Sun Mar 30 11:08:01 UTC 2025 I: starting to build pkcs11-provider/unstable/i386 on jenkins on '2025-03-30 11:07' Sun Mar 30 11:08:01 UTC 2025 I: The jenkins build log is/was available at https://jenkins.debian.net/userContent/reproducible/debian/build_service/i386_7/62913/console.log Sun Mar 30 11:08:01 UTC 2025 I: Downloading source for unstable/pkcs11-provider=1.0-2 --2025-03-30 11:08:02-- http://deb.debian.org/debian/pool/main/p/pkcs11-provider/pkcs11-provider_1.0-2.dsc Connecting to 46.16.76.132:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 2214 (2.2K) [text/prs.lines.tag] Saving to: ‘pkcs11-provider_1.0-2.dsc’ 0K .. 100% 301M=0s 2025-03-30 11:08:02 (301 MB/s) - ‘pkcs11-provider_1.0-2.dsc’ saved [2214/2214] Sun Mar 30 11:08:02 UTC 2025 I: pkcs11-provider_1.0-2.dsc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: pkcs11-provider Binary: pkcs11-provider Architecture: any Version: 1.0-2 Maintainer: Luca Boccassi Homepage: https://github.com/latchset/pkcs11-provider Standards-Version: 4.7.2 Vcs-Browser: https://salsa.debian.org/debian/pkcs11-provider Vcs-Git: https://salsa.debian.org/debian/pkcs11-provider.git Build-Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect , gnutls-bin , libnss3-dev , libp11-kit-dev , libstoken-dev , opensc , openssl , p11-kit , p11-kit-modules , softhsm2 Package-List: pkcs11-provider deb libs optional arch=any Checksums-Sha1: c1f7deab3a3af9fa2c3ef63ed95536c7c5a52707 210633 pkcs11-provider_1.0.orig.tar.gz a8cda47def2b47ce68f39af30d979e0666e9fc30 2708 pkcs11-provider_1.0-2.debian.tar.xz Checksums-Sha256: f62771642f24525305233fab01df361a0893912b7e92d2f550f26f131a7b36c2 210633 pkcs11-provider_1.0.orig.tar.gz cb5076ff1c06ed191e99bea6ae6c947a987845bfdee569ce03b5acf64d27745c 2708 pkcs11-provider_1.0-2.debian.tar.xz Files: 2933ec36edff8ab9c132e82f04cbd4dd 210633 pkcs11-provider_1.0.orig.tar.gz 150356658678552ec13e9329603a734c 2708 pkcs11-provider_1.0-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmfnTy4RHGJsdWNhQGRl Ymlhbi5vcmcACgkQKGv37813JB4rdg/9Ffx6jGzHlH9kWONaEHY5n8i5o8GsHryb +XY+KbRylOUC54kjcp9SUKNn+QVZaiUiGnliiWEJd1zQGMJdwkCoNi/np9D+UcsM HNaAn5zJoWbf36c/nHHTcy1RRovaN3LOoru7wnaCEhMy6axE33cSS79LxXoH8e8p LwJWbZIEZFcIQFuA7iLc8WXf1dAR1E65TEo+7ZK9objKeP5O4lIuY7OS3KUYJMLz /IyhAhN2qWOXNQk/NJ9iml3I0Y0H3+x/0ftPetyocO1uqEPD8fWlAxV5JPYVEkyu MGCwNmXxZIm0M/MzwphJeODJCc+E/tg0nMTEsCv6dS7V2xYxpx6sT3eQ4R5/uOL5 EQL2cP0NKbGQ7fGkJnCwqoQOCveKxo5wJ9/0DpulFX6fyhxnPkVY+5rMekvBdk3o p+qhS9ELD8ztIl+3T+7KOsQX8deoyN5LarZfsX66YXwHlSu5wBge78geJDZnrmNE HH9kduyGffUwfVCACbVFbIc+WSRsQWfY+wCxkE3/it5H2ZrMPLBrkBAmvOeeRSDY u+8czL721y5imQyjdUv4wlk0zk/1tnMDIey3LqLWOZqwJsAjcBtr31KqF98+9SFr I3Zjip/b23c+UF2tMrD/dG6lK3sChLctjy6gsMJGi6gYqxGAu4AySU7lIWIHPABv 73Eb386K3W4= =daLd -----END PGP SIGNATURE----- Sun Mar 30 11:08:02 UTC 2025 I: Checking whether the package is not for us Sun Mar 30 11:08:02 UTC 2025 I: Starting 1st build on remote node ionos12-i386.debian.net. Sun Mar 30 11:08:02 UTC 2025 I: Preparing to do remote build '1' on ionos12-i386.debian.net. Sun Mar 30 11:09:44 UTC 2025 I: Deleting $TMPDIR on ionos12-i386.debian.net. I: pbuilder: network access will be disabled during build I: Current time: Sat Mar 29 23:08:03 -12 2025 I: pbuilder-time-stamp: 1743332883 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration W: --override-config is not set; not updating apt.conf Read the manpage for details. I: mounting /proc filesystem I: mounting /sys filesystem I: creating /{dev,run}/shm I: mounting /dev/pts filesystem I: redirecting /dev/ptmx to /dev/pts/ptmx I: policy-rc.d already exists I: using eatmydata during job I: Copying source file I: copying [pkcs11-provider_1.0-2.dsc] I: copying [./pkcs11-provider_1.0.orig.tar.gz] I: copying [./pkcs11-provider_1.0-2.debian.tar.xz] I: Extracting source dpkg-source: warning: cannot verify inline signature for ./pkcs11-provider_1.0-2.dsc: unsupported subcommand dpkg-source: info: extracting pkcs11-provider in pkcs11-provider-1.0 dpkg-source: info: unpacking pkcs11-provider_1.0.orig.tar.gz dpkg-source: info: unpacking pkcs11-provider_1.0-2.debian.tar.xz I: Not using root during the build. I: Installing the build-deps I: user script /srv/workspace/pbuilder/44254/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build/reproducible-path' BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' BUILDUSERNAME='pbuilder1' BUILD_ARCH='i386' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=11 ' DISTRIBUTION='unstable' HOME='/root' HOST_ARCH='i386' IFS=' ' INVOCATION_ID='21397c7334b64d4b96f806b3876b853e' LANG='C' LANGUAGE='en_US:en' LC_ALL='C' LD_LIBRARY_PATH='/usr/lib/libeatmydata' LD_PRELOAD='libeatmydata.so' MAIL='/var/mail/root' OPTIND='1' PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' PPID='44254' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/pbuilderrc_2sMP --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/b1 --logfile b1/build.log pkcs11-provider_1.0-2.dsc' SUDO_GID='112' SUDO_UID='107' SUDO_USER='jenkins' TERM='unknown' TZ='/usr/share/zoneinfo/Etc/GMT+12' USER='root' _='/usr/bin/systemd-run' http_proxy='http://46.16.76.132:3128' I: uname -a Linux ionos12-i386 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux I: ls -l /bin lrwxrwxrwx 1 root root 7 Mar 4 11:20 /bin -> usr/bin I: user script /srv/workspace/pbuilder/44254/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: i386 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-package-notes, libssl-dev (>= 3.0.7~), meson (>= 0.57~), pkgconf, expect, gnutls-bin, libnss3-dev, libp11-kit-dev, libstoken-dev, opensc, openssl, p11-kit, p11-kit-modules, softhsm2 dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 19791 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-package-notes; however: