba5cc91dd35042f3a6945e6ed893929ead6b0fd5d9e0edd02968389e0070046a4f952d4f6553caaf92eceb5c41a62d8c2cc68076c2a1005b04f57f4579005d89c584002962fe5ce1bbeedf2aa96656bcf625c6b89dea376aabede52d5c89c69 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 04396788f4b39c208d9942eef67318aa82383c97d2ce1c846eb367a25eb61557b8f50d6ac18b5e18301242c85a38c5688fafc6d7b8a828c3a21900 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%0000;object=caCert;type=public ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + sed -e s/export/unset/ -e 's/=.*$//' + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/testvars + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 14.23s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=163 SHARED_EXT=.so MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ grep -q 'GNU sed' ++ sed --version ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.21s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/x86_64-linux-gnu UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests SHARED_EXT=.so MALLOC_PERTURB_=138 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ grep OpenSC ++ opensc-tool -i ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.20s 5/92 pkcs11-provider:softokn / basic RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=19 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.10s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=120 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 4047D24A837F0000:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1955688093 - SoftHSM slot ID 0x74916e9d):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1955688093 - SoftHSM slot ID 0x74916e9d):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 13.09s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=194 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.06s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=230 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.07s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=141 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.05s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=245 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 1.79s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=177 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.06s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=150 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.06s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=9 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.05s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=135 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 1.23s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> MALLOC_PERTURB_=41 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.06s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=153 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.07s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=77 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.07s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=216 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 2.38s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=133 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.09s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=134 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.11s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=30 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 11.27s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=181 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.09s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=98 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.14s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=205 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.07s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=150 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.07s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=184 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.08s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=23 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.13s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=205 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr .......+...+..+.+..+.......+.....+...+...+.+++++++++++++++++++++++++++++++++++++++*........+......+...+...+........+++++++++++++++++++++++++++++++++++++++*....+.....+.+........+......+.+...+.....+....+...............+...+..............+....+.........+..+......+............+.+...........+...+............+..........+......+........+.+.....+....+.........+..+.+............+.....+.+.....+.......+...+.....+..........+.....+............+....+...+..+...+............+......+...................+...+..+.........+.+...+...+........+.........+......+.......+...++++++ ...........+......+...+...+.....+.........+....+.....+.+......+..+...+.......+..+......+...+.......+.....+.............+......+.....+.........+.+...+...+..+.+.........+++++++++++++++++++++++++++++++++++++++*.........+..+.+++++++++++++++++++++++++++++++++++++++*...+......+.+...+......+.....+......+....++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:06 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:06 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:07 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:07 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:08 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:08 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:09 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:10 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 29 12:11:11 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 5.34s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=87 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.06s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=201 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.06s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> MALLOC_PERTURB_=95 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.07s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=40 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.37s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=218 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.05s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=182 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.06s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=187 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.13s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=253 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 2.43s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=181 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.04s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=203 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.06s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=235 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.08s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=14 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.06s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=78 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.07s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=184 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.08s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=58 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.09s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> MALLOC_PERTURB_=114 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.06s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=213 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.06s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=220 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.05s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=233 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.07s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> MALLOC_PERTURB_=114 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.05s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=88 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 1.51s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=77 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.07s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=96 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.08s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=21 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 2.05s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> MALLOC_PERTURB_=108 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.08s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=115 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.07s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> MALLOC_PERTURB_=10 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.26s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=71 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.08s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=111 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.11s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=48 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.08s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=224 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 6.07s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=247 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.07s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=36 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.04s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=69 