Package dh-package-notes is not installed. pbuilder-satisfydepends-dummy depends on libssl-dev (>= 3.0.7~); however: Package libssl-dev is not installed. pbuilder-satisfydepends-dummy depends on meson (>= 0.57~); however: Package meson is not installed. pbuilder-satisfydepends-dummy depends on pkgconf; however: Package pkgconf is not installed. pbuilder-satisfydepends-dummy depends on expect; however: Package expect is not installed. pbuilder-satisfydepends-dummy depends on gnutls-bin; however: Package gnutls-bin is not installed. pbuilder-satisfydepends-dummy depends on libnss3-dev; however: Package libnss3-dev is not installed. pbuilder-satisfydepends-dummy depends on libp11-kit-dev; however: Package libp11-kit-dev is not installed. pbuilder-satisfydepends-dummy depends on libstoken-dev; however: Package libstoken-dev is not installed. pbuilder-satisfydepends-dummy depends on opensc; however: Package opensc is not installed. pbuilder-satisfydepends-dummy depends on openssl; however: Package openssl is not installed. pbuilder-satisfydepends-dummy depends on p11-kit; however: Package p11-kit is not installed. pbuilder-satisfydepends-dummy depends on p11-kit-modules; however: Package p11-kit-modules is not installed. pbuilder-satisfydepends-dummy depends on softhsm2; however: Package softhsm2 is not installed. Setting up pbuilder-satisfydepends-dummy (0.invalid.0) ... Reading package lists... Building dependency tree... Reading state information... Initializing package states... Writing extended state information... Building tag database... pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) pbuilder-satisfydepends-dummy is already installed at the requested version (0.invalid.0) The following NEW packages will be installed: autoconf{a} automake{a} autopoint{a} autotools-dev{a} bsdextrautils{a} debhelper{a} dh-autoreconf{a} dh-package-notes{a} dh-strip-nondeterminism{a} dwz{a} expect{a} file{a} gettext{a} gettext-base{a} gnutls-bin{a} groff-base{a} intltool-debian{a} libarchive-zip-perl{a} libdebhelper-perl{a} libeac3{a} libelf1t64{a} libevent-2.1-7t64{a} libexpat1{a} libffi8{a} libfile-stripnondeterminism-perl{a} libglib2.0-0t64{a} libgnutls-dane0t64{a} libgnutls30t64{a} libidn2-0{a} libmagic-mgc{a} libmagic1t64{a} libnspr4{a} libnspr4-dev{a} libnss3{a} libnss3-dev{a} libp11-kit-dev{a} libp11-kit0{a} libpipeline1{a} libpkgconf3{a} libproc2-0{a} libpython3-stdlib{a} libpython3.13-minimal{a} libpython3.13-stdlib{a} libreadline8t64{a} libsofthsm2{a} libssl-dev{a} libstoken-dev{a} libstoken1t64{a} libtasn1-6{a} libtcl8.6{a} libtext-charwidth-perl{a} libtext-wrapi18n-perl{a} libtomcrypt-dev{a} libtomcrypt1{a} libtommath1{a} libtool{a} libuchardet0{a} libunbound8{a} libunistring5{a} libxml2{a} m4{a} man-db{a} media-types{a} meson{a} netbase{a} ninja-build{a} opensc{a} opensc-pkcs11{a} openssl{a} p11-kit{a} p11-kit-modules{a} pkgconf{a} pkgconf-bin{a} po-debconf{a} procps{a} python3{a} python3-autocommand{a} python3-inflect{a} python3-jaraco.context{a} python3-jaraco.functools{a} python3-jaraco.text{a} python3-minimal{a} python3-more-itertools{a} python3-pkg-resources{a} python3-setuptools{a} python3-typeguard{a} python3-typing-extensions{a} python3-zipp{a} python3.13{a} python3.13-minimal{a} readline-common{a} sensible-utils{a} softhsm2{a} softhsm2-common{a} tcl-expect{a} tcl8.6{a} tzdata{a} ucf{a} The following packages are RECOMMENDED but will NOT be installed: ca-certificates curl libarchive-cpio-perl libglib2.0-data libltdl-dev libmail-sendmail-perl linux-sysctl-defaults lynx pcscd psmisc shared-mime-info wget xdg-user-dirs 0 packages upgraded, 98 newly installed, 0 to remove and 0 not upgraded. Need to get 39.0 MB of archives. After unpacking 139 MB will be used. Writing extended state information... Get: 1 http://deb.debian.org/debian unstable/main i386 libpython3.13-minimal i386 3.13.2-3 [860 kB] Get: 2 http://deb.debian.org/debian unstable/main i386 libexpat1 i386 2.7.1-1 [110 kB] Get: 3 http://deb.debian.org/debian unstable/main i386 python3.13-minimal i386 3.13.2-3 [2271 kB] Get: 4 http://deb.debian.org/debian unstable/main i386 python3-minimal i386 3.13.2-2 [27.1 kB] Get: 5 http://deb.debian.org/debian unstable/main i386 media-types all 13.0.0 [29.3 kB] Get: 6 http://deb.debian.org/debian unstable/main i386 netbase all 6.5 [12.4 kB] Get: 7 http://deb.debian.org/debian unstable/main i386 tzdata all 2025b-1 [259 kB] Get: 8 http://deb.debian.org/debian unstable/main i386 libffi8 i386 3.4.7-1 [21.4 kB] Get: 9 http://deb.debian.org/debian unstable/main i386 readline-common all 8.2-6 [69.4 kB] Get: 10 http://deb.debian.org/debian unstable/main i386 libreadline8t64 i386 8.2-6 [173 kB] Get: 11 http://deb.debian.org/debian unstable/main i386 libpython3.13-stdlib i386 3.13.2-3 [1959 kB] Get: 12 http://deb.debian.org/debian unstable/main i386 python3.13 i386 3.13.2-3 [746 kB] Get: 13 http://deb.debian.org/debian unstable/main i386 libpython3-stdlib i386 3.13.2-2 [10.1 kB] Get: 14 http://deb.debian.org/debian unstable/main i386 python3 i386 3.13.2-2 [28.1 kB] Get: 15 http://deb.debian.org/debian unstable/main i386 libproc2-0 i386 2:4.0.4-7 [66.0 kB] Get: 16 http://deb.debian.org/debian unstable/main i386 procps i386 2:4.0.4-7 [876 kB] Get: 17 http://deb.debian.org/debian unstable/main i386 sensible-utils all 0.0.24 [24.8 kB] Get: 18 http://deb.debian.org/debian unstable/main i386 libmagic-mgc i386 1:5.46-4 [337 kB] Get: 19 http://deb.debian.org/debian unstable/main i386 libmagic1t64 i386 1:5.46-4 [117 kB] Get: 20 http://deb.debian.org/debian unstable/main i386 file i386 1:5.46-4 [43.4 kB] Get: 21 http://deb.debian.org/debian unstable/main i386 gettext-base i386 0.23.1-1 [245 kB] Get: 22 http://deb.debian.org/debian unstable/main i386 libuchardet0 i386 0.0.8-1+b2 [69.2 kB] Get: 23 http://deb.debian.org/debian unstable/main i386 groff-base i386 1.23.0-7 [1199 kB] Get: 24 http://deb.debian.org/debian unstable/main i386 bsdextrautils i386 2.40.4-5 [96.5 kB] Get: 25 http://deb.debian.org/debian unstable/main i386 libpipeline1 i386 1.5.8-1 [41.2 kB] Get: 26 http://deb.debian.org/debian unstable/main i386 man-db i386 2.13.0-1 [1428 kB] Get: 27 http://deb.debian.org/debian unstable/main i386 libtext-charwidth-perl i386 0.04-11+b4 [9656 B] Get: 28 http://deb.debian.org/debian unstable/main i386 libtext-wrapi18n-perl all 0.06-10 [8808 B] Get: 29 http://deb.debian.org/debian unstable/main i386 ucf all 3.0050 [42.7 kB] Get: 30 http://deb.debian.org/debian unstable/main i386 m4 i386 1.4.19-7 [301 kB] Get: 31 http://deb.debian.org/debian unstable/main i386 autoconf all 2.72-3 [493 kB] Get: 32 http://deb.debian.org/debian unstable/main i386 autotools-dev all 20240727.1 [60.2 kB] Get: 33 http://deb.debian.org/debian unstable/main i386 automake all 1:1.17-4 [862 kB] Get: 34 http://deb.debian.org/debian unstable/main i386 autopoint all 0.23.1-1 [770 kB] Get: 35 http://deb.debian.org/debian unstable/main i386 libdebhelper-perl all 13.24.2 [90.9 kB] Get: 36 http://deb.debian.org/debian unstable/main i386 libtool all 2.5.4-4 [539 kB] Get: 37 http://deb.debian.org/debian unstable/main i386 dh-autoreconf all 20 [17.1 kB] Get: 38 http://deb.debian.org/debian unstable/main i386 libarchive-zip-perl all 1.68-1 [104 kB] Get: 39 http://deb.debian.org/debian unstable/main i386 libfile-stripnondeterminism-perl all 1.14.1-2 [19.7 kB] Get: 40 http://deb.debian.org/debian unstable/main i386 dh-strip-nondeterminism all 1.14.1-2 [8620 B] Get: 41 http://deb.debian.org/debian unstable/main i386 libelf1t64 i386 0.192-4 [195 kB] Get: 42 http://deb.debian.org/debian unstable/main i386 dwz i386 0.15-1+b1 [116 kB] Get: 43 http://deb.debian.org/debian unstable/main i386 libunistring5 i386 1.3-2 [471 kB] Get: 44 http://deb.debian.org/debian unstable/main i386 libxml2 i386 2.12.7+dfsg+really2.9.14-0.4 [732 kB] Get: 45 http://deb.debian.org/debian unstable/main i386 gettext i386 0.23.1-1 [1714 kB] Get: 46 http://deb.debian.org/debian unstable/main i386 intltool-debian all 0.35.0+20060710.6 [22.9 kB] Get: 47 http://deb.debian.org/debian unstable/main i386 po-debconf all 1.0.21+nmu1 [248 kB] Get: 48 http://deb.debian.org/debian unstable/main i386 debhelper all 13.24.2 [919 kB] Get: 49 http://deb.debian.org/debian unstable/main i386 dh-package-notes all 0.15 [6692 B] Get: 50 http://deb.debian.org/debian unstable/main i386 libtcl8.6 i386 8.6.16+dfsg-1 [1103 kB] Get: 51 http://deb.debian.org/debian unstable/main i386 tcl8.6 i386 8.6.16+dfsg-1 [121 kB] Get: 52 http://deb.debian.org/debian unstable/main i386 tcl-expect i386 5.45.4-4 [134 kB] Get: 53 http://deb.debian.org/debian unstable/main i386 expect i386 5.45.4-4 [158 kB] Get: 54 http://deb.debian.org/debian unstable/main i386 libidn2-0 i386 2.3.8-2 [110 kB] Get: 55 http://deb.debian.org/debian unstable/main i386 libp11-kit0 i386 0.25.5-3 [423 kB] Get: 56 http://deb.debian.org/debian unstable/main i386 libtasn1-6 i386 4.20.0-2 [51.6 kB] Get: 57 http://deb.debian.org/debian unstable/main i386 libgnutls30t64 i386 3.8.9-2 [1462 kB] Get: 58 http://deb.debian.org/debian unstable/main i386 libevent-2.1-7t64 i386 2.1.12-stable-10+b1 [195 kB] Get: 59 http://deb.debian.org/debian unstable/main i386 libunbound8 i386 1.22.0-1+b1 [633 kB] Get: 60 http://deb.debian.org/debian unstable/main i386 libgnutls-dane0t64 i386 3.8.9-2 [453 kB] Get: 61 http://deb.debian.org/debian unstable/main i386 gnutls-bin i386 3.8.9-2 [696 kB] Get: 62 http://deb.debian.org/debian unstable/main i386 libeac3 i386 1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3 [55.7 kB] Get: 63 http://deb.debian.org/debian unstable/main i386 libglib2.0-0t64 i386 2.84.0-2 [1583 kB] Get: 64 http://deb.debian.org/debian unstable/main i386 libnspr4 i386 2:4.36-1 [119 kB] Get: 65 http://deb.debian.org/debian unstable/main i386 libnspr4-dev i386 2:4.36-1 [220 kB] Get: 66 http://deb.debian.org/debian unstable/main i386 libnss3 i386 2:3.109-1 [1506 kB] Get: 67 http://deb.debian.org/debian unstable/main i386 libnss3-dev i386 2:3.109-1 [253 kB] Get: 68 http://deb.debian.org/debian unstable/main i386 libp11-kit-dev i386 0.25.5-3 [208 kB] Get: 69 http://deb.debian.org/debian unstable/main i386 libpkgconf3 i386 1.8.1-4 [38.4 kB] Get: 70 http://deb.debian.org/debian unstable/main i386 softhsm2-common i386 2.6.1-2.2+b1 [12.4 kB] Get: 71 http://deb.debian.org/debian unstable/main i386 libsofthsm2 i386 2.6.1-2.2+b1 [264 kB] Get: 72 http://deb.debian.org/debian unstable/main i386 libssl-dev i386 3.4.1-1 [2837 kB] Get: 73 http://deb.debian.org/debian unstable/main i386 libtommath1 i386 1.3.0-1 [64.8 kB] Get: 74 http://deb.debian.org/debian unstable/main i386 libtomcrypt1 i386 1.18.2+dfsg-7+b2 [407 kB] Get: 75 http://deb.debian.org/debian unstable/main i386 libstoken1t64 i386 0.92-1.1+b2 [31.2 kB] Get: 76 http://deb.debian.org/debian unstable/main i386 libtomcrypt-dev i386 1.18.2+dfsg-7+b2 [1272 kB] Get: 77 http://deb.debian.org/debian unstable/main i386 libstoken-dev i386 0.92-1.1+b2 [8204 B] Get: 78 http://deb.debian.org/debian unstable/main i386 ninja-build i386 1.12.1-1 [153 kB] Get: 79 http://deb.debian.org/debian unstable/main i386 python3-autocommand all 2.2.2-3 [13.6 kB] Get: 80 http://deb.debian.org/debian unstable/main i386 python3-more-itertools all 10.6.0-1 [65.3 kB] Get: 81 http://deb.debian.org/debian unstable/main i386 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get: 82 http://deb.debian.org/debian unstable/main i386 python3-typeguard all 4.4.2-1 [37.3 kB] Get: 83 http://deb.debian.org/debian