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.09s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=193 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.88s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=165 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.11s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=110 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.17s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=53 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.08s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=70 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 40C70141467F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 40C70141467F0000:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 X ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.52s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=148 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.05s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=99 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.06s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=8 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.12s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=221 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.37s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=230 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.12s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=22 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.06s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=159 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.06s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=80 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:22 2025 GMT; NotAfter: Mar 29 12:10:22 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIyWhcNMjYwMzI5MTIxMDIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALFanLc1cXmygOU45lX7iZG6hlkYdLIAm9MW zQIXMEdCERdcJWiMzt5RmTMAZAqMGvIHCirv2cQb21pBZtA6Jrxo3GTYA/haruP6 tw+hlx4ilBROeC254F26XsAL6ype4loetImkAjKNR2vHvkfcG8cp6Br+ihCF9mpc 5Lup+I5yxHQUjezDlUvUodkM+kCdMuoRhaYlqV+dArHc43Fhbyduqyksgxz6mKvf f1BbH+1zP3a9Fz6XsW7xpfzTwP4tVQ0A3NUf1bspXPK20gWwJLg6/e+wNEbduBl9 K8GDiLt/KkdibqFoZLMyFqc/nzZICFW2Pn9mTIqujnQe+o7BGWsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBT8tRtVSZEah6qeXUUOdttlVuaFhzAf BgNVHSMEGDAWgBRL3YVwoZp4tVsJqfQ0DPJV1+frLTANBgkqhkiG9w0BAQsFAAOC AQEAl79DILAfaFpqkDFsa2xPjx5CgQmmYiBI/w5DZ9FrIWd+IoAg8avZwoTJAxfL PqUTYmajjACdpxv6ZeKb0osRxHCfzeIvqMwugjv0qTIRaPaVFaP39mNrONDo2vcX D4ibSSz80pqY5cX657CTlzrpo5IbXK5tdKFQ+XwnKBLNBNMsGvqys3l6WMZazft+ exCCqAkL+4UOPzZmfXzCy7QbG6Nu1FL2nXTvoqmEBQsAE0DPBaBXWsWAaIZ0AwkU cVgTELRkXNmDyyc5lZTuosWhDcGwJReuRbGr++4KpKEpX2bOE4sRxe25BCfakYfC 1ZwPWTVzRTN8oTuhfB1EsJeRsw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B221CA38E86F7394F7EAF91B4CCC346139F524814D997159A9A3A5BE8139433C Session-ID-ctx: Resumption PSK: 60770686938F9CB9BFB43683217D8A235BCFC00B7E335A393585DF19B9275D496F78C941133ECE52F4FBF9C3043F2BDE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 04 09 95 84 d3 3b 0b 00-12 79 52 06 2d ea 85 bd .....;...yR.-... 0010 - 27 c0 22 41 4a 68 fc e5-22 70 12 e4 ba cd 5a c0 '."AJh.."p....Z. 0020 - f7 c4 6c 65 1c 5a 73 e8-37 30 e9 08 42 f5 19 0b ..le.Zs.70..B... 0030 - 5d 0e 9e ed a1 a0 58 42-ba ea aa 75 36 fd 05 77 ].....XB...u6..w 0040 - 71 ab 52 a9 75 95 d7 9b-26 74 0f 4e a3 1e 26 08 q.R.u...&t.N..&. 0050 - ea 0b ee 18 90 e0 97 17-4e bc bc f7 86 1a ce 36 ........N......6 0060 - c8 c2 65 5b 76 87 d2 f0-e2 14 2d cd 19 fc d2 c5 ..e[v.....-..... 0070 - 64 c6 0d 2e 00 eb 5f 28-ff 48 72 88 5e 3e 18 91 d....._(.Hr.^>.. 0080 - ac 5d 34 87 34 55 f5 fe-68 03 13 ca 12 07 a8 d4 .]4.4U..h....... 0090 - a3 5b 31 7f 29 70 c7 fc-d8 21 50 0a d6 20 68 92 .[1.)p...!P.. h. 00a0 - e3 3b 0e 92 51 ef 0c 4e-af d0 2f 16 12 c6 b6 4f .;..Q..N../....O 00b0 - 33 39 34 84 7d 42 c5 fb-fb 14 b3 46 41 c3 b6 61 394.}B.....FA..a 00c0 - 85 91 73 cf d9 64 c8 97-89 e7 86 67 9f 9a 1c 14 ..s..d.....g.... Start Time: 1743250290 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 1AD84C1AAD7A0E508A37790FD6E312D52AB19970D2974F6737C9B2147CB2D2B0 Session-ID-ctx: Resumption PSK: 036791E10065E66671A188F933230FDB3B5EC8919F5134137851A4A192858B3AA810419216ACE1092D95BE7F6E4DEB8E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 04 09 95 84 d3 3b 0b 00-12 79 52 06 2d ea 85 bd .....;...yR.-... 0010 - 76 ab 2c 40 1b bb 0f b4-ae 97 50 9c 10 ea 04 68 v.,@......P....h 0020 - 5c ce 59 22 a3 6b 3c cb-c0 0e 5e 25 b2 bc 8c 3d \.Y".k<...^%...= 0030 - 6d 31 cc 53 03 11 e6 8f-f4 73 45 31 c0 7c 5a 36 m1.S.....sE1.|Z6 0040 - 72 69 60 43 1e d5 24 08-0b aa e7 d0 9e 1b 45 6c ri`C..$.......El 0050 - dd 7a 3c 76 17 7b 38 f2-30 38 b4 f1 50 9a 94 f8 .zP..?. 0090 - a0 da 04 10 6f 37 ff e1-9d c0 d2 bc b5 af d2 97 ....o7.......... 00a0 - 74 0d 4f bd 88 8d 3f 43-0e a5 54 cb 7e fd c1 32 t.O...?C..T.~..2 00b0 - 8f a1 d4 ed d9 98 de ac-f9 c4 81 81 04 85 a5 81 ................ 00c0 - 77 70 27 52 01 f9 b5 5e-89 90 06 25 1b 86 d3 2b wp'R...^...%...+ Start Time: 1743250290 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A7F58DDB7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIMr5WanTjT10yzg1M/b3QJ/mUk1lBAykZkLxojRp99L3 BDADZ5HhAGXmZnGhiPkzIw/bO17IkZ9RNBN4UaShkoWLOqgQQZIWrOEJLZW+f25N 646hBgIEZ+fjcqIEAgIcIKQGBAQBAAAArgcCBQDx4GcCswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 29 12:11:30 2025 GMT; NotAfter: Apr 28 12:11:30 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUWKbWHGGdl9n9GZIdSMEAqfBLnzwwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzI5MTIxMTMwWhcNMjUwNDI4MTIxMTMwWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDN79OYzrH+FWUhiWwo 23sjo9o4NlzLoN6UyJOyTt7txkzeMpKnYrbjdVh4LimNM+w+o/yxkWKGklfVKlQR WjMHOlkSqFzGZvSFB/4zJ+8K4UBTCQaKeDArXzkxloauPKzNpt1nmsy4rOenu0dj YcDbY79loNJdsrnK9NrHHhqSu3IFzGTOcoU5uiWJoTN6Sd5ter2lrAR+UC6kqyj2 Rb8WH7C9Grm+MAHV4xZTGqT45EzGRKMENUTOvEBCSmY55N+/nU0KVgEyOcat6ZSQ HK1r5j3P7XRPL3GVbiCfZjxhQ8/HtmTwK7DecCzh9jfPiFx0wn7beiNlPEI5MDxo jo/bAgMBAAGjaTBnMB0GA1UdDgQWBBRk26AeROUzQSNTCXDLRKUiiX2j1DAfBgNV HSMEGDAWgBRk26AeROUzQSNTCXDLRKUiiX2j1DAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAhoRjuO3sbV/w 5FmBnZvvsN/4RAMYLLNEfZUOMd/BpLslInH3rxQbc0HAWpGl4xpdVcvCwktV0Hjw LfkXUSIK5tOljxI+JiMrfKJNhMovZ3SMRdmaWsye9cXnC6+NNzimiF7rAonu3Fh6 VF7mA+/IsHx+TlV2qVpFcZ21BRjJedmbuYzBMO5zCNkQUhTdKV3kxAsUoIplxhKa o2Z8w3DtFDNgFZHzVQegQmFgerN6S1NJH4jRalaVvR8R6glQLGuiElfmibtsBQ0A ViWQUl37KiHcjPwP8/PHTwzcqyk/eL84bD6QlQuQZERlA+pqtVZ3CCihNttpDL9k H61nKbJ9EA== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 02529F0505D4A4202E6B8BF44A52818C0B0811F8268DBC0BC8DDDCA3102A0893 Session-ID-ctx: Resumption PSK: D8E64724710DC8854F1C9B23B519E1045DB7788E31D345E3AD59DB59EA1448CC220040EFC742879B60732FB40530AAF9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 90 83 b8 dc 5c 6f f1 64-f0 d6 8b bb ed 36 a4 95 ....\o.d.....6.. 0010 - 3a 88 5c ed 52 8d 8d f6-db cd b8 02 fe 62 80 d7 :.\.R........b.. 0020 - f2 ff 2b 56 27 b6 9d 04-53 78 32 77 9a 05 1c fb ..+V'...Sx2w.... 0030 - fc 5e f5 9e 26 a0 08 5c-c2 27 e0 2b bc fe 56 8d .^..&..\.'.+..V. 0040 - a7 31 c1 6e 0e ab 72 f1-67 c7 f8 41 0e bd 12 cd .1.n..r.g..A.... 0050 - d8 65 14 90 77 b2 99 fb-b0 dd 23 89 8d b6 2b e9 .e..w.....#...+. 0060 - 6e 95 f2 f5 ed bf b9 96-c2 cc 29 f7 7a 78 e5 d3 n.........).zx.. 0070 - 9a b8 b4 19 f4 6c 9f 73-1a 61 a7 f5 02 cc d9 04 .....l.s.a...... 0080 - a9 20 ba cc cf f4 00 b6-c1 3b 76 14 da 86 5a e4 . .......;v...Z. 0090 - cd 52 90 2f 83 29 59 20-35 0b 6c fa ae 4e d6 ee .R./.)Y 5.l..N.. 00a0 - a1 d8 83 48 a6 4b c3 28-44 55 25 7e 2b 9d a1 27 ...H.K.(DU%~+..' 00b0 - ab 58 1e 98 4f 42 f0 fb-50 39 db bb 0d a9 8a 8d .X..OB..P9...... 00c0 - 19 f4 e6 7d 9a 88 a4 fe-cf 3d 18 47 d5 4e 65 f2 ...}.....=.G.Ne. Start Time: 1743250291 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 68E885E83D9D5405CC88EB1E5D1089AFBBA7AFD38FDE19A85D91F29B40B529A1 Session-ID-ctx: Resumption PSK: FDD3F4CE79AF0FB21B043085C6B2CF7C5902AB9F01A92C62A0DE1CD16B27BB26CD62761D844038935E08F803981DE022 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 90 83 b8 dc 5c 6f f1 64-f0 d6 8b bb ed 36 a4 95 ....\o.d.....6.. 0010 - dd 6d ca cb 8b 20 ce 1e-1b f5 a8 62 91 0b b0 1c .m... .....b.... 0020 - 33 a6 50 cb 26 2c 9f 1c-c9 90 9c ef c2 63 54 6c 3.P.&,.......cTl 0030 - 73 53 34 fb f9 d9 c6 e4-93 b6 31 42 68 56 1a 2c sS4.......1BhV., 0040 - 89 fd de ad 60 f2 6a ce-1b 84 3e 2a 7d 16 e5 df ....`.j...>*}... 0050 - 31 87 20 65 ea 0c d1 1b-88 46 ac 59 ad 96 b3 25 1. e.....F.Y...% 0060 - 20 58 6d c3 21 b5 3d 23-bf 0b be 5d 43 80 c3 9e Xm.!.=#...]C... 0070 - e0 a3 97 e7 b7 df 8d d3-1c 13 1b 64 8a e5 a4 c3 ...........d.... 0080 - 1d 28 bd b1 00 3d 0c 6a-7c 06 70 d2 bd 75 9d f7 .(...=.j|.p..u.. 0090 - 88 34 7c 4f 07 02 d8 52-92 b2 59 57 36 06 cb 00 .4|O...R..YW6... 00a0 - c3 ee 1d 5b c3 b1 2c f4-05 98 9a 6a 1e 1c 56 1c ...[..,....j..V. 00b0 - 77 32 39 fc 9c 54 0a ae-a9 b7 b3 35 8f c2 50 55 w29..T.....5..PU 00c0 - 9b b3 f3 64 17 c0 d0 bf-65 09 f7 f7 93 09 74 73 ...d....e.....ts Start Time: 1743250291 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4077BE097F7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEINDRH5VsTt3lfB1rVz4tzJLP5kjO8BRK6+Qmc2FWJhKs BDD90/TOea8PshsEMIXGss98WQKrnwGpLGKg3hzRaye7Js1idh2EQDiTXgj4A5gd 4CKhBgIEZ+fjc6IEAgIcIKQGBAQBAAAArgcCBQD5Qn5eswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 29 12:11:32 2025 GMT; NotAfter: Apr 28 12:11:32 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUCzBgb1ab/TeWxFfp6lltYAJOYsAwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzI5MTIxMTMyWhcNMjUwNDI4MTIxMTMyWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgww0ZxYGmkfOy+obaIOo WKRW/dgpcOMI7nikVjm08OM9HXWG5j/q0ZcNNBZHChje7JdJmB3DSfNA098blJaT Sm2IogSu/qA+FO8PlNZBxWw50otJs2c/bTcwvbVvLKYzVKliV8zQXwgZu02pJB8s YWjdbneNMIKCjYhxJJevC082gzjCoVXEiGyWAdVe/7rXGT7ipkU35hNGtfAoFA17 kO7SCH2LSqI28zufN5fzlw9kXpmDFVBHTD5xmwWbNBQTcbdycbw7LRINN5OUh8XB nSwe0WM/qCfbIdCV9rw/mD1gRHAEhHQLW+R3YvvQGMt2SDqsPOSdSVNN1AMPNsRA JM4Xbl5hv2S1qCKheWfJRVRiGa9TjFQTx8Mab0TUM6PwvEK0fcHOvnFjTIre/onZ 2MeoOuLsO+LSNXjPhaJ9MqpvIdT6rUJ8rHURm7X4IVPpGs/LqRCUN49CaO8TgVtr WdyaH9GaYW4fCVMh+qU1opXJYb15o1cjvqVIXFgy2AJdgP0xgQIDAQABo2kwZzAd BgNVHQ4EFgQU3X/wFRQbWVM5mh9Rtx4YAXoc2rUwHwYDVR0jBBgwFoAU3X/wFRQb WVM5mh9Rtx4YAXoc2rUwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAPpNomJUzOYRqqG9le9FTC9H3nwUBaF XH0bj5KrXQMCWjppHW+7T/ShVG35V+tlcyTfeTGsYW5J1MOYpLyuJGhiGxhH/UnP 54rn6oMIYlhKDxzOyh+/kSbZS5N/b0WhdXk6fOeyJwV+X2Bw6bw6d877c5L+PIIz 8kGQMJqdgEeQ8hkqBbsV6nZ9NaZcswEpDu9F3HPd461z0KGVVpYBlvebcF74hhiP lVNhhz5ODjCPJsjdzAm3Q85hX58P84KJsgSnSTN1tv4OdZAj6jtTOu/DpcFabvAx Jhrj780kzOiS2Hck5CTefPOhcrcUT8Zy5NW4G5WxKdja32hNfTZGEqg3qyvCM6YW MDWGO+bZLwAee8Vi7KnQRKjskCM+CfdGuqix3EpcSCzqDmoJPz7kROrMPmnkIZ3Z 9ze/hknvbPRMbV+/v+9cjw8MQ34nnRoSPwM91bqX3ynKICvW/qqOTteaZepGkhPn trS8zonW8RbZLe+IJBfrHwZ+RmZk1SqEMn2nxw== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 5A097E01E114570F78020E29E44A68965A39BC511066D027BE53CFA05AE168FC Session-ID-ctx: Resumption PSK: B8A4A6E67BA8098BF498DE53E4D119BD3514263831B882399DDF68744FE4355C64AFC52CCBCFFCDC1F6DEEF72D2CC0E6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 93 94 bd cd 5b 94 ee-d9 7e c4 4b f0 f6 dd 76 .....[...~.K...v 0010 - 4f cf f3 32 93 6c 43 84-2c a4 bb 56 09 cd 0c a0 O..2.lC.,..V.... 0020 - 1a 7a 92 06 1b b5 49 e5-0f e5 17 c3 f4 ce b0 5a .z....I........Z 0030 - 96 a0 25 76 ee 18 f0 3a-aa a4 22 d7 7b 95 0c cc ..%v...:..".{... 0040 - b2 54 d4 f2 57 af 82 cb-0e 7f 65 ad 96 1c dc 7e .T..W.....e....~ 0050 - c8 7b 4b 1f 08 e7 b3 29-59 a1 93 92 ca 06 d2 d7 .{K....)Y....... 0060 - 57 43 4c e1 7f d0 5a 20-9d 70 9a df 39 c2 2f 9b WCL...Z .p..9./. 0070 - 37 ef 54 10 c2 a6 00 7f-33 d0 38 d7 34 1f df 47 7.T.....3.8.4..G 0080 - 90 b5 01 9d 6d f8 33 36-97 f4 4e 73 d7 f4 95 e0 ....m.36..Ns.... 0090 - 45 8c 9e a8 e5 55 4c 33-d5 81 a0 93 14 03 11 a6 E....UL3........ 00a0 - 08 71 8b ac 66 61 bb 8f-5f 88 36 1d bd 96 d7 0a .q..fa.._.6..... 00b0 - 34 6f c3 6e 33 ea 5e 59-da 7b 85 e6 34 47 f1 db 4o.n3.^Y.{..4G.. 00c0 - c4 88 47 57 84 e5 c3 4e-f0 64 b0 db be 1f 07 a0 ..GW...N.d...... Start Time: 1743250293 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 188FA28F4D74B5906AEDA893B01D8BE5B680D38636C0F01D65F112A9A39220CC Session-ID-ctx: Resumption PSK: B0712860F750CB5E8FF49F9CBC3EF325DF616858995C6E9EE5CAF2287C28781E5525CA695F1E6A2B5107DC09EED0D954 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 93 94 bd cd 5b 94 ee-d9 7e c4 4b f0 f6 dd 76 .....[...~.K...v 0010 - 73 80 26 19 67 ac 51 a8-41 e6 dd 98 2a 56 dd a9 s.&.g.Q.A...*V.. 0020 - 10 0c e7 7e a8 c1 cc f6-41 8b 5a eb b2 4b 62 4b ...~....A.Z..KbK 0030 - eb c3 17 59 5e 8d b4 ea-d6 1e 7c dc 4f d6 6f fa ...Y^.....|.O.o. 0040 - 98 47 f7 33 1f ac 90 0d-94 b9 5d 51 da 37 fc 59 .G.3......]Q.7.Y 0050 - 4a 7d b2 51 de 12 c3 ee-be 6d 52 68 eb 42 99 ad J}.Q.....mRh.B.. 0060 - 46 4e 56 dd d3 2b 93 33-fa 86 67 a1 63 22 bd 59 FNV..+.3..g.c".Y 0070 - e8 8f b9 be ca f0 f2 7a-ce 55 e1 a9 e6 34 08 c2 .......z.U...4.. 0080 - 30 3f 44 c5 7c 21 05 90-8e 56 c7 68 6d fa fd 9c 0?D.|!...V.hm... 0090 - c3 2e 3b 3f 71 85 ca 2e-28 17 c7 c4 af 4c 9f f4 ..;?q...(....L.. 00a0 - 79 82 c2 a7 b5 54 9a 8d-40 0b 86 fe 88 3e 03 e3 y....T..@....>.. 00b0 - f0 ed 66 dd eb 01 a1 a6-c0 bc 3a 74 60 e0 16 99 ..f.......:t`... 00c0 - e8 d4 92 f0 b4 6c 00 14-db ba e4 5a c0 01 55 de .....l.....Z..U. Start Time: 1743250293 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40472859247F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIGaNpbBCxUj+PA53b9EKL/d+Er8uQvBUEnN42T0x3Qml BDCwcShg91DLXo/0n5y8PvMl32FoWJlcbp7lyvIofCh4HlUlymlfHmorUQfcCe7Q 2VShBgIEZ+fjdaIEAgIcIKQGBAQBAAAArgcCBQCciaVRswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1001 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: F372B1316D185071545DCBF96E89393950E6DB2DD17BFCC213B83DC2A7F851DE Session-ID-ctx: Resumption PSK: 5A29487CFFB7682222D23BA75A3711605BE91F73E9B138BBD00B3D6F73B08E8E75752BFEAB8C0F044D4A195AB61F8607 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - aa fa 6e d6 b0 23 1a 72-60 24 df b5 0a 4f cc 5f ..n..#.r`$...O._ 0010 - de bc 5b 3a ff 19 7c 03-3d c2 fb 00 7b 8a c0 21 ..[:..|.=...{..! 0020 - b2 80 c9 7e f3 d9 51 28-60 01 42 73 cc 87 0c ac ...~..Q(`.Bs.... 0030 - 2c b4 79 9e b2 b2 3b 24-df b7 00 64 c3 bf 82 e2 ,.y...;$...d.... 0040 - 40 b1 b2 98 e6 a2 90 f0-20 c5 f8 74 30 ad 0d 91 @....... ..t0... 0050 - 26 a8 07 e1 19 2b f0 24-bd 9c db f6 a1 d7 77 af &....+.$......w. 0060 - e4 03 e9 9f 95 46 91 8e-fa a7 ca 82 bb 66 7f 0f .....F.......f.. 0070 - 7c 63 39 1a 52 23 d0 bb-0a 51 5a 65 7f 87 6b 77 |c9.R#...QZe..kw 0080 - d4 4a d2 a7 65 9b 6b 49-27 0b 3d 86 26 ca 62 73 .J..e.kI'.=.&.bs 0090 - 3e 4e 2b 53 2d 70 e1 d5-77 83 59 c8 bd 24 6b 52 >N+S-p..w.Y..$kR 00a0 - 15 e9 1a 00 3e 75 ef a1-32 d0 80 d8 ee 26 f5 bf ....>u..2....&.. 00b0 - bf 21 d8 15 ce 7d da c6-e6 80 f2 9b f0 7f 52 ec .!...}........R. 00c0 - f8 08 cc d7 2f 80 9b 2a-f0 2f f8 30 05 01 19 5c ..../..*./.0...\ Start Time: 1743250294 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 98FDFAB17327A1FEACB7FDA02ED3C9F855114785BD18F9386CD42AE987350D81 Session-ID-ctx: Resumption PSK: 4D0E4362D6DDA75901075F7A8E14D2D06A68F1D592A4F7A6AD762E8C7B477F0B8B0CF2A934B8E44FC0224BA73BEA7F88 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - aa fa 6e d6 b0 23 1a 72-60 24 df b5 0a 4f cc 5f ..n..#.r`$...O._ 0010 - 86 1e 0d 9a ee c7 5a bb-06 0e eb 56 ab 7e 9c 57 ......Z....V.~.W 0020 - 6f 27 03 16 00 9a 33 a8-5e 07 c1 f5 9d 92 09 b0 o'....3.^....... 0030 - b7 46 70 64 db f1 d6 dd-89 f8 c2 2f 48 78 51 45 .Fpd......./HxQE 0040 - 28 d5 ee fd 51 c1 01 54-3f 0e 2a b8 fa 7b e6 0c (...Q..T?.*..{.. 0050 - 96 8c df 91 a0 70 65 75-24 b5 67 35 f8 25 d0 10 .....peu$.g5.%.. 0060 - 1d 61 3d ca 41 23 18 6e-18 54 10 1b b4 4e 31 7a .a=.A#.n.T...N1z 0070 - 15 c7 5a 35 d7 86 9b cc-68 5d bb c5 73 de ca 81 ..Z5....h]..s... 0080 - 33 db 05 b7 21 1f 98 7e-ad e7 0a 26 f0 6d 41 2a 3...!..~...&.mA* 0090 - c2 2b ef 9e 93 55 0c 67-fc 67 36 c7 4a 5c 99 0e .+...U.g.g6.J\.. 00a0 - fc ab 9f 5e fc 32 24 a5-75 f7 95 16 e2 1d e0 fb ...^.2$.u....... 00b0 - 90 ae b9 f7 53 70 60 e9-29 f2 0c ff 1d e4 14 8e ....Sp`.)....... 00c0 - 64 b0 4a 59 d0 46 4e b8-99 35 51 d9 0c ab 91 5e d.JY.FN..5Q....^ Start Time: 1743250294 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40275AF99B7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIOmP5S8IM9N57+6lLeYsAzpUBclDAYIBulHt6OUCshsS BDBNDkNi1t2nWQEHX3qOFNLQamjx1ZKk96atdi6Me0d/C4sM8qk0uORPwCJLpzvq f4ihBgIEZ+fjdqIEAgIcIKQGBAQBAAAArgcCBQCpAXwvswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:24 2025 GMT; NotAfter: Mar 29 12:10:24 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDI0WhcNMjYwMzI5MTIxMDI0WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAEfut3EIExYhvZ4ZtNrTtdFv2Mn/pCB/O7aEB/aNPbjOo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFL7Z0OhByBLEoVBlAyHK6V3EJNb1MB8GA1UdIwQY MBaAFEvdhXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQCJt/xu rFEsIP5B8bxFiInR0HBbhT544C2W9+nUqWu+CENuet6b5no+c0udTb9KeTPukdtY zelRd68GjrXkNonDXp4ozrOSAU3Ga5ymJW9qD/Q5BcbzbHU3s/vcbF/owjO7cRym xHfP2Awm1tje1lbuid+VAGPeC74uo2JIArDzPjJiJI8ox9xe8Bmz4anOkS52JQXc 8AkUroTCSMANVBevga4mLNUIfHGGIY6L0EU6gpAOqfZGCwQY/DJl0fHv8FtS5KtD /DT0+TUOlyu6kDNl5CJDAvu+0nqMJbbUOyt0F9DYFlI4I4vrmkR1imvaPOrAQeiM qM/aDXDDpTf2Pdzc -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7F5AF336BDBE46A89799213AB77E401E91FE2C4D8D2620095D20747B3777746B Session-ID-ctx: Resumption PSK: D5FE7731B84B4B8F5056D25AC1B3381B0BDE071B8A4EF9020F465BB0F9745EBB5E29C4B9FC9927FE0AC91776812753B5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ac 3c f6 52 89 6b aa 3a-f0 da f2 2b d6 f3 1b 23 .<.R.k.:...+...# 0010 - 4d 49 70 52 9d 9c b3 f5-8c e7 73 76 f6 6a 7a ba MIpR......sv.jz. 0020 - 82 4c 58 68 19 77 5c fa-bb 01 90 b3 a8 60 66 03 .LXh.w\......`f. 0030 - ad 31 1c 58 6b af 49 af-0e bc 89 23 78 14 ed 58 .1.Xk.I....#x..X 0040 - d4 42 b6 13 28 c9 16 28-a1 a7 15 0d 70 6e 15 fa .B..(..(....pn.. 0050 - 79 4e 1d 01 d6 58 a7 65-f4 c3 15 8a ff 41 a6 97 yN...X.e.....A.. 0060 - 6b 15 51 aa 01 70 4e 7d-24 fe c1 ec 04 32 0a 40 k.Q..pN}$....2.@ 0070 - 2e c6 52 60 35 8e ca fe-dc 8b 31 7f 68 95 5c 71 ..R`5.....1.h.\q 0080 - cf cf 76 c2 68 00 cf 10-c3 7e 7b c5 d8 d6 12 14 ..v.h....~{..... 0090 - 98 8b 5d 7f 00 fd 94 c6-d2 6e 46 67 3c bc 29 8c ..]......nFg<.). 00a0 - 05 c2 8c d4 98 80 2d b4-dd 7a 0d cb ea 75 60 d2 ......-..z...u`. 00b0 - 73 10 ec 47 eb b4 8a 06-0c 26 72 c7 c9 85 77 7e s..G.....&r...w~ 00c0 - 7e 83 c6 bd d2 e5 64 50-ac d9 8e cd 61 37 ab 15 ~.....dP....a7.. Start Time: 1743250294 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 14E44384E8CB44135D89F9D7B74C247DA302E2F70E17A16B99E493F61133AC42 Session-ID-ctx: Resumption PSK: 703BB0D1AC9B97AC28567017BDF39B615F8EBDD1CBE5B3516D71F052012814799BF35A5339E198EA7A899A51ACFA7B1C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ac 3c f6 52 89 6b aa 3a-f0 da f2 2b d6 f3 1b 23 .<.R.k.:...+...# 0010 - 69 74 bf 05 93 2c bc a9-29 fd bd df c2 8d 4e c0 it...,..).....N. 0020 - b4 bd 46 bf 08 fb 7a 7c-92 f2 7c 96 2a fd 23 e0 ..F...z|..|.*.#. 0030 - 5a d3 65 ed 67 f5 90 47-e9 6f ca 5d 61 24 6d e4 Z.e.g..G.o.]a$m. 0040 - d1 1b c5 35 e3 59 fc 47-a1 56 39 58 83 ce 48 02 ...5.Y.G.V9X..H. 0050 - ac 59 71 89 9b 1c 9b 9d-b0 ae e0 19 d3 19 da fe .Yq............. 0060 - e6 08 19 1d 21 3e 8a b4-5d e4 e7 a1 76 82 23 47 ....!>..]...v.#G 0070 - ff 23 47 5b 59 c2 0b 9a-d2 62 86 c7 3d ef 91 24 .#G[Y....b..=..$ 0080 - cd 6a b0 71 31 15 56 5e-82 dd 60 5c 9d fe 24 11 .j.q1.V^..