unstable/main i386 python3-inflect all 7.3.1-2 [32.4 kB] Get: 84 http://deb.debian.org/debian unstable/main i386 python3-jaraco.context all 6.0.1-1 [8276 B] Get: 85 http://deb.debian.org/debian unstable/main i386 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get: 86 http://deb.debian.org/debian unstable/main i386 python3-pkg-resources all 75.8.0-1 [222 kB] Get: 87 http://deb.debian.org/debian unstable/main i386 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get: 88 http://deb.debian.org/debian unstable/main i386 python3-zipp all 3.21.0-1 [10.6 kB] Get: 89 http://deb.debian.org/debian unstable/main i386 python3-setuptools all 75.8.0-1 [724 kB] Get: 90 http://deb.debian.org/debian unstable/main i386 meson all 1.7.0-1 [639 kB] Get: 91 http://deb.debian.org/debian unstable/main i386 opensc-pkcs11 i386 0.26.1-1 [911 kB] Get: 92 http://deb.debian.org/debian unstable/main i386 opensc i386 0.26.1-1 [414 kB] Get: 93 http://deb.debian.org/debian unstable/main i386 openssl i386 3.4.1-1 [1432 kB] Get: 94 http://deb.debian.org/debian unstable/main i386 p11-kit-modules i386 0.25.5-3 [270 kB] Get: 95 http://deb.debian.org/debian unstable/main i386 p11-kit i386 0.25.5-3 [406 kB] Get: 96 http://deb.debian.org/debian unstable/main i386 pkgconf-bin i386 1.8.1-4 [30.6 kB] Get: 97 http://deb.debian.org/debian unstable/main i386 pkgconf i386 1.8.1-4 [26.2 kB] Get: 98 http://deb.debian.org/debian unstable/main i386 softhsm2 i386 2.6.1-2.2+b1 [177 kB] Fetched 39.0 MB in 1s (43.7 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19791 files and directories currently installed.) Preparing to unpack .../libpython3.13-minimal_3.13.2-3_i386.deb ... Unpacking libpython3.13-minimal:i386 (3.13.2-3) ... Selecting previously unselected package libexpat1:i386. Preparing to unpack .../libexpat1_2.7.1-1_i386.deb ... Unpacking libexpat1:i386 (2.7.1-1) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.2-3_i386.deb ... Unpacking python3.13-minimal (3.13.2-3) ... Setting up libpython3.13-minimal:i386 (3.13.2-3) ... Setting up libexpat1:i386 (2.7.1-1) ... Setting up python3.13-minimal (3.13.2-3) ... Selecting previously unselected package python3-minimal. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 20125 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.13.2-2_i386.deb ... Unpacking python3-minimal (3.13.2-2) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_13.0.0_all.deb ... Unpacking media-types (13.0.0) ... Selecting previously unselected package netbase. Preparing to unpack .../2-netbase_6.5_all.deb ... Unpacking netbase (6.5) ... Selecting previously unselected package tzdata. Preparing to unpack .../3-tzdata_2025b-1_all.deb ... Unpacking tzdata (2025b-1) ... Selecting previously unselected package libffi8:i386. Preparing to unpack .../4-libffi8_3.4.7-1_i386.deb ... Unpacking libffi8:i386 (3.4.7-1) ... Selecting previously unselected package readline-common. Preparing to unpack .../5-readline-common_8.2-6_all.deb ... Unpacking readline-common (8.2-6) ... Selecting previously unselected package libreadline8t64:i386. Preparing to unpack .../6-libreadline8t64_8.2-6_i386.deb ... Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8 to /lib/i386-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libhistory.so.8.2 to /lib/i386-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8 to /lib/i386-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' Adding 'diversion of /lib/i386-linux-gnu/libreadline.so.8.2 to /lib/i386-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' Unpacking libreadline8t64:i386 (8.2-6) ... Selecting previously unselected package libpython3.13-stdlib:i386. Preparing to unpack .../7-libpython3.13-stdlib_3.13.2-3_i386.deb ... Unpacking libpython3.13-stdlib:i386 (3.13.2-3) ... Selecting previously unselected package python3.13. Preparing to unpack .../8-python3.13_3.13.2-3_i386.deb ... Unpacking python3.13 (3.13.2-3) ... Selecting previously unselected package libpython3-stdlib:i386. Preparing to unpack .../9-libpython3-stdlib_3.13.2-2_i386.deb ... Unpacking libpython3-stdlib:i386 (3.13.2-2) ... Setting up python3-minimal (3.13.2-2) ... Selecting previously unselected package python3. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 21136 files and directories currently installed.) Preparing to unpack .../00-python3_3.13.2-2_i386.deb ... Unpacking python3 (3.13.2-2) ... Selecting previously unselected package libproc2-0:i386. Preparing to unpack .../01-libproc2-0_2%3a4.0.4-7_i386.deb ... Unpacking libproc2-0:i386 (2:4.0.4-7) ... Selecting previously unselected package procps. Preparing to unpack .../02-procps_2%3a4.0.4-7_i386.deb ... Unpacking procps (2:4.0.4-7) ... Selecting previously unselected package sensible-utils. Preparing to unpack .../03-sensible-utils_0.0.24_all.deb ... Unpacking sensible-utils (0.0.24) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../04-libmagic-mgc_1%3a5.46-4_i386.deb ... Unpacking libmagic-mgc (1:5.46-4) ... Selecting previously unselected package libmagic1t64:i386. Preparing to unpack .../05-libmagic1t64_1%3a5.46-4_i386.deb ... Unpacking libmagic1t64:i386 (1:5.46-4) ... Selecting previously unselected package file. Preparing to unpack .../06-file_1%3a5.46-4_i386.deb ... Unpacking file (1:5.46-4) ... Selecting previously unselected package gettext-base. Preparing to unpack .../07-gettext-base_0.23.1-1_i386.deb ... Unpacking gettext-base (0.23.1-1) ... Selecting previously unselected package libuchardet0:i386. Preparing to unpack .../08-libuchardet0_0.0.8-1+b2_i386.deb ... Unpacking libuchardet0:i386 (0.0.8-1+b2) ... Selecting previously unselected package groff-base. Preparing to unpack .../09-groff-base_1.23.0-7_i386.deb ... Unpacking groff-base (1.23.0-7) ... Selecting previously