`\..$. 0090 - 6a e9 f4 2b 9b 08 1d 68-9a 53 06 0c 88 0c 43 7a j..+...h.S....Cz 00a0 - 55 8d 85 5a b9 c2 f5 78-8d 72 d4 28 64 a8 c0 60 U..Z...x.r.(d..` 00b0 - ec cf 31 30 33 53 20 3f-e1 62 ee d2 0d 54 ff 80 ..103S ?.b...T.. 00c0 - 27 03 c9 10 82 00 ef b2-87 12 04 1c 47 28 e6 b0 '...........G(.. Start Time: 1743250294 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40473DDD5B7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIJ+FtsUMPyxG3jbUtYDLSvQgQx0VHSS+LgqGp0nSmCMQ BDBwO7DRrJuXrChWcBe985thX4690cvls1FtcfBSASgUeZvzWlM54ZjqeomaUaz6 exyhBgIEZ+fjdqIEAgIcIKQGBAQBAAAArgcCBQDll//nswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:25 2025 GMT; NotAfter: Mar 29 12:10:25 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDI1WhcNMjYwMzI5MTIxMDI1WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgBniPSznCCNmULu9nMYqoI4PJfSzhyEbrNnol62FVe49Q1qwYteGDASQshaOMVo j6/G17ioKMOiGQCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUs907ftlo dkGWM9L+A8I38nc69hQwHwYDVR0jBBgwFoAUS92FcKGaeLVbCan0NAzyVdfn6y0w DQYJKoZIhvcNAQELBQADggEBAJjbvgVlI++/zsHC/LFbQmoeGfCOvzI2cEVCPGHq 8KPS9xsmXVPBLh+yCw8nUP6tVDAvKO+kpR2JdnJJr2iYhHbKFrvdt0YmsoZgqnbF Bn68T7KREF6VG1Af2paXzKsmOAak2zo8yslJevHaok8JUuTO1q+OqWZOzo0tXBhS 4FRSduVtd4fz6AfUvkQ5MwTbgnHP1OuPtmHqWJPw+p16A7wOwZNP9/TsY2xc1VRX abRz/Qa6HTkuE+JvZIQf0SgsLErzXTMjlz5503fjxeyzhOgT8sjVpxWpNseaSGvU md9MbcH9/M7vNTzUf5v5Mih6rWVD28iOfnSWdECfuK8keJo= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FB549E76F651A91E9A811E12383D2A0E869755835C0D0DF121A246FF4787546B Session-ID-ctx: Resumption PSK: FD42E6112C189D4FD4F78E65BE18464569BD0AA9CC4E8F86D429BA8E5FBD448D5F23C69EEE051E39D8992FF7A7986731 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a2 46 ef c8 65 0e c4 f7-3c e0 0e 17 12 2a 05 19 .F..e...<....*.. 0010 - 12 48 e9 fe bc 62 8f 55-4d 20 7e ed ab a4 15 bd .H...b.UM ~..... 0020 - 2a 64 2e 29 95 7f 00 97-8b ce 31 57 03 7e 25 bb *d.)......1W.~%. 0030 - 97 d6 ec 58 41 35 95 ec-7c 9d fa 5b e4 bb 3a 75 ...XA5..|..[..:u 0040 - 19 5b 64 63 af b4 22 fa-55 28 32 47 e1 7b 88 99 .[dc..".U(2G.{.. 0050 - e2 35 df 39 04 72 f9 c3-cb 8e e9 06 1f a2 af 65 .5.9.r.........e 0060 - 77 38 b4 51 56 e9 58 1b-5c 20 42 40 86 8b fb 7a w8.QV.X.\ B@...z 0070 - 67 34 ed 62 ab 2b eb 59-5c 3d 84 80 27 1b 87 4d g4.b.+.Y\=..'..M 0080 - 4e 5e c6 8a 77 c9 e7 11-b6 ab 0f 08 22 35 4e 86 N^..w......."5N. 0090 - ab 85 bf 56 67 bb cf 5a-03 c3 c5 cf b1 ac 8b 96 ...Vg..Z........ 00a0 - 72 14 01 d6 3b a1 a0 44-4c 12 17 b5 b8 f5 22 95 r...;..DL.....". 00b0 - 2a d7 6a 8f 70 80 bc b0-ef 46 56 0e b2 b6 21 e5 *.j.p....FV...!. 00c0 - d7 97 c6 ca 5e 34 c6 2b-de 0c 6d 08 09 49 e9 7a ....^4.+..m..I.z Start Time: 1743250295 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FB303B921459833EFFB0EDA1CEC1B08B21FFE1C5E5BB081E7E2152ED28052B6D Session-ID-ctx: Resumption PSK: 95F9805FD9BC62206490A496ACA67A6F8EF58F6B2696BB0616800322E3F01FE78439A5D8AC2BF4A0CE42605CE1EA646B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a2 46 ef c8 65 0e c4 f7-3c e0 0e 17 12 2a 05 19 .F..e...<....*.. 0010 - 3f b8 12 3d f4 40 dc a8-ba 46 23 ba db 8b 73 10 ?..=.@...F#...s. 0020 - a5 02 4c 90 5b f8 86 c4-a9 ab 76 55 56 dc b4 d9 ..L.[.....vUV... 0030 - 70 d0 8a 3f 45 7e 22 fc-18 9c 13 2c 06 01 48 f4 p..?E~"....,..H. 0040 - 6a 55 5b 57 c3 3d b9 48-8b cc 58 ee 54 65 3f a2 jU[W.=.H..X.Te?. 0050 - 46 3d 93 91 07 40 4f 2c-5f 76 3e be 61 7b e6 b0 F=...@O,_v>.a{.. 0060 - cc 07 bb f8 d1 10 3e 3f-19 ab 12 b6 8d 7d a9 f0 ......>?.....}.. 0070 - 66 46 ba 12 df a7 13 9f-67 e7 19 b4 7c f6 31 13 fF......g...|.1. 0080 - 8c 37 c9 58 bc 47 62 7b-de a7 9a fa dd e0 e5 43 .7.X.Gb{.......C 0090 - 38 88 44 d9 44 04 03 b0-6c 5c d6 aa 6e 29 3f c1 8.D.D...l\..n)?. 00a0 - 4f 7c 06 39 84 73 78 94-c4 16 5b c3 78 78 2d f9 O|.9.sx...[.xx-. 00b0 - a7 a8 0c 60 ab 72 d7 fb-78 ae 67 9b aa 3d b5 a6 ...`.r..x.g..=.. 00c0 - aa 96 02 06 df 3b 05 3a-e9 3b 22 41 11 32 55 38 .....;.:.;"A.2U8 Start Time: 1743250295 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C7BD87F97F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIPw9dggme9uNEOgTj9vxOwuL5R8Lwz9Px1LHeQJ5V5Pa BDCV+YBf2bxiIGSQpJaspnpvjvWPayaWuwYWgAMi4/Af54Q5pdisK/SgzkJgXOHq ZGuhBgIEZ+fjd6IEAgIcIKQGBAQBAAAArgYCBFSmpAOzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:22 2025 GMT; NotAfter: Mar 29 12:10:22 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIyWhcNMjYwMzI5MTIxMDIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALFanLc1cXmygOU45lX7iZG6hlkYdLIAm9MW zQIXMEdCERdcJWiMzt5RmTMAZAqMGvIHCirv2cQb21pBZtA6Jrxo3GTYA/haruP6 tw+hlx4ilBROeC254F26XsAL6ype4loetImkAjKNR2vHvkfcG8cp6Br+ihCF9mpc 5Lup+I5yxHQUjezDlUvUodkM+kCdMuoRhaYlqV+dArHc43Fhbyduqyksgxz6mKvf f1BbH+1zP3a9Fz6XsW7xpfzTwP4tVQ0A3NUf1bspXPK20gWwJLg6/e+wNEbduBl9 K8GDiLt/KkdibqFoZLMyFqc/nzZICFW2Pn9mTIqujnQe+o7BGWsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBT8tRtVSZEah6qeXUUOdttlVuaFhzAf BgNVHSMEGDAWgBRL3YVwoZp4tVsJqfQ0DPJV1+frLTANBgkqhkiG9w0BAQsFAAOC AQEAl79DILAfaFpqkDFsa2xPjx5CgQmmYiBI/w5DZ9FrIWd+IoAg8avZwoTJAxfL PqUTYmajjACdpxv6ZeKb0osRxHCfzeIvqMwugjv0qTIRaPaVFaP39mNrONDo2vcX D4ibSSz80pqY5cX657CTlzrpo5IbXK5tdKFQ+XwnKBLNBNMsGvqys3l6WMZazft+ exCCqAkL+4UOPzZmfXzCy7QbG6Nu1FL2nXTvoqmEBQsAE0DPBaBXWsWAaIZ0AwkU cVgTELRkXNmDyyc5lZTuosWhDcGwJReuRbGr++4KpKEpX2bOE4sRxe25BCfakYfC 1ZwPWTVzRTN8oTuhfB1EsJeRsw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 0F49DA3B66678BEA0B55D7190F61DC92251BF2821371631609746F214C4F000C Session-ID-ctx: Master-Key: 294F60E50BE60CF996D93195C1F1AF89C5D1F810826EB017B95F9BAFE9846D4F077E0C1C77C32E542805B4B090B98F71 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 71 9f 14 45 6c c7 cf 96-24 58 25 b1 fd 2c de 4f q..El...$X%..,.O 0010 - b7 72 03 54 b1 91 96 01-05 3b 4f b1 5f db dd 97 .r.T.....;O._... 0020 - 87 d3 02 87 4a 2d cc d5-38 85 ab f6 13 2b 25 c3 ....J-..8....+%. 0030 - 79 65 24 e5 17 1e 0b d7-28 3f 06 19 09 e7 43 a2 ye$.....(?....C. 0040 - ca c3 bd 42 7f 1a 94 86-82 1b 6d 69 63 c3 0e 8c ...B......mic... 0050 - c0 d2 62 30 65 7f ce d7-6d fb a0 b3 c5 6f a6 bc ..b0e...m....o.. 0060 - cb 33 b5 3e a0 9d 00 e1-71 c1 14 ab ab d0 59 5e .3.>....q.....Y^ 0070 - cd 9d 9b 09 0d fa 7d 2c-1f 32 b2 84 df a1 94 fa ......},.2...... 0080 - f2 34 c2 26 89 79 ba 51-90 8b 26 c0 d3 66 16 42 .4.&.y.Q..&..f.B 0090 - 19 73 c7 a6 1d cd 7a ca-41 5c 9c 6b 13 c9 72 c3 .s....z.A\.k..r. 00a0 - e0 a8 4b dc 89 1b 40 28-c9 81 7c cf 8e 87 e5 e4 ..K...@(..|..... Start Time: 1743250295 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40476FA0B97F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDApT2DlC+YM+ZbZMZXB8a+JxdH4EIJusBe5X5uv6YRt Twd+DBx3wy5UKAW0sJC5j3GhBgIEZ+fjd6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:22 2025 GMT; NotAfter: Mar 29 12:10:22 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIyWhcNMjYwMzI5MTIxMDIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALFanLc1cXmygOU45lX7iZG6hlkYdLIAm9MW zQIXMEdCERdcJWiMzt5RmTMAZAqMGvIHCirv2cQb21pBZtA6Jrxo3GTYA/haruP6 tw+hlx4ilBROeC254F26XsAL6ype4loetImkAjKNR2vHvkfcG8cp6Br+ihCF9mpc 5Lup+I5yxHQUjezDlUvUodkM+kCdMuoRhaYlqV+dArHc43Fhbyduqyksgxz6mKvf f1BbH+1zP3a9Fz6XsW7xpfzTwP4tVQ0A3NUf1bspXPK20gWwJLg6/e+wNEbduBl9 K8GDiLt/KkdibqFoZLMyFqc/nzZICFW2Pn9mTIqujnQe+o7BGWsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBT8tRtVSZEah6qeXUUOdttlVuaFhzAf BgNVHSMEGDAWgBRL3YVwoZp4tVsJqfQ0DPJV1+frLTANBgkqhkiG9w0BAQsFAAOC AQEAl79DILAfaFpqkDFsa2xPjx5CgQmmYiBI/w5DZ9FrIWd+IoAg8avZwoTJAxfL PqUTYmajjACdpxv6ZeKb0osRxHCfzeIvqMwugjv0qTIRaPaVFaP39mNrONDo2vcX D4ibSSz80pqY5cX657CTlzrpo5IbXK5tdKFQ+XwnKBLNBNMsGvqys3l6WMZazft+ exCCqAkL+4UOPzZmfXzCy7QbG6Nu1FL2nXTvoqmEBQsAE0DPBaBXWsWAaIZ0AwkU cVgTELRkXNmDyyc5lZTuosWhDcGwJReuRbGr++4KpKEpX2bOE4sRxe25BCfakYfC 1ZwPWTVzRTN8oTuhfB1EsJeRsw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 61329C2B25206A770144F0EA0AC581816D5CE3CB60128075BF15ACE548BF45C5 Session-ID-ctx: Resumption PSK: 69461ED8DBB91AB5AA3CBAD9042F97DE11786B54B0F6D35195939FF41320234FD1FB8C48CFD463E33497806F4A617428 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 e6 28 e0 e8 6f 7d c7-bf b4 da ec cc 59 b8 11 ..(..o}......Y.. 0010 - 84 b6 af 21 3c 99 97 52-ef f7 57 45 26 d0 8b e3 ...!<..R..WE&... 0020 - 15 0c c5 51 b0 fa 86 12-58 24 2e 15 e1 4d 6f 8b ...Q....X$...Mo. 0030 - e5 10 a4 05 9b ea a9 19-7f bb ec 8c ee ea 45 97 ..............E. 0040 - c6 ce 45 66 5f 92 ff e1-b6 29 e7 d6 19 84 0e 4a ..Ef_....).....J 0050 - db 6e cd b1 ba 1b 95 89-d6 14 74 c3 cb 8f fd 14 .n........t..... 0060 - 2b e8 3b 7b 19 48 8b 85-a3 bd 45 ca 54 92 c0 ba +.;{.H....E.T... 0070 - 32 56 c1 b7 0d 12 e7 fd-37 93 47 51 d0 24 da f4 2V......7.GQ.$.. 0080 - 4c e0 ac b0 16 79 46 38-9b f7 52 c0 c8 3a 23 8c L....yF8..R..:#. 0090 - b1 0d 51 d6 ef 6d c0 aa-e0 75 b0 a2 71 d6 5a 1e ..Q..m...u..q.Z. 00a0 - 0f 52 a9 64 dd 17 e9 da-ff 26 a5 ae 9f 07 e9 b0 .R.d.....&...... 00b0 - 5c a4 76 53 02 2f 95 ff-b0 96 df 89 09 a1 1a cb \.vS./.......... 00c0 - 39 a0 17 65 53 f7 34 4b-30 02 27 d5 18 cd 4f 45 9..eS.4K0.'...OE Start Time: 1743250296 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FA25BB0C5E18186D2BB84D801AAAD9AFC0347D6F17E28D4633960B30F74D478E Session-ID-ctx: Resumption PSK: 7B85B3D2CD83D9ABF5176BE0AE45E61401591589E6F63D83DB0AED7B1FB8AA3314558B2A34893D0147E5CAB50D513F5D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a5 e6 28 e0 e8 6f 7d c7-bf b4 da ec cc 59 b8 11 ..(..o}......Y.. 0010 - 2b ad 0f 45 f8 71 ee 2b-03 0d 04 a0 50 59 11 95 +..E.q.+....PY.. 0020 - 66 14 a1 9e 9e f1 85 29-fc a7 64 fa e0 f2 bf e3 f......)..d..... 0030 - 77 a4 6a 6b 77 1a b9 64-3f d7 86 99 6d e5 87 e3 w.jkw..d?...m... 0040 - b8 ff a5 14 4e 02 aa 1f-97 9a f1 06 37 17 ac 5b ....N.......7..[ 0050 - 66 10 09 54 4c a3 7a 87-c2 7d 0a b1 af 35 65 68 f..TL.z..}...5eh 0060 - f6 8c 0f a8 50 92 68 83-02 1d af f7 df a0 e5 e5 ....P.h......... 0070 - 9e df 06 ac 5c 3b 88 0b-6d bd 2d 3b 14 64 83 8f ....