unselected package bsdextrautils. Preparing to unpack .../10-bsdextrautils_2.40.4-5_i386.deb ... Unpacking bsdextrautils (2.40.4-5) ... Selecting previously unselected package libpipeline1:i386. Preparing to unpack .../11-libpipeline1_1.5.8-1_i386.deb ... Unpacking libpipeline1:i386 (1.5.8-1) ... Selecting previously unselected package man-db. Preparing to unpack .../12-man-db_2.13.0-1_i386.deb ... Unpacking man-db (2.13.0-1) ... Selecting previously unselected package libtext-charwidth-perl:i386. Preparing to unpack .../13-libtext-charwidth-perl_0.04-11+b4_i386.deb ... Unpacking libtext-charwidth-perl:i386 (0.04-11+b4) ... Selecting previously unselected package libtext-wrapi18n-perl. Preparing to unpack .../14-libtext-wrapi18n-perl_0.06-10_all.deb ... Unpacking libtext-wrapi18n-perl (0.06-10) ... Selecting previously unselected package ucf. Preparing to unpack .../15-ucf_3.0050_all.deb ... Moving old data out of the way Unpacking ucf (3.0050) ... Selecting previously unselected package m4. Preparing to unpack .../16-m4_1.4.19-7_i386.deb ... Unpacking m4 (1.4.19-7) ... Selecting previously unselected package autoconf. Preparing to unpack .../17-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../18-autotools-dev_20240727.1_all.deb ... Unpacking autotools-dev (20240727.1) ... Selecting previously unselected package automake. Preparing to unpack .../19-automake_1%3a1.17-4_all.deb ... Unpacking automake (1:1.17-4) ... Selecting previously unselected package autopoint. Preparing to unpack .../20-autopoint_0.23.1-1_all.deb ... Unpacking autopoint (0.23.1-1) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../21-libdebhelper-perl_13.24.2_all.deb ... Unpacking libdebhelper-perl (13.24.2) ... Selecting previously unselected package libtool. Preparing to unpack .../22-libtool_2.5.4-4_all.deb ... Unpacking libtool (2.5.4-4) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../23-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libarchive-zip-perl. Preparing to unpack .../24-libarchive-zip-perl_1.68-1_all.deb ... Unpacking libarchive-zip-perl (1.68-1) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../25-libfile-stripnondeterminism-perl_1.14.1-2_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.1-2) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../26-dh-strip-nondeterminism_1.14.1-2_all.deb ... Unpacking dh-strip-nondeterminism (1.14.1-2) ... Selecting previously unselected package libelf1t64:i386. Preparing to unpack .../27-libelf1t64_0.192-4_i386.deb ... Unpacking libelf1t64:i386 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../28-dwz_0.15-1+b1_i386.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package libunistring5:i386. Preparing to unpack .../29-libunistring5_1.3-2_i386.deb ... Unpacking libunistring5:i386 (1.3-2) ... Selecting previously unselected package libxml2:i386. Preparing to unpack .../30-libxml2_2.12.7+dfsg+really2.9.14-0.4_i386.deb ... Unpacking libxml2:i386 (2.12.7+dfsg+really2.9.14-0.4) ... Selecting previously unselected package gettext. Preparing to unpack .../31-gettext_0.23.1-1_i386.deb ... Unpacking gettext (0.23.1-1) ... Selecting previously unselected package intltool-debian. Preparing to unpack .../32-intltool-debian_0.35.0+20060710.6_all.deb ... Unpacking intltool-debian (0.35.0+20060710.6) ... Selecting previously unselected package po-debconf. Preparing to unpack .../33-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../34-debhelper_13.24.2_all.deb ... Unpacking debhelper (13.24.2) ... Selecting previously unselected package dh-package-notes. Preparing to unpack .../35-dh-package-notes_0.15_all.deb ... Unpacking dh-package-notes (0.15) ... Selecting previously unselected package libtcl8.6:i386. Preparing to unpack .../36-libtcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking libtcl8.6:i386 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl8.6. Preparing to unpack .../37-tcl8.6_8.6.16+dfsg-1_i386.deb ... Unpacking tcl8.6 (8.6.16+dfsg-1) ... Selecting previously unselected package tcl-expect:i386. Preparing to unpack .../38-tcl-expect_5.45.4-4_i386.deb ... Unpacking tcl-expect:i386 (5.45.4-4) ... Selecting previously unselected package expect. Preparing to unpack .../39-expect_5.45.4-4_i386.deb ... Unpacking expect (5.45.4-4) ... Selecting previously unselected package libidn2-0:i386. Preparing to unpack .../40-libidn2-0_2.3.8-2_i386.deb ... Unpacking libidn2-0:i386 (2.3.8-2) ... Selecting previously unselected package libp11-kit0:i386. Preparing to unpack .../41-libp11-kit0_0.25.5-3_i386.deb ... Unpacking libp11-kit0:i386 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:i386. Preparing to unpack .../42-libtasn1-6_4.20.0-2_i386.deb ... Unpacking libtasn1-6:i386 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:i386. Preparing to unpack .../43-libgnutls30t64_3.8.9-2_i386.deb ... Unpacking libgnutls30t64:i386 (3.8.9-2) ... Selecting previously unselected package libevent-2.1-7t64:i386. Preparing to unpack .../44-libevent-2.1-7t64_2.1.12-stable-10+b1_i386.deb ... Unpacking libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Selecting previously unselected package libunbound8:i386. Preparing to unpack .../45-libunbound8_1.22.0-1+b1_i386.deb ... Unpacking libunbound8:i386 (1.22.0-1+b1) ... Selecting previously unselected package libgnutls-dane0t64:i386. Preparing to unpack .../46-libgnutls-dane0t64_3.8.9-2_i386.deb ... Unpacking libgnutls-dane0t64:i386 (3.8.9-2) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../47-gnutls-bin_3.8.9-2_i386.deb ... Unpacking gnutls-bin (3.8.9-2) ... Selecting previously unselected package libeac3:i386. Preparing to unpack .../48-libeac3_1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3_i386.deb ... Unpacking libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Selecting previously unselected package libglib2.0-0t64:i386. Preparing to unpack .../49-libglib2.0-0t64_2.84.0-2_i386.deb ... Unpacking libglib2.0-0t64:i386 (2.84.0-2) ... Selecting previously unselected package libnspr4:i386. Preparing to unpack .../50-libnspr4_2%3a4.36-1_i386.deb ... Unpacking libnspr4:i386 (2:4.36-1) ... Selecting previously unselected package libnspr4-dev. Preparing to unpack .../51-libnspr4-dev_2%3a4.36-1_i386.deb ... Unpacking libnspr4-dev (2:4.36-1) ... Selecting previously unselected package libnss3:i386. Preparing to unpack .../52-libnss3_2%3a3.109-1_i386.deb ... Unpacking libnss3:i386 (2:3.109-1) ... Selecting previously unselected package libnss3-dev:i386. Preparing to unpack .../53-libnss3-dev_2%3a3.109-1_i386.deb ... Unpacking libnss3-dev:i386 (2:3.109-1) ... Selecting previously unselected package libp11-kit-dev:i386. Preparing to unpack .../54-libp11-kit-dev_0.25.5-3_i386.deb ... Unpacking libp11-kit-dev:i386 (0.25.5-3) ... Selecting previously unselected package libpkgconf3:i386. Preparing to unpack .../55-libpkgconf3_1.8.1-4_i386.deb ... Unpacking libpkgconf3:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2-common. Preparing to unpack .../56-softhsm2-common_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2-common (2.6.1-2.2+b1) ... Selecting previously unselected package libsofthsm2. Preparing to unpack .../57-libsofthsm2_2.6.1-2.2+b1_i386.deb ... Unpacking libsofthsm2 (2.6.1-2.2+b1) ... Selecting previously unselected package libssl-dev:i386. Preparing to unpack .../58-libssl-dev_3.4.1-1_i386.deb ... Unpacking libssl-dev:i386 (3.4.1-1) ... Selecting previously unselected package libtommath1:i386. Preparing to unpack .../59-libtommath1_1.3.0-1_i386.deb ... Unpacking libtommath1:i386 (1.3.0-1) ... Selecting previously unselected package libtomcrypt1:i386. Preparing to unpack .../60-libtomcrypt1_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken1t64:i386. Preparing to unpack .../61-libstoken1t64_0.92-1.1+b2_i386.deb ... Unpacking libstoken1t64:i386 (0.92-1.1+b2) ... Selecting previously unselected package libtomcrypt-dev. Preparing to unpack .../62-libtomcrypt-dev_1.18.2+dfsg-7+b2_i386.deb ... Unpacking libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Selecting previously unselected package libstoken-dev:i386. Preparing to unpack .../63-libstoken-dev_0.92-1.1+b2_i386.deb ... Unpacking libstoken-dev:i386 (0.92-1.1+b2) ... Selecting previously unselected package ninja-build. Preparing to unpack .../64-ninja-build_1.12.1-1_i386.deb ... Unpacking ninja-build (1.12.1-1) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../65-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../66-python3-more-itertools_10.6.0-1_all.deb ... Unpacking python3-more-itertools (10.6.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../67-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../68-python3-typeguard_4.4.2-1_all.deb ... Unpacking python3-typeguard (4.4.2-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../69-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../70-python3-jaraco.context_6.0.1-1_all.deb ... Unpacking python3-jaraco.context (6.0.1-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../71-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../72-python3-pkg-resources_75.8.0-1_all.deb ... Unpacking python3-pkg-resources (75.8.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../73-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../74-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../75-python3-setuptools_75.8.0-1_all.deb ... Unpacking python3-setuptools (75.8.0-1) ... Selecting previously unselected package meson. Preparing to unpack .../76-meson_1.7.0-1_all.deb ... Unpacking meson (1.7.0-1) ... Selecting previously unselected package opensc-pkcs11:i386. Preparing to unpack .../77-opensc-pkcs11_0.26.1-1_i386.deb ... Unpacking opensc-pkcs11:i386 (0.26.1-1) ... Selecting previously unselected package opensc. Preparing to unpack .../78-opensc_0.26.1-1_i386.deb ... Unpacking opensc (0.26.1-1) ... Selecting previously unselected package openssl. Preparing to unpack .../79-openssl_3.4.1-1_i386.deb ... Unpacking openssl (3.4.1-1) ... Selecting previously unselected package p11-kit-modules:i386. Preparing to unpack .../80-p11-kit-modules_0.25.5-3_i386.deb ... Unpacking p11-kit-modules:i386 (0.25.5-3) ... Selecting previously unselected package p11-kit. Preparing to unpack .../81-p11-kit_0.25.5-3_i386.deb ... Unpacking p11-kit (0.25.5-3) ... Selecting previously unselected package pkgconf-bin. Preparing to unpack .../82-pkgconf-bin_1.8.1-4_i386.deb ... Unpacking pkgconf-bin (1.8.1-4) ... Selecting previously unselected package pkgconf:i386. Preparing to unpack .../83-pkgconf_1.8.1-4_i386.deb ... Unpacking pkgconf:i386 (1.8.1-4) ... Selecting previously unselected package softhsm2. Preparing to unpack .../84-softhsm2_2.6.1-2.2+b1_i386.deb ... Unpacking softhsm2 (2.6.1-2.2+b1) ... Setting up media-types (13.0.0) ... Setting up libpipeline1:i386 (1.5.8-1) ... Setting up libtext-charwidth-perl:i386 (0.04-11+b4) ... Setting up bsdextrautils (2.40.4-5) ... Setting up libmagic-mgc (1:5.46-4) ... Setting up libarchive-zip-perl (1.68-1) ... Setting up libtommath1:i386 (1.3.0-1) ... Setting up libdebhelper-perl (13.24.2) ... Setting up libmagic1t64:i386 (1:5.46-4) ... Setting up gettext-base (0.23.1-1) ... Setting up m4 (1.4.19-7) ... Setting up libevent-2.1-7t64:i386 (2.1.12-stable-10+b1) ... Setting up file (1:5.46-4) ... Setting up libtext-wrapi18n-perl (0.06-10) ... Setting up ninja-build (1.12.1-1) ... Setting up libelf1t64:i386 (0.192-4) ... Setting up libeac3:i386 (1.1.2+ds+git20220117+453c3d6b03a0-1.1+b3) ... Setting