\;..m.-;.d.. 0080 - 33 2a 65 15 9a 60 18 bb-84 ce da 4c 80 16 55 ba 3*e..`.....L..U. 0090 - f3 d6 f4 8a 94 28 cd d2-79 4e dd 54 0c d3 6c e3 .....(..yN.T..l. 00a0 - 52 b6 6c 1a dd 5d 7f 18-e6 58 b0 ef ea bb f2 a1 R.l..]...X...... 00b0 - 4c 6f 43 66 85 b7 b9 b5-cf b9 62 08 38 04 b4 12 LoCf......b.8... 00c0 - c6 1e 8b 56 58 11 31 4f-c1 99 ee 3a 01 32 3f 21 ...VX.1O...:.2?! Start Time: 1743250296 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 407753813D7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIDBIegAujdMO4gDMGtZUIGrkPdst3X98sPQalr8p4Rcy BDB7hbPSzYPZq/UXa+CuReYUAVkVieb2PYPbCu17H7iqMxRViyo0iT0BR+XKtQ1R P12hBgIEZ+fjeKIEAgIcIKQGBAQBAAAArgYCBF1cHMOzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 1EECD879E0FC5C22EEBC8853E13A30B8CBB47D63F6D0D16F4D7367048C7EE428 Session-ID-ctx: Master-Key: 936E0C51E7CCF0F1F240FB3BB12F65A81AA846DE728A3B403898935BFF5B94C48F4B2E3F9E1EE9ACFE03AA0981E05BA1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 50 44 c0 8b c7 da 67 d6-c2 56 48 c1 ee 82 e5 4d PD....g..VH....M 0010 - 65 01 b9 b1 9d ca aa a7-a0 87 01 b3 b7 cd 7b 49 e.............{I 0020 - d3 fd 30 79 74 81 db 07-9b 74 9c b4 aa d2 7d 8a ..0yt....t....}. 0030 - 73 57 15 13 f8 2e 49 36-b7 a8 51 8b e0 e4 7d 3a sW....I6..Q...}: 0040 - ff 51 f7 1a 2c d8 c9 fc-7a 2a c9 aa 77 c5 ef ec .Q..,...z*..w... 0050 - 11 e0 59 47 da 6b 3a aa-e7 15 4a a9 ef ad 6c 42 ..YG.k:...J...lB 0060 - 2f c8 ef 81 75 b4 97 cc-14 38 b0 79 0a 9e 41 38 /...u....8.y..A8 0070 - 7f 00 d7 47 63 36 e9 84-45 93 2f 94 17 db 32 2f ...Gc6..E./...2/ 0080 - a2 09 d5 20 b6 8e 51 2b-2a 29 33 2c 41 b8 3f 0d ... ..Q+*)3,A.?. 0090 - 1a 8c 27 c9 f6 71 28 5c-cc 94 40 66 46 c5 d9 68 ..'..q(\..@fF..h 00a0 - 43 57 46 22 56 a4 71 eb-6f c4 6a 9f 02 54 1d 8f CWF"V.q.o.j..T.. Start Time: 1743250296 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40C73A4D717F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDCTbgxR58zw8fJA+zuxL2WoGqhG3nKKO0A4mJNb/1uU xI9LLj+eHums/gOqCYHgW6GhBgIEZ+fjeKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1120 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 63CC90944A42AE37052A3CC22F486ED79F0F7676156B2915B0BD09C93D6FFBE8 Session-ID-ctx: Master-Key: 1E6E9596DC40239884025424B9525841FE248CE72B44180B5F381FC233B2810497E59096B0C0FE08A8E0AC34CF01C741 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 92 19 76 b8 70 3c a3 f6-1c 32 67 88 2e ee 93 03 ..v.p<...2g..... 0010 - 15 19 61 6b c7 e8 e3 57-ac 68 21 5f 84 73 09 01 ..ak...W.h!_.s.. 0020 - 43 b9 b9 74 e7 30 56 f8-17 44 74 09 50 8c e4 d5 C..t.0V..Dt.P... 0030 - 4a 42 07 5c b9 0d e3 5c-f2 d8 af b8 20 74 0c 4d JB.\...\.... t.M 0040 - e3 79 e4 2e 96 e4 b9 a8-5a 1d d4 3d 33 36 72 fc .y......Z..=36r. 0050 - 51 9e bb f2 86 b7 87 4a-32 93 e7 57 7c e6 cc 1f Q......J2..W|... 0060 - 8b dd 17 a1 49 d0 23 7d-38 cf 2e e3 ca 46 80 76 ....I.#}8....F.v 0070 - 40 78 fa 99 04 c0 80 2a-e2 b7 1d 57 f1 8a e0 5c @x.....*...W...\ 0080 - 80 24 1a 0c ef 16 c5 13-ce 42 95 6c 28 6f d9 a6 .$.......B.l(o.. 0090 - d0 c8 2e 9a b5 bc dd 01-61 30 c9 e5 34 df 69 ef ........a0..4.i. 00a0 - bb bf 79 9b 46 d6 78 ab-0e a5 ae 8c 32 51 0f 33 ..y.F.x.....2Q.3 Start Time: 1743250297 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4047D544617F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDAebpWW3EAjmIQCVCS5UlhB/iSM5ytEGAtfOB/CM7KB BJflkJawwP4IqOCsNM8Bx0GhBgIEZ+fjeaIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1061 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9CB0AFACCAA61BF3676F0100281E6086086C3598D2A362ECB056010D7DC0556E Session-ID-ctx: Resumption PSK: 78C74E4588B4877E94A954DFC1BF0098E460299E790FD8CB22570D4E049B00D12C228E46BBA084E32973FD1EA997715B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4c d0 19 9c 97 e6 7f 61-51 a6 38 15 0b d9 e3 d6 L......aQ.8..... 0010 - d4 77 5a 82 87 eb e0 55-3a e0 ec 9b ab ab 16 3c .wZ....U:......< 0020 - 6c fc cc af 7e be 25 ff-c4 3e 15 c7 cb 25 fd 98 l...~.%..>...%.. 0030 - 66 3e b1 37 20 70 f4 5e-b7 1c af 10 d1 84 af 13 f>.7 p.^........ 0040 - 19 b9 7c ac b2 db ea 44-c7 b6 56 5a 34 6a 6e 6d ..|....D..VZ4jnm 0050 - 2a a1 17 47 85 7d 35 da-eb ed e1 82 ae 7d f5 1f *..G.}5......}.. 0060 - af 14 12 04 4e d1 58 e8-fc 91 0c f3 27 f6 61 29 ....N.X.....'.a) 0070 - ec db f8 11 1f 6c 57 5c-d3 94 d2 75 c9 39 aa 69 .....lW\...u.9.i 0080 - 91 d5 da d9 76 e1 49 61-a1 28 81 df ee a6 0d a8 ....v.Ia.(...... 0090 - 90 05 1d 67 40 ab f1 04-dc 7f 5b 72 e3 10 bd 2b ...g@.....[r...+ 00a0 - ec 59 f6 ba 97 8c 8a 17-6c 3b 8d fc 31 71 4f 2d .Y......l;..1qO- 00b0 - ca f5 99 e5 f9 ba 37 83-4a 3e 1a c5 34 9c 53 80 ......7.J>..4.S. 00c0 - 47 08 01 d4 75 19 46 2a-87 4d bb bc 64 3c 55 72 G...u.F*.M..d...I).. 0020 - 9c 09 7f 15 77 9f a4 b8-8c a4 c4 10 46 9a 64 ef ....w.......F.d. 0030 - 3b 3a 1e 18 72 84 91 f8-c6 a2 99 58 37 ee 47 64 ;:..r......X7.Gd 0040 - 2d c4 92 fc b6 03 9f a0-88 f4 65 dc d0 80 65 f2 -.........e...e. 0050 - b2 98 e7 7b 98 95 86 e0-ea 29 e8 dd 7e f9 9d 6e ...{.....)..~..n 0060 - 41 04 60 e7 1b 2e 8f c3-09 9b 50 cc 42 e5 89 85 A.`.......P.B... 0070 - 67 9a 81 85 83 e9 a5 af-5b 05 1a 37 ec 2f 19 86 g.......[..7./.. 0080 - 04 a2 7e 86 c3 d9 46 d5-af 67 71 dd f4 6e f6 82 ..~...F..gq..n.. 0090 - fc d6 01 51 e2 7f 4f 15-c8 0d 95 4d fa c8 fe 09 ...Q..O....M.... 00a0 - 2f d1 29 b5 b5 4e 07 d2-06 fe 24 b4 fb 74 70 55 /.)..N....$..tpU 00b0 - 0b 36 db 06 5c f3 43 6b-e2 54 b7 98 ca 49 0c e6 .6..\.Ck.T...I.. 00c0 - 95 8b f4 9e ae cc a5 f6-01 7e 53 88 ee f8 26 a9 .........~S...&. Start Time: 1743250297 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40478825E07F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIPQam9wvxmkcGj6zLw7NRyzGnskMZvIh4nd0JucQKrDS BDAK7yPxzIEOy0BbW85xwcbaVY7YuXtiqqfLciZLRKDnGwzTFPFKvljQkMZE2sSB INShBgIEZ+fjeaIEAgIcIKQGBAQBAAAArgcCBQCuNtG8swMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:22 2025 GMT; NotAfter: Mar 29 12:10:22 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIyWhcNMjYwMzI5MTIxMDIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALFanLc1cXmygOU45lX7iZG6hlkYdLIAm9MW zQIXMEdCERdcJWiMzt5RmTMAZAqMGvIHCirv2cQb21pBZtA6Jrxo3GTYA/haruP6 tw+hlx4ilBROeC254F26XsAL6ype4loetImkAjKNR2vHvkfcG8cp6Br+ihCF9mpc 5Lup+I5yxHQUjezDlUvUodkM+kCdMuoRhaYlqV+dArHc43Fhbyduqyksgxz6mKvf f1BbH+1zP3a9Fz6XsW7xpfzTwP4tVQ0A3NUf1bspXPK20gWwJLg6/e+wNEbduBl9 K8GDiLt/KkdibqFoZLMyFqc/nzZICFW2Pn9mTIqujnQe+o7BGWsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBT8tRtVSZEah6qeXUUOdttlVuaFhzAf BgNVHSMEGDAWgBRL3YVwoZp4tVsJqfQ0DPJV1+frLTANBgkqhkiG9w0BAQsFAAOC AQEAl79DILAfaFpqkDFsa2xPjx5CgQmmYiBI/w5DZ9FrIWd+IoAg8avZwoTJAxfL PqUTYmajjACdpxv6ZeKb0osRxHCfzeIvqMwugjv0qTIRaPaVFaP39mNrONDo2vcX D4ibSSz80pqY5cX657CTlzrpo5IbXK5tdKFQ+XwnKBLNBNMsGvqys3l6WMZazft+ exCCqAkL+4UOPzZmfXzCy7QbG6Nu1FL2nXTvoqmEBQsAE0DPBaBXWsWAaIZ0AwkU cVgTELRkXNmDyyc5lZTuosWhDcGwJReuRbGr++4KpKEpX2bOE4sRxe25BCfakYfC 1ZwPWTVzRTN8oTuhfB1EsJeRsw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A44561CCD005D2929852DA6182603606B40D64A606992A31AEFA66BD8F9F85A3 Session-ID-ctx: Resumption PSK: 563ACC4DEEDB0F40410A65A9ED5D0461DBC2BC1A3490194FC678F4D050EA1B2F51B15B8E8632F990B1C51C41167EADB4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - be 20 26 74 9b a8 d0 0f-62 3d 61 9b 29 dd 28 83 . &t....b=a.).(. 0010 - 63 6c 24 c7 33 ed 8c aa-43 58 eb 17 09 6c a4 16 cl$.3...CX...l.. 0020 - ca f8 22 b1 99 fc 91 6c-ec 2d 7c 53 20 36 d1 9f .."....l.-|S 6.. 0030 - ce 9b f7 97 e9 ad af 2c-13 28 1b 79 83 18 9f 5b .......,.(.y...[ 0040 - 58 2a 48 b6 ef 39 4d 5b-c0 63 57 0a 58 1e 23 98 X*H..9M[.cW.X.#. 0050 - 84 87 92 33 98 b3 69 0c-05 95 00 82 d1 fb f2 b0 ...3..i......... 0060 - 56 9e 91 1e e5 e7 86 88-d1 4f f9 e3 26 21 94 e8 V........O..&!.. 0070 - 26 d2 b3 24 ee b5 a5 3e-40 f4 ed da 5e 2d 31 f4 &..$...>@...^-1. 0080 - d4 67 07 79 bc aa f1 69-87 8e 01 e5 41 c3 aa 5e .g.y...i....A..^ 0090 - ba 5c 07 46 b9 90 51 22-4d 1a b2 f9 30 a9 69 63 .\.F..Q"M...0.ic 00a0 - b1 09 45 37 56 41 06 4f-2c ce 36 ae 38 6c 07 8f ..E7VA.O,.6.8l.. 00b0 - ad 78 e3 16 0c 1a cb 7e-85 92 3d 74 35 40 c6 a9 .x.....~..=t5@.. 00c0 - 7f b4 55 1a c9 cb eb d3-de 8f 92 80 77 49 bc 71 ..U.........wI.q Start Time: 1743250298 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 24A2A8F4913AFA52407CCFC7B02129806D3FA93D9E6C71302C289DB76047FEED Session-ID-ctx: Resumption PSK: F59C595D44335851CD12FF8DF3D37EB77D0D33E80793A08BC56AF0E2ADF51315DD9D4AD14238E65D5C5E96CA33613DA4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - be 20 26 74 9b a8 d0 0f-62 3d 61 9b 29 dd 28 83 . &t....b=a.).(. 0010 - df a4 b1 34 b0 b0 28 6e-6b 80 fd 25 ed e7 4d 61 ...4..(nk..%..Ma 0020 - 1a 95 06 24 5d 2d 30 58-a8 9c 1c 26 74 64 d4 bb ...$]-0X...&td.. 0030 - 84 79 e3 b1 b6 3f a9 57-a4 01 79 45 7b 19 21 23 .y...?.W..yE{.!# 0040 - cc 26 4d 77 4a fb 46 23-b7 e7 4c a6 b6 75 5e 29 .&MwJ.F#..L..u^) 0050 - f7 a1 83 71 c0 83 21 2e-43 36 cf 79 77 25 d2 19 ...q..!.C6.yw%.. 0060 - 49 fd eb 00 53 6b 46 3a-38 18 f2 e3 5e 43 f3 97 I...SkF:8...^C.. 0070 - 68 5d 90 41 9f f8 7d 18-43 0c 64 5e 1e ae 83 53 h].A..}.C.d^...S 0080 - 51 8e 08 db a4 96 b1 dc-ab 76 37 bf 64 9e 67 6e Q........v7.d.gn 0090 - 8c bd 2c dc 8c 2e d1 3b-64 57 1a 7f 74 9c 67 28 ..,....;dW..t.g( 00a0 - 3f 1b 6e 54 30 4e 80 7e-bc 0c 84 1d a7 20 ec ab ?.nT0N.~..... .. 00b0 - 3a 80 a8 2e ba d9 50 34-7e 56 dd e2 6c e8 6f 55 :.....P4~V..l.oU 00c0 - a1 11 4e 21 2c 2a e2 9d-2a d7 af 12 60 98 b8 b5 ..N!,*..*...