up tzdata (2025b-1) ... Current default time zone: 'Etc/UTC' Local time is now: Sun Mar 30 11:08:35 UTC 2025. Universal Time is now: Sun Mar 30 11:08:35 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up autotools-dev (20240727.1) ... Setting up libunbound8:i386 (1.22.0-1+b1) ... Setting up libpkgconf3:i386 (1.8.1-4) ... Setting up libnspr4:i386 (2:4.36-1) ... Setting up libproc2-0:i386 (2:4.0.4-7) ... Setting up libunistring5:i386 (1.3-2) ... Setting up libssl-dev:i386 (3.4.1-1) ... Setting up libtcl8.6:i386 (8.6.16+dfsg-1) ... Setting up autopoint (0.23.1-1) ... Setting up pkgconf-bin (1.8.1-4) ... Setting up autoconf (2.72-3) ... Setting up libffi8:i386 (3.4.7-1) ... Setting up dwz (0.15-1+b1) ... Setting up sensible-utils (0.0.24) ... Setting up libuchardet0:i386 (0.0.8-1+b2) ... Setting up procps (2:4.0.4-7) ... Setting up libtasn1-6:i386 (4.20.0-2) ... Setting up netbase (6.5) ... Setting up openssl (3.4.1-1) ... Setting up readline-common (8.2-6) ... Setting up libxml2:i386 (2.12.7+dfsg+really2.9.14-0.4) ... Setting up libtomcrypt1:i386 (1.18.2+dfsg-7+b2) ... Setting up automake (1:1.17-4) ... update-alternatives: using /usr/bin/automake-1.17 to provide /usr/bin/automake (automake) in auto mode Setting up libfile-stripnondeterminism-perl (1.14.1-2) ... Setting up libnspr4-dev (2:4.36-1) ... Setting up tcl8.6 (8.6.16+dfsg-1) ... Setting up gettext (0.23.1-1) ... Setting up libtool (2.5.4-4) ... Setting up tcl-expect:i386 (5.45.4-4) ... Setting up libidn2-0:i386 (2.3.8-2) ... Setting up libnss3:i386 (2:3.109-1) ... Setting up pkgconf:i386 (1.8.1-4) ... Setting up intltool-debian (0.35.0+20060710.6) ... Setting up libstoken1t64:i386 (0.92-1.1+b2) ... Setting up dh-autoreconf (20) ... Setting up libtomcrypt-dev (1.18.2+dfsg-7+b2) ... Setting up libglib2.0-0t64:i386 (2.84.0-2) ... No schema files found: doing nothing. Setting up libstoken-dev:i386 (0.92-1.1+b2) ... Setting up libp11-kit0:i386 (0.25.5-3) ... Setting up ucf (3.0050) ... Setting up libreadline8t64:i386 (8.2-6) ... Setting up dh-strip-nondeterminism (1.14.1-2) ... Setting up libnss3-dev:i386 (2:3.109-1) ... Setting up groff-base (1.23.0-7) ... Setting up libpython3.13-stdlib:i386 (3.13.2-3) ... Setting up libp11-kit-dev:i386 (0.25.5-3) ... Setting up libpython3-stdlib:i386 (3.13.2-2) ... Setting up libgnutls30t64:i386 (3.8.9-2) ... Setting up softhsm2-common (2.6.1-2.2+b1) ... Creating config file /etc/softhsm/softhsm2.conf with new version Setting up python3.13 (3.13.2-3) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up expect (5.45.4-4) ... Setting up python3 (3.13.2-2) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up man-db (2.13.0-1) ... Not building database; man-db/auto-update is not 'true'. Setting up opensc-pkcs11:i386 (0.26.1-1) ... Setting up p11-kit-modules:i386 (0.25.5-3) ... Setting up libgnutls-dane0t64:i386 (3.8.9-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up p11-kit (0.25.5-3) ... Setting up gnutls-bin (3.8.9-2) ... Setting up python3-more-itertools (10.6.0-1) ... Setting up libsofthsm2 (2.6.1-2.2+b1) ... Setting up softhsm2 (2.6.1-2.2+b1) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.1-1) ... Setting up opensc (0.26.1-1) ... Setting up python3-typeguard (4.4.2-1) ... Setting up debhelper (13.24.2) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-pkg-resources (75.8.0-1) ... Setting up dh-package-notes (0.15) ... Setting up python3-setuptools (75.8.0-1) ... Setting up meson (1.7.0-1) ... Processing triggers for libc-bin (2.41-6) ... Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Writing extended state information... Building tag database... -> Finished parsing the build-deps I: Building the package I: Running cd /build/reproducible-path/pkcs11-provider-1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../pkcs11-provider_1.0-2_source.changes dpkg-buildpackage: info: source package pkcs11-provider dpkg-buildpackage: info: source version 1.0-2 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Luca Boccassi dpkg-source --before-build . dpkg-buildpackage: info: host architecture i386 debian/rules clean dh clean --buildsystem=meson dh_auto_clean -O--buildsystem=meson dh_autoreconf_clean -O--buildsystem=meson dh_clean -O--buildsystem=meson debian/rules binary dh binary --buildsystem=meson dh_update_autotools_config -O--buildsystem=meson dh_autoreconf -O--buildsystem=meson dh_auto_configure -O--buildsystem=meson cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/i386-linux-gnu -Dpython.bytecompile=-1 The Meson build system Version: 1.7.0 Source dir: /build/reproducible-path/pkcs11-provider-1.0 Build dir: /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu Build type: native build Project name: pkcs11-provider Project version: 1.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-19) 14.2.0") C linker for the host machine: cc ld.bfd 2.44 Host machine cpu family: x86 Host machine cpu: i686 Compiler for C supports arguments -Wwrite-strings: YES Compiler for C supports arguments -Wpointer-arith: YES Compiler for C supports arguments -Wno-missing-field-initializers: YES Compiler for C supports arguments -Wformat: YES Compiler for C supports arguments -Wshadow: YES Compiler for C supports arguments -Wno-unused-parameter: YES Compiler for C supports arguments -Werror=implicit-function-declaration: YES Compiler for C supports arguments -Werror=missing-prototypes: YES Compiler for C supports arguments -Werror=format-security: YES Compiler for C supports arguments -Werror=parentheses: YES Compiler for C supports arguments -Werror=implicit: YES Compiler for C supports arguments -Werror=strict-prototypes: YES Compiler for C supports arguments -fno-strict-aliasing: YES Compiler for C supports