`... Start Time: 1743250298 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C7EC70507F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIHu2xS2WkhOG1WcmCbiEl3sIWwm7yoahnhiGmN311BCW BDD1nFldRDNYUc0S/43z0363fQ0z6AeToIvFavDirfUTFd2dStFCOOZdXF6WyjNh PaShBgIEZ+fjeqIEAgIcIKQGBAQBAAAArgYCBHypN62zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 29 12:11:38 2025 GMT; NotAfter: Apr 28 12:11:38 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUH42zHKs91Yx6JnDKciBmbmpL4mYwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzI5MTIxMTM4WhcNMjUwNDI4MTIxMTM4WjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDN79OYzrH+FWUhiWwo 23sjo9o4NlzLoN6UyJOyTt7txkzeMpKnYrbjdVh4LimNM+w+o/yxkWKGklfVKlQR WjMHOlkSqFzGZvSFB/4zJ+8K4UBTCQaKeDArXzkxloauPKzNpt1nmsy4rOenu0dj YcDbY79loNJdsrnK9NrHHhqSu3IFzGTOcoU5uiWJoTN6Sd5ter2lrAR+UC6kqyj2 Rb8WH7C9Grm+MAHV4xZTGqT45EzGRKMENUTOvEBCSmY55N+/nU0KVgEyOcat6ZSQ HK1r5j3P7XRPL3GVbiCfZjxhQ8/HtmTwK7DecCzh9jfPiFx0wn7beiNlPEI5MDxo jo/bAgMBAAGjaTBnMB0GA1UdDgQWBBRk26AeROUzQSNTCXDLRKUiiX2j1DAfBgNV HSMEGDAWgBRk26AeROUzQSNTCXDLRKUiiX2j1DAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAQwQvrzVDnkCZ 5c+5KD6E+bX3DrFEf0yw5ddJLpf8B7T6+lzZcgeNg3FztYccLQA3uL6VsYfaN3td DZzMAV3d3fZJtA3nTuzwwaR6EA/+VnlGn7jB5ZHGK48c2MAkQGz0vAqDJ6e24047 R00prWykPl7IzN6Jw/qhxi+IkwmzhzKRl9ZdQGyc1FoGci2QRSaMYdsWD8SyGzfX leA7WrcP28HAJmmztZUnaD285VZU6ai0eDHOZmFvkWzOGv9ohx5UkY5gngpUfZaQ FseLH3cOpURoKg1kE9HQi5nmAnTQgymvKULHvsIZ6zSVvp/Y82M5O27HCuV5dhSq rWWT1uBS5g== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 982A8650218EC661DA4103D013978D835CEFDB502A7551CFFEEE82AE7F2F725E Session-ID-ctx: Resumption PSK: 4FB860D1483C9C261B78E6344C64DC3E245021CA79FB4184EE4347676201096A1E91FA3B9FD0CEED6288BDE9BEA7046D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 51 81 53 37 8b d8 11 49-ec 40 68 53 90 e7 14 4f Q.S7...I.@hS...O 0010 - d0 7e ce 52 f3 93 06 a1-43 12 ec ec 79 6d c9 4f .~.R....C...ym.O 0020 - c7 73 ea 24 6d a3 d1 11-03 6b f0 ad 9e 78 c1 b7 .s.$m....k...x.. 0030 - ce fc d9 0f db fa 0a 5e-9d bf 5b ab 17 1b 10 4e .......^..[....N 0040 - 09 2d c8 fe 69 70 43 c6-ed df db 2a 1f e3 ee 9f .-..ipC....*.... 0050 - d2 d5 1e 69 48 f6 13 b4-e3 99 7c c1 1c db 40 85 ...iH.....|...@. 0060 - 15 81 96 91 c7 90 8f 62-3c d1 f8 0f f7 7c 4a 16 .......b<....|J. 0070 - 58 5e e8 cd f3 15 9d a5-da 82 11 e0 c6 5e 32 e7 X^...........^2. 0080 - ad e0 5e bd 6e 93 ec 51-f9 9b 63 95 67 6e 36 c5 ..^.n..Q..c.gn6. 0090 - a8 d4 5c e4 2d 57 38 ff-fc ba dd 17 e2 00 1a c5 ..\.-W8......... 00a0 - 2b 4d 1e 12 c1 48 50 7c-6a 95 6e 9e 24 d6 b7 b8 +M...HP|j.n.$... 00b0 - c0 f1 8b e9 af 9b fb 41-a7 c4 0b a5 92 a7 cd 8d .......A........ 00c0 - 23 d6 95 3e 37 65 b5 e1-36 58 3e ac cc e0 1c bb #..>7e..6X>..... Start Time: 1743250298 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8BA5D7E03E71733EAC5CBC1083EDD2A6A90222BB95456D985F41E895ECE70E71 Session-ID-ctx: Resumption PSK: 86CB2679F834C2997D0CC699007A0CF45ED96D94F07763600D57748BF4A2DA6A506F17C43108BEFE399D6AC63B112DE5 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 51 81 53 37 8b d8 11 49-ec 40 68 53 90 e7 14 4f Q.S7...I.@hS...O 0010 - 51 1c 53 20 28 b8 13 41-a6 ea b1 b3 85 45 da e5 Q.S (..A.....E.. 0020 - 81 43 55 1b 3c 6e 50 d0-1c 6c 52 5f cc 5d 7d 59 .CU...f.g.b.+.. 0040 - e9 52 e1 c9 fa e8 a5 af-e2 b2 7d 65 6b a3 7c 8c .R........}ek.|. 0050 - 17 b6 80 01 38 cb 9a 8a-9f b9 42 f5 06 25 bf 71 ....8.....B..%.q 0060 - 2c 50 48 da a4 4a ee 90-39 9a f4 b9 16 6a 54 f2 ,PH..J..9....jT. 0070 - 8b 89 4b 81 59 04 a9 14-41 b0 d5 03 07 68 d4 93 ..K.Y...A....h.. 0080 - 99 00 d8 4a 27 7f 03 18-63 79 9a 1d 05 4a f7 4a ...J'...cy...J.J 0090 - 50 37 e4 bb 61 e1 7a 68-f6 a5 59 fc 6a 06 7e 0d P7..a.zh..Y.j.~. 00a0 - 1e 70 ff 31 43 5f 2a d7-d0 f5 0b 25 9f 39 bb 5a .p.1C_*....%.9.Z 00b0 - 34 c5 1c 8b b1 6c a9 58-d5 d1 07 11 f9 e2 59 94 4....l.X......Y. 00c0 - 61 0c 4b 88 06 ac b1 2d-54 6d 01 45 54 11 7a 0c a.K....-Tm.ET.z. Start Time: 1743250300 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DB227E309BE9FB8ABA78947D90D6544756FE9FE51688233C6BEEA0CB25E44FBE Session-ID-ctx: Resumption PSK: AD70CDCDD13AB3B3EA52A024B44DB8D3113B24811DB0D564CB32580BE8FC1A0FB674BEB8B43F19C82F055460BD62B4DC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ae 14 45 ef 39 06 25 7c-bf 1f 6e 50 98 71 a7 eb ..E.9.%|..nP.q.. 0010 - dd eb f6 a1 ea 20 a0 fc-8c 68 32 7d ae aa cd 8d ..... ...h2}.... 0020 - 20 2c 87 83 2d fe c8 7d-8c 5b e2 ac 85 19 74 27 ,..-..}.[....t' 0030 - c2 d8 07 6e 5a 85 e7 0a-35 ac 89 d0 4b c5 d3 96 ...nZ...5...K... 0040 - bd a0 de ff 8a 34 87 e4-95 b5 45 b1 dd 2a 5c da .....4....E..*\. 0050 - a9 ec ae 89 5b 8a 21 90-13 26 f7 35 09 d9 1a fb ....[.!..&.5.... 0060 - f5 1d ca 22 66 c0 54 45-1f b9 34 44 74 5f 2a fb ..."f.TE..4Dt_*. 0070 - a7 a4 dc 78 f2 82 5d c1-a1 38 fc 44 8d d2 d7 00 ...x..]..8.D.... 0080 - b7 24 c9 2f fb 40 bf ab-07 25 fa 26 df 0e bb ff .$./.@...%.&.... 0090 - 40 1f fb 7e 0e 90 59 8c-bb 48 c9 23 ef 5d 0c 02 @..~..Y..H.#.].. 00a0 - 51 32 c7 fe 9e 31 8a 7e-f1 4b 62 41 56 37 78 cf Q2...1.~.KbAV7x. 00b0 - f8 36 7d af ad 49 6e 96-24 08 c9 13 2e a1 50 ee .6}..In.$.....P. 00c0 - d5 9a 95 2b b1 b4 60 a1-51 e4 18 18 34 4b 93 91 ...+..`.Q...4K.. Start Time: 1743250300 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C789FD6B7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIJfWp3WvLyTUwK8tjXYainjpseQvcPg0eSAIteIBahOl BDCtcM3N0Tqzs+pSoCS0TbjTETskgR2w1WTLMlgL6PwaD7Z0vri0PxnILwVUYL1i tNyhBgIEZ+fjfKIEAgIcIKQGBAQBAAAArgcCBQCQxd2MswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:24 2025 GMT; NotAfter: Mar 29 12:10:24 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDI0WhcNMjYwMzI5MTIxMDI0WjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhAEfut3EIExYhvZ4ZtNrTtdFv2Mn/pCB/O7aEB/aNPbjOo4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFL7Z0OhByBLEoVBlAyHK6V3EJNb1MB8GA1UdIwQY MBaAFEvdhXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQCJt/xu rFEsIP5B8bxFiInR0HBbhT544C2W9+nUqWu+CENuet6b5no+c0udTb9KeTPukdtY zelRd68GjrXkNonDXp4ozrOSAU3Ga5ymJW9qD/Q5BcbzbHU3s/vcbF/owjO7cRym xHfP2Awm1tje1lbuid+VAGPeC74uo2JIArDzPjJiJI8ox9xe8Bmz4anOkS52JQXc 8AkUroTCSMANVBevga4mLNUIfHGGIY6L0EU6gpAOqfZGCwQY/DJl0fHv8FtS5KtD /DT0+TUOlyu6kDNl5CJDAvu+0nqMJbbUOyt0F9DYFlI4I4vrmkR1imvaPOrAQeiM qM/aDXDDpTf2Pdzc -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B2A6728CF656FAE7FEF0A0CA3D8B4ED9A89EA9AF567B04A5BD59501DAAC68724 Session-ID-ctx: Resumption PSK: 60E7D8537D4B16EFCCF5AC5A842609CEE19E21B8DBD9BC6B17AD4DEF10C6A85E593D8DB0660BC40A5FF9D1DA30EACEEA PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d9 40 82 bc b0 3f 4f b2-51 a2 3f b4 56 31 55 40 .@...?O.Q.?.V1U@ 0010 - 94 bc 13 ba 3a 9e 09 95-89 c0 70 d8 db c9 02 b5 ....:.....p..... 0020 - d2 d0 61 4a 88 b6 62 c3-0c 73 d5 5d aa 5a 5a 45 ..aJ..b..s.].ZZE 0030 - 14 ec 48 f5 f8 54 6e a5-fc 62 f0 5a aa dc b8 d7 ..H..Tn..b.Z.... 0040 - cd 0a 20 e1 c4 9d f1 7e-16 c6 4a 06 f9 1e c0 e8 .. ....~..J..... 0050 - db c9 2b 31 e4 f3 b4 fb-93 1e 5d 81 c7 f4 60 c6 ..+1......]...`. 0060 - 9e 75 a6 ea c6 13 9d 7b-24 61 7f e4 0d ae ac 74 .u.....{$a.....t 0070 - 9c 5a 49 d3 ba 63 7d cb-6e 47 6d 87 35 23 4c ff .ZI..c}.nGm.5#L. 0080 - 69 3e 58 d9 e8 ce 81 9d-f8 0b ab 6f 38 ff e3 08 i>X........o8... 0090 - 09 c4 92 18 71 bb 52 51-6c b5 7b 1e 4c 6e 91 f1 ....q.RQl.{.Ln.. 00a0 - 84 56 34 7a 99 ad 3a 92-c9 ed 67 ea c8 f1 a7 9d .V4z..:...g..... 00b0 - 9d 95 9f b4 e8 1b 2e d0-a8 18 48 fa 48 db 5d 64 ..........H.H.]d 00c0 - 58 29 35 bc 0a c9 6a 5e-aa d4 8c 9f f1 bd fb c1 X)5...j^........ Start Time: 1743250301 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 08084EDCBDBEAB0629063B9601F9E9FAF25F097CF93C6876FEFD6AC052EABDD3 Session-ID-ctx: Resumption PSK: 51AA2F679CD6E5A38B9B0BA83184D79FC5FE487D7FF6075A327586230FF5611349218217AD1605015DED5629669B98E1 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d9 40 82 bc b0 3f 4f b2-51 a2 3f b4 56 31 55 40 .@...?O.Q.?.V1U@ 0010 - f0 e4 2e ac b7 2c 6a 21-fa 5a 25 5b b2 e5 85 f7 .....,j!.Z%[.... 0020 - 06 cd e4 07 34 4e 20 34-37 a6 66 9f fb 6a df 78 ....4N 47.f..j.x 0030 - dc b2 8b fb 34 2a 0f 15-77 f5 d0 1d 63 e3 17 ef ....4*..w...c... 0040 - 66 82 66 d2 75 0d 07 48-1f b4 94 27 e6 2e 86 85 f.f.u..H...'.... 0050 - 07 09 8d 65 31 78 d2 27-4c 62 4c 15 29 57 d2 a0 ...e1x.'LbL.)W.. 0060 - 47 da 87 54 ab 87 e1 3b-1e 8a ba c8 93 86 60 50 G..T...;......`P 0070 - b5 5d ad c5 6e 94 74 a4-56 de 73 a8 83 0c ef 1d .]..n.t.V.s..... 0080 - 51 34 34 55 24 42 7e e7-58 07 23 76 2f e5 dd 6f Q44U$B~.X.#v/..o 0090 - 16 eb f1 53 bd 56 10 b3-d8 a1 73 02 0b 1e 22 1f ...S.V....s...". 00a0 - f4 dc 78 88 0c 02 e9 69-31 b5 32 3f 9c 61 18 19 ..x....i1.2?.a.. 00b0 - bd 97 25 05 00 e5 13 f7-20 a8 d8 ed ff 30 d5 77 ..%..... ....0.w 00c0 - 8c cc fd 24 6e 57 0e ca-ba ec 70 09 29 6b d3 be ...$nW....p.)k.. Start Time: 1743250301 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C747E5A57F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIB6fGdoVJdkfA4vn/0B1LTUHPWXTK2o6uY3di/s/hhHU BDBRqi9nnNblo4ubC6gxhNefxf5IfX/2B1oydYYjD/VhE0khghetFgUBXe1WKWab mOGhBgIEZ+fjfaIEAgIcIKQGBAQBAAAArgYCBCpnNZ6zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:25 2025 GMT; NotAfter: Mar 29 12:10:25 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDI1WhcNMjYwMzI5MTIxMDI1WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgBniPSznCCNmULu9nMYqoI4PJfSzhyEbrNnol62FVe49Q1qwYteGDASQshaOMVo j6/G17ioKMOiGQCjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUs907ftlo dkGWM9L+A8I38nc69hQwHwYDVR0jBBgwFoAUS92FcKGaeLVbCan0NAzyVdfn6y0w DQYJKoZIhvcNAQELBQADggEBAJjbvgVlI++/zsHC/LFbQmoeGfCOvzI2cEVCPGHq 8KPS9xsmXVPBLh+yCw8nUP6tVDAvKO+kpR2JdnJJr2iYhHbKFrvdt0YmsoZgqnbF Bn68T7KREF6VG1Af2paXzKsmOAak2zo8yslJevHaok8JUuTO1q+OqWZOzo0tXBhS 4FRSduVtd4fz6AfUvkQ5MwTbgnHP1OuPtmHqWJPw+p16A7wOwZNP9/TsY2xc1VRX abRz/Qa6HTkuE+JvZIQf0SgsLErzXTMjlz5503fjxeyzhOgT8sjVpxWpNseaSGvU md9MbcH9/M7vNTzUf5v5Mih6rWVD28iOfnSWdECfuK8keJo= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FA2E419CA33F4F7049C5F48BA454B69D29B43F2AF49589A4002A0FC042206C00 Session-ID-ctx: Resumption PSK: 2EFAAD7FD5ED5D97AEE130939CA3BD1ED63F48EDB5DCCA7B99A2694B98B10A13A085379A63D21BE74C2F51E072359789 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 4f 77 6d d3 99 07 7d 25-f3 a3 d9 13 e1 65 5a 12 Owm...}%.....eZ. 0010 - da 80 ca a0 5c 71 de 3a-cd 84 1f c2 0a 24 3a 05 ....\q.:.....$:. 0020 - 28 5a 82 24 1b 56 23 00-28 e8 a5 ab e9 29 b4 6a (Z.$.V#.(....).j 0030 - 05 6d 68 94 da 3f 5c dd-c0 21 f3 bb cb e1 7a 83 .mh..?\..!....z. 0040 - ec 8d 39 9c 8a e1 e0 e5-70 c9 ef fb 37 e8 30 11 ..9.....p...7.0. 0050 - 2d 0c 8b cd 00 64 93 b5-f5 5b 25 ac ef 32 41 f9 -....d...[%..2A. 0060 - 02 4b cc 7e ef 4a 4b 5b-27 38 9f f3 89 37 8a 30 .K.~.JK['8...7.0 0070 - 83 57 2d 5f 5f 31 87 21-ef bf be 4d d9 55 30 8c .W-__1.!...M.U0. 0080 - b3 ce b2 f9 56 29 b0 6d-b1 82 fa 06 71 3d ea 08 ....V).m....q=.. 0090 - e1 2a 44 89 3f ef 87 64-e8 e2 e7 03 93 7d 68 16 .*D.?..d.....}h. 00a0 - 7c 8b 6c e4 f1 ee c0 76-17 bd 82 3c 70 a0 30 14 |.l....v...aq 0060 - a1 20 c0 28 b6 53 98 43-8c cf 8c a9 38 bb 89 45 . .(.S.C....8..E 0070 - 20 ea 52 83 16 a2 6b f2-01 fd ea 16 09 e6 c2 e5 .R...k......... 0080 - ac ec 35 44 25 ff 3a 30-ce ac 1d 08 fc cc 21 9c ..5D%.:0......!. 0090 - 4f 6d db a4 1c 39 4c 5f-99 60 0a 1c 0c f6 18 77 Om...9L_.`.....w 00a0 - 6a 86 7c 36 ae 43 66 28-e0 3a c8 f6 9e 00 c2 50 j.|6.Cf(.:.....P 00b0 - 68 e0 27 16 7a b2 43 70-7a b8 3c 5a 22 65 bb aa h.'.z.Cpz..".zc. 0020 - fd 55 08 87 5c 20 a0 92-bf 23 f3 f8 29 61 a4 5e .U..\ ...#..)a.^ 0030 - 47 f6 1f 5b 14 9a 0f 16-70 89 b5 95 37 3a 1c 12 G..[....p...7:.. 0040 - cf da 25 0c 77 2d 8c c4-6f eb 0a 39 f8 62 14 c7 ..%.w-..o..9.b.. 0050 - 50 7b ac 7c a8 47 5a 02-40 7b 93 5f 00 9f 23 3b P{.|.GZ.@{._..#; 0060 - d5 8c 33 59 6d 49 0f ed-d5 2a 5d ba 2b f9 a1 3a ..3YmI...*].+..: 0070 - 0f a1 21 f2 23 dd b2 14-4e 2d 90 e4 4d 86 d5 45 ..!.#...N-..M..E 0080 - 30 7f 7f 5a 9a a6 ba 76-d3 96 b8 81 16 2c c3 98 0..Z...v.....,.. 0090 - b6 c4 2c 5c da 62 13 68-00 74 8f 43 68 4c f4 62 ..,\.b.h.t.ChL.b 00a0 - 82 5b 71 1f 44 11 cf e5-39 d8 dd 89 67 c8 88 95 .[q.D...9...g... Start Time: 1743250302 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40476D87DE7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDD8B+I9wvY0KKJCLSLWS2ptg6DPAnPd/BMlY8bT85NQ cjEMi3kLwRVt2RAmUO9tKW6hBgIEZ+fjfqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:22 2025 GMT; NotAfter: Mar 29 12:10:22 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIyWhcNMjYwMzI5MTIxMDIyWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALFanLc1cXmygOU45lX7iZG6hlkYdLIAm9MW zQIXMEdCERdcJWiMzt5RmTMAZAqMGvIHCirv2cQb21pBZtA6Jrxo3GTYA/haruP6 tw+hlx4ilBROeC254F26XsAL6ype4loetImkAjKNR2vHvkfcG8cp6Br+ihCF9mpc 5Lup+I5yxHQUjezDlUvUodkM+kCdMuoRhaYlqV+dArHc43Fhbyduqyksgxz6mKvf f1BbH+1zP3a9Fz6XsW7xpfzTwP4tVQ0A3NUf1bspXPK20gWwJLg6/e+wNEbduBl9 K8GDiLt/KkdibqFoZLMyFqc/nzZICFW2Pn9mTIqujnQe+o7BGWsCAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBT8tRtVSZEah6qeXUUOdttlVuaFhzAf BgNVHSMEGDAWgBRL3YVwoZp4tVsJqfQ0DPJV1+frLTANBgkqhkiG9w0BAQsFAAOC AQEAl79DILAfaFpqkDFsa2xPjx5CgQmmYiBI/w5DZ9FrIWd+IoAg8avZwoTJAxfL PqUTYmajjACdpxv6ZeKb0osRxHCfzeIvqMwugjv0qTIRaPaVFaP39mNrONDo2vcX D4ibSSz80pqY5cX657CTlzrpo5IbXK5tdKFQ+XwnKBLNBNMsGvqys3l6WMZazft+ exCCqAkL+4UOPzZmfXzCy7QbG6Nu1FL2nXTvoqmEBQsAE0DPBaBXWsWAaIZ0AwkU cVgTELRkXNmDyyc5lZTuosWhDcGwJReuRbGr++4KpKEpX2bOE4sRxe25BCfakYfC 1ZwPWTVzRTN8oTuhfB1EsJeRsw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D4A4146894E72148E1EFD652CE153A8FDB099CE2A10E4661DB9EC6287CB0E285 Session-ID-ctx: Resumption PSK: 8485FA3878D32DCDF53F744904E53B247B00DA97ED1C28AD6DF22D3DC5CDB34AEE4030437527D5F9C3036DE60BF9897A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ca 74 fa e3 32 25 3a 52-76 6d a2 e0 aa 0e 57 a6 .t..2%:Rvm....W. 0010 - 52 06 02 28 ad 8b 6f 2a-e1 48 ac 09 2a d8 34 ff R..(..o*.H..*.4. 0020 - 8f 5a 98 88 16 3b 19 f6-89 d3 78 7b 2c 49 b3 15 .Z...;....x{,I.. 0030 - 36 6b 8b 4a bf cf 7c 45-de 85 22 06 13 67 b0 bf 6k.J..|E.."..g.. 0040 - c7 67 34 9c 25 92 54 98-21 ad 38 24 0f a5 1f e7 .g4.%.T.!.8$.... 0050 - 1b 39 47 05 c7 d4 21 03-bc c0 bb b6 55 ca 34 c4 .9G...!.....U.4. 0060 - c1 6b 94 97 87 3a be a4-5e a1 89 f4 98 ce 16 dc .k...:..^....... 0070 - 9b 33 db af e8 a6 22 ea-fe fd 81 7f 7d a8 a3 c2 .3....".....}... 0080 - e2 2c 78 1f 96 d1 eb 40-a6 1b 9e 9e 30 1e c0 09 .,x....@....0... 0090 - 48 ee 81 cd 7e 18 9d 56-e1 be 14 87 72 a8 da 57 H...~..V....r..W 00a0 - d5 de 33 ad 74 8c 24 75-7a db 2c 14 5f a5 60 3b ..3.t.$uz.,._.`; 00b0 - e5 96 3e 25 99 50 ee 34-e9 51 7e 4f 79 70 48 d3 ..>%.P.4.Q~OypH. 00c0 - dd c8 63 4e c3 25 75 91-00 4a 18 da 52 71 2a 51 ..cN.%u..J..Rq*Q Start Time: 1743250303 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 8816CAB5ABD29D25FAB441FB46AAE1E7B6252AF16A18C48D34CBB4F3F47425F1 Session-ID-ctx: Resumption PSK: 8C81A8E1C98E0904A0AC696BC18F7924D0FA7EF176EB284052BAA0D0CB7DF66B17B72DCAE8BC1E8D3CD2378BFEEBB496 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ca 74 fa e3 32 25 3a 52-76 6d a2 e0 aa 0e 57 a6 .t..2%:Rvm....W. 0010 - b0 68 08 ca 8f 73 15 78-c8 52 5d df e6 9a bd 05 .h...s.x.R]..... 0020 - 13 ec 87 35 14 3c 31 24-5e 4b d2 35 34 a1 04 f4 ...5.<1$^K.54... 0030 - b9 c4 cf 27 23 a9 46 f4-1f ec a5 50 00 f5 94 a3 ...'#.F....P.... 0040 - aa 3d d6 5e 7a e5 ca 28-09 26 f5 10 05 90 8a 79 .=.^z..(.&.....y 0050 - 80 c1 8a 8c d5 ff e0 87-19 1b da c3 ae 2a 73 59 .............*sY 0060 - cd 06 cc c2 f2 b4 af 89-f8 ef 5b 5f 98 8a 9c b0 ..........[_.... 0070 - c7 db 8f 52 97 95 ae f9-14 e6 74 41 17 f5 00 fc ...R......tA.... 0080 - f4 0c 7e 64 f4 a1 3e 02-ba e7 9b 6c 52 35 9d 59 ..~d..>....lR5.Y 0090 - b8 85 33 e3 02 ef 73 1e-db 91 b7 1e c1 55 63 ad ..3...s......Uc. 00a0 - c0 8e f0 89 c9 5a 3f 3d-cc 86 6a 19 4c d8 68 39 .....Z?=..j.L.h9 00b0 - 54 84 4f ff 6a fc 70 83-84 24 94 d8 9a d6 e3 16 T.O.j.p..$...... 00c0 - d8 4d 87 d7 c4 80 14 83-f9 17 7d 55 17 1a 55 3c .M........}U..U< Start Time: 1743250303 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40C75A08DC7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEINnaVCiiYqYMGMmJncEs9mkTc/OHwr9cAHPr2Qn8Lnyb BDCMgajhyY4JBKCsaWvBj3kk0Pp+8XbrKEBSuqDQy332axe3LcrovB6NPNI3i/7r tJahBgIEZ+fjfqIEAgIcIKQGBAQBAAAArgcCBQCjrs9IswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1087 bytes and written 290 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 682E82B1BA11EAD5BB5286E06AEFF9174C11BC03A8C7D4F7F2FA19D43D94D2FA Session-ID-ctx: Master-Key: 330F10A928A06258B61DBE045FF1710FB91CC53908A613AE805236C5A01B3A076C1AF4A94378992200270278D39F33CE PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 3f 9c c2 be c9 68 3d 9d-be e9 2d 9f cb be 5f 1d ?....h=...-..._. 0010 - 45 51 61 cf 82 5f 51 21-85 55 09 18 20 fe eb 46 EQa.._Q!.U.. ..F 0020 - 2e dc 90 87 ed 15 cb 68-c4 63 51 20 8d 2e 19 f8 .......h.cQ .... 0030 - c3 1d b1 03 8f f3 ad f1-1b dd b1 23 25 1b fd a9 ...........#%... 0040 - 7c 90 1e 54 0f 28 1c b9-54 79 32 90 2f c9 5c 4f |..T.(..Ty2./.\O 0050 - 4f 43 8c 13 49 45 35 8e-8d 53 b6 cb 4c 2f 05 ba OC..IE5..S..L/.. 0060 - 5d ba c5 68 3c 0c ee 25-b3 9c 3e 46 8a 39 25 02 ]..h<..%..>F.9%. 0070 - 5a c9 9e c6 4c 5a fe 53-da 95 3d e9 74 b2 14 f5 Z...LZ.S..=.t... 0080 - d0 87 4f 1e e9 b1 63 01-60 60 96 03 20 d6 41 ae ..O...c.``.. .A. 0090 - 54 2e 61 9b 2c 21 f8 3c-47 2d d1 90 c4 0c b6 cb T.a.,!.I<.+~ Start Time: 1743250304 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4047C3198D7F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDDteHJmIgQfCDsInSJQaNa9gbYNGCh545CrBknfBupX bxh5h/L77BxoDINunSSsXo2hBgIEZ+fjf6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 29 12:10:23 2025 GMT; NotAfter: Mar 29 12:10:23 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzI5MTIxMDIzWhcNMjYwMzI5MTIxMDIzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAAQAb6A+KJfYkixbs6zJCf776p0mOl4nyBsn05KopeEhX4Y8 c1N6V54lpJe0UkVtqJWyva+otGWBMtwkaG/F3etyo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFGk2Ss074Q46BcA3lnHTvYiIFXxIMB8GA1UdIwQYMBaAFEvd hXChmni1Wwmp9DQM8lXX5+stMA0GCSqGSIb3DQEBCwUAA4IBAQBxCWHtyx/jCzjf z//kP/cUZEH3RcHXq+phT4MHlykZ7GkSeNptfXJulIr/dRanh7jto3ELczEkAQv/ sfbNNUMjSGeGKb60A1Uy/hV23jXp0CTbqNzT0NZ3S8rnuhD9sRY+nUcikxQJ7nfp lC6QgZX30QiCKJCGf7hVvjuRGvLh/Oys3OPoY3yC7VAE5lli4LABYrG9IdfUHszu RvM1teyp7J+PhU92KqIKy6HKDwMpnWVTeBV+whrRi2ryqHUVFVflTtHX3m7/32Ju Znx+ltBVljNUUxYg4Hgbusnxsre8m46sHqkABvAhVNoPOhfb/GjIbS3C8oNXilZ6 iDuk56tz -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1060 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FC856B15BDED78FDFF23495DCC9EC98640DF59DA46E5B861C5CEE7C66993B0C9 Session-ID-ctx: Resumption PSK: E2BA892CDB68EECB15173D4EADD357E6FDD38474925B72A8A2A4FDB7D15D5323367BCBB6AA72F73FF70D3571E345B11F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d3 83 37 fa 2a 04 66 a7-97 aa 7f 05 f2 2d 47 cc ..7.*.f......-G. 0010 - c9 de a6 a3 f7 c3 76 c0-e7 00 f6 71 0d 30 a0 57 ......v....q.0.W 0020 - cd 9e 7c 5b 7b e2 4c c7-6a 35 7c 0f 00 f6 fb d0 ..|[{.L.j5|..... 0030 - 20 43 e4 7f 26 7c e9 dc-17 75 d1 83 ce ac b2 50 C..&|...u.....P 0040 - cd 06 03 e7 e1 35 f7 a8-af f4 83 58 87 b5 e8 a8 .....5.....X.... 0050 - 46 32 f3 3b d2 ba ed bb-5b 02 e9 35 11 01 28 0f F2.;....[..5..(. 0060 - 06 5c 8f d2 90 56 c6 a1-6d 7d d1 4b 7d f2 0f 38 .\...V..m}.K}..8 0070 - 9b 7f b7 f4 7e 53 30 ae-bf a5 ea a1 f5 4e 76 ac ....~S0......Nv. 0080 - 2c af 96 4d 23 d1 09 ef-73 61 4e 80 1a 9a a2 ad ,..M#...saN..... 0090 - 5c ac 29 b8 8b 01 7b 42-9c cb ef 96 37 17 03 35 \.)...{B....7..5 00a0 - 85 28 8d 62 83 1a ff 9f-f5 1d 56 f4 e6 b9 e7 7d .(.b......V....} 00b0 - de 30 99 fa a2 46 7e 21-51 b4 b4 2f 82 1b 19 c1 .0...F~!Q../.... 00c0 - f0 ed 7a 7b 4a e9 85 ce-90 58 20 8d ff 3d 39 7a ..z{J....X ..=9z Start Time: 1743250307 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6D00BB2DB9296812877B3763944616BB3BD73C88D8411C9FEC6AA19A23C3A1BC Session-ID-ctx: Resumption PSK: 44BF3FAC6153C72BA686607B1F52DBF80FD65BFCB7E8F354E321D4B6050C98D58BCC60B16736D2A62884F69C014BD8A9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - d3 83 37 fa 2a 04 66 a7-97 aa 7f 05 f2 2d 47 cc ..7.*.f......-G. 0010 - 26 39 74 16 36 48 fd da-5b 24 91 66 15 9c f8 f4 &9t.6H..[$.f.... 0020 - dc 57 65 98 f6 d7 84 1c-06 45 40 ee 23 dc b6 22 .We......E@.#.." 0030 - af 70 75 7a 19 56 c9 52-11 2e fd 5e 22 c9 5e 3b .puz.V.R...^".^; 0040 - c2 41 9a 92 44 fd fd 45-95 64 d0 99 f1 80 e6 59 .A..D..E.d.....Y 0050 - c4 ae 9a 76 de c0 ca 83-0b a8 6f ad cf 45 97 b0 ...v......o..E.. 0060 - fb fe 3d 18 aa 59 f5 4a-3d 4a ce 5f af 79 05 4f ..=..Y.J=J._.y.O 0070 - 56 48 57 45 f1 d0 0f e2-24 a5 bf 89 4e 17 86 b9 VHWE....$...N... 0080 - eb b7 09 6f 5f 2e 34 b3-0f 15 42 2b 9d 6a c3 3c ...o_.4...B+.j.< 0090 - 6d 04 d7 bc 0a a1 37 b0-2a 6b e9 bf eb 8d d8 97 m.....7.*k...... 00a0 - cb e3 b4 6e 9c 12 a3 79-7f 41 84 3b 67 ff c1 ed ...n...y.A.;g... 00b0 - 14 ed 73 64 7b 3e e8 16-1c 86 bc 7d 4e 7e ca f3 ..sd{>.....}N~.. 00c0 - bd 53 61 74 36 9c 56 e8-50 fe b7 eb 74 c0 23 e2 .Sat6.V.P...t.#. Start Time: 1743250307 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40278574507F0000:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIEHt2rVmiRkLdS/hxPiYNXSVtMEv9W3fYchjtSgXF+VM BDBEvz+sYVPHK6aGYHsfUtv4D9Zb/Lfo81TjIdS2BQyY1YvMYLFnNtKmKIT2nAFL 2KmhBgIEZ+fjg6IEAgIcIKQGBAQBAAAArgYCBFTbSFWzAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIEHt2rVmiRkLdS/hxPiYNXSVtMEv9W3fYchjtSgXF+VM BDBEvz+sYVPHK6aGYHsfUtv4D9Zb/Lfo81TjIdS2BQyY1YvMYLFnNtKmKIT2nAFL 2KmhBgIEZ+fjg6IEAgIcIKQGBAQBAAAArgYCBFTbSFWzAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 18.17s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> MESON_TEST_ITERATION=1 MALLOC_PERTURB_=194 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.07s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> MALLOC_PERTURB_=223 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.08s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> MALLOC_PERTURB_=17 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.08s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=2 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.21s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=135 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.08s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.08s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=80 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.12s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=81 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%48%05%88%47%B8%94%CD%19%0B%95%E2%EF%66%6D%60%59;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%4C%36%4D%4A%24%1D%2D%27%2B%7F%8D%75%94%5C%1B%17;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%21%92%A3%2D%12%75%B0%D9%09%78%45%45%EE%6C%3A%A7;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%47%D7%32%9C%42%29%A3%35%EA%B3%FE%A0%F9%AC%74%3E;object=Test-Ed-gen-47d7329c;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%87%74%B9%3B%84%E0%F0%D0%EA%BD%8D%93%C0%3E%80%A4;object=Test-RSA-gen-8774b93b;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%3F%A4%B2%57%FE%FD%E8%9D%12%26%02%28%D8%F1%D9%86;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%1D%4B%FE%3E%1A%7D%0E%14%10%A0%07%4A%D4%ED%80%8C;object=Test-RSA-PSS-gen-1d4bfe3e;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%89%B8%8E%FB%06%A8%B2%E9%1B%FE%42%A6%CB%9C%02%1D;object=Test-EC-gen-89b88efb;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%AF%B9%B5%DC%7E%25%86%5A%BD%80%C7%DD%C2%6D%8D%E2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%D4%7E%AF%40%6D%E3%5F%3E%A6%E1%D2%7D%A3%FC%92%61;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%7A%48%73%20%F2%58%2B%84%E5%35%44%64%48%F6%2D%AF;object=Test-Ed-gen-7a487320;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc721340f4916e9d;token=SoftHSM%20Token;id=%EC%FA%AF%FB%8E%29%D0%24%E2%2D%FD%B3%1F%83%77%53;object=Test-RSA-Key-Usage-ecfaaffb;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=bc721340f4916e9d openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%00%04 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=edCert openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 8.93s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=34 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.07s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=102 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.06s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=69 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.13s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=142 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.08s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=150 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.07s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=224 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.07s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=180 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.14s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MALLOC_PERTURB_=154 MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.11s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=125 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.09s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/meson-logs/testlog.txt make[1]: Leaving directory '/build/reproducible-path/pkcs11-provider-1.0' create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-x86_64-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/x86_64-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-2_amd64.deb'. dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-2_amd64.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-2_amd64.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-2_amd64.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: not including original source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/533003 and its subdirectories I: Current time: Sat Mar 29 00:12:32 -12 2025 I: pbuilder-time-stamp: 1743250352 Sat Mar 29 12:12:34 UTC 2025 I: 1st build successful. Starting 2nd build on remote node ionos15-amd64.debian.net. Sat Mar 29 12:12:34 UTC 2025 I: Preparing to do remote build '2' on ionos15-amd64.debian.net. Sat Mar 29 12:13:41 UTC 2025 I: Deleting $TMPDIR on ionos15-amd64.debian.net. Sat Mar 29 12:13:42 UTC 2025 I: pkcs11-provider_1.0-2_amd64.changes: Format: 1.8 Date: Sat, 29 Mar 2025 01:25:16 +0000 Source: pkcs11-provider Binary: pkcs11-provider pkcs11-provider-dbgsym Architecture: amd64 Version: 1.0-2 Distribution: unstable Urgency: medium Maintainer: Luca Boccassi Changed-By: Luca Boccassi Description: pkcs11-provider - OpenSSL 3 provider for PKCS11 Closes: 1095848 Changes: pkcs11-provider (1.0-2) unstable; urgency=medium . * Add timeout multiplier for unit tests to fix FTBFS on slow architectures (Closes: #1095848) * Add workaround for blhc failing due to meson test not compiling with verbosity * d/control: bump Standards-Version to 4.7.2, no changes Checksums-Sha1: 1c63ec24e8713592a900e69b67b1900a6f1042af 309132 pkcs11-provider-dbgsym_1.0-2_amd64.deb 229835c9ea520e588b788ade4c6015fea32509c1 7203 pkcs11-provider_1.0-2_amd64.buildinfo 6513340051bab158aac391b28be6ed64828a3351 124496 pkcs11-provider_1.0-2_amd64.deb Checksums-Sha256: db52418fb970e8cd45ce0b2384482f4550852259dfb1b3078bec3007d129c3a2 309132 pkcs11-provider-dbgsym_1.0-2_amd64.deb b795758add0a205dd202e1959959ce8f1e80ba7699751e555359e042025269eb 7203 pkcs11-provider_1.0-2_amd64.buildinfo c1f86e20b78328251bee0259ab3ec343f03ec8ea44afe30f54e09f8f5a180f2c 124496 pkcs11-provider_1.0-2_amd64.deb Files: 09db97a7f137f1de75d655616c8bad0c 309132 debug optional pkcs11-provider-dbgsym_1.0-2_amd64.deb 7b787139b138a7ca940ab0223984b002 7203 libs optional pkcs11-provider_1.0-2_amd64.buildinfo db9a7d85041766591106ae97c4103c74 124496 libs optional pkcs11-provider_1.0-2_amd64.deb Sat Mar 29 12:13:43 UTC 2025 I: diffoscope 291 will be used to compare the two builds: Running as unit: rb-diffoscope-amd64_23-51252.service # Profiling output for: /usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/pkcs11-provider_1.0-2.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/pkcs11-provider_1.0-2.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/pkcs11-provider_1.0-2.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/b1/pkcs11-provider_1.0-2_amd64.changes /srv/reproducible-results/rbuild-debian/r-b-build.qh6ocJz9/b2/pkcs11-provider_1.0-2_amd64.changes ## command (total time: 0.000s) 0.000s 1 call cmp (internal) ## has_same_content_as (total time: 0.000s) 0.000s 1 call diffoscope.comparators.binary.FilesystemFile ## main (total time: 0.003s) 0.003s 2 calls outputs 0.000s 1 call cleanup Finished with result: success Main processes terminated with: code=exited/status=0 Service runtime: 228ms CPU time consumed: 228ms Sat Mar 29 12:13:44 UTC 2025 I: diffoscope 291 found no differences in the changes files, and a .buildinfo file also exists. Sat Mar 29 12:13:44 UTC 2025 I: pkcs11-provider from unstable built successfully and reproducibly on amd64. Sat Mar 29 12:13:44 UTC 2025 I: Submitting .buildinfo files to external archives: Sat Mar 29 12:13:44 UTC 2025 I: Submitting 8.0K b1/pkcs11-provider_1.0-2_amd64.buildinfo.asc Sat Mar 29 12:13:49 UTC 2025 I: Submitting 8.0K b2/pkcs11-provider_1.0-2_amd64.buildinfo.asc Sat Mar 29 12:13:52 UTC 2025 I: Done submitting .buildinfo files to http://buildinfo.debian.net/api/submit. Sat Mar 29 12:13:52 UTC 2025 I: Done submitting .buildinfo files. Sat Mar 29 12:13:52 UTC 2025 I: Removing signed pkcs11-provider_1.0-2_amd64.buildinfo.asc files: removed './b1/pkcs11-provider_1.0-2_amd64.buildinfo.asc' removed './b2/pkcs11-provider_1.0-2_amd64.buildinfo.asc'