arguments -fno-delete-null-pointer-checks: YES Compiler for C supports arguments -fdiagnostics-show-option: YES Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libcrypto found: YES 3.4.1 Run-time dependency libssl found: YES 3.4.1 Run-time dependency p11-kit-1 found: YES 0.25.5 Has header "dlfcn.h" : YES Configuring config.h using configuration Compiler for C supports link arguments -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map: YES Did not find CMake 'cmake' Found CMake: NO Run-time dependency nss-softokn found: NO (tried pkgconfig and cmake) Run-time dependency nss found: YES 3.109 Program setup.sh found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh) Program valgrind found: NO Program test-wrapper found: YES (/build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper) Build targets in project: 12 pkcs11-provider 1.0 User defined options buildtype : plain libdir : lib/i386-linux-gnu localstatedir : /var prefix : /usr python.bytecompile: -1 sysconfdir : /etc wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja debian/rules execute_before_dh_auto_build make[1]: Entering directory '/build/reproducible-path/pkcs11-provider-1.0' # meson test does not compile with verbosity, but doesn't matter as it's test binaries blhc: ignore-line-regexp: .* Compiling C object tests.* make[1]: Leaving directory '/build/reproducible-path/pkcs11-provider-1.0' dh_auto_build -O--buildsystem=meson cd obj-i686-linux-gnu && LC_ALL=C.UTF-8 ninja -j11 -v [1/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/pk11_uri.c.o -MF src/pkcs11.so.p/pk11_uri.c.o.d -o src/pkcs11.so.p/pk11_uri.c.o -c ../src/pk11_uri.c [2/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/decoder.c.o -MF src/pkcs11.so.p/decoder.c.o.d -o src/pkcs11.so.p/decoder.c.o -c ../src/decoder.c [3/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/debug.c.o -MF src/pkcs11.so.p/debug.c.o.d -o src/pkcs11.so.p/debug.c.o -c ../src/debug.c [4/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/digests.c.o -MF src/pkcs11.so.p/digests.c.o.d -o src/pkcs11.so.p/digests.c.o -c ../src/digests.c [5/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/exchange.c.o -MF src/pkcs11.so.p/exchange.c.o.d -o src/pkcs11.so.p/exchange.c.o -c ../src/exchange.c [6/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/asymmetric_cipher.c.o -MF src/pkcs11.so.p/asymmetric_cipher.c.o.d -o src/pkcs11.so.p/asymmetric_cipher.c.o -c ../src/asymmetric_cipher.c [7/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/kdf.c.o -MF src/pkcs11.so.p/kdf.c.o.d -o src/pkcs11.so.p/kdf.c.o -c ../src/kdf.c [8/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/random.c.o -MF src/pkcs11.so.p/random.c.o.d -o src/pkcs11.so.p/random.c.o -c ../src/random.c [9/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/encoder.c.o -MF src/pkcs11.so.p/encoder.c.o.d -o src/pkcs11.so.p/encoder.c.o -c ../src/encoder.c [10/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/tls.c.o -MF src/pkcs11.so.p/tls.c.o.d -o src/pkcs11.so.p/tls.c.o -c ../src/tls.c [11/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/slot.c.o -MF src/pkcs11.so.p/slot.c.o.d -o src/pkcs11.so.p/slot.c.o -c ../src/slot.c [12/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/store.c.o -MF src/pkcs11.so.p/store.c.o.d -o src/pkcs11.so.p/store.c.o -c ../src/store.c [13/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/session.c.o -MF src/pkcs11.so.p/session.c.o.d -o src/pkcs11.so.p/session.c.o -c ../src/session.c [14/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/keymgmt.c.o -MF src/pkcs11.so.p/keymgmt.c.o.d -o src/pkcs11.so.p/keymgmt.c.o -c ../src/keymgmt.c [15/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/interface.c.o -MF src/pkcs11.so.p/interface.c.o.d -o src/pkcs11.so.p/interface.c.o -c ../src/interface.c [16/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/util.c.o -MF src/pkcs11.so.p/util.c.o.d -o src/pkcs11.so.p/util.c.o -c ../src/util.c [17/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/signature.c.o -MF src/pkcs11.so.p/signature.c.o.d -o src/pkcs11.so.p/signature.c.o -c ../src/signature.c [18/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/objects.c.o -MF src/pkcs11.so.p/objects.c.o.d -o src/pkcs11.so.p/objects.c.o -c ../src/objects.c [19/20] cc -Isrc/pkcs11.so.p -Isrc -I../src -I. -I.. -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -std=c11 -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Wno-unused-parameter -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ src/pkcs11.so.p/provider.c.o -MF src/pkcs11.so.p/provider.c.o.d -o src/pkcs11.so.p/provider.c.o -c ../src/provider.c [20/20] cc -o src/pkcs11.so src/pkcs11.so.p/asymmetric_cipher.c.o src/pkcs11.so.p/debug.c.o src/pkcs11.so.p/encoder.c.o src/pkcs11.so.p/decoder.c.o src/pkcs11.so.p/digests.c.o src/pkcs11.so.p/exchange.c.o src/pkcs11.so.p/kdf.c.o src/pkcs11.so.p/keymgmt.c.o src/pkcs11.so.p/pk11_uri.c.o src/pkcs11.so.p/interface.c.o src/pkcs11.so.p/objects.c.o src/pkcs11.so.p/provider.c.o src/pkcs11.so.p/random.c.o src/pkcs11.so.p/session.c.o src/pkcs11.so.p/signature.c.o src/pkcs11.so.p/slot.c.o src/pkcs11.so.p/store.c.o src/pkcs11.so.p/tls.c.o src/pkcs11.so.p/util.c.o -Wl,--as-needed -Wl,--allow-shlib-undefined -shared -fPIC -Wl,-z,relro -Wl,-z,now -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/pkcs11-provider-1.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,--version-script,/build/reproducible-path/pkcs11-provider-1.0/src/provider.map /usr/lib/i386-linux-gnu/libcrypto.so debian/rules override_dh_auto_test make[1]: Entering directory '/build/reproducible-path/pkcs11-provider-1.0' dh_auto_test -- -t 10 cd obj-i686-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 MESON_TESTTHREADS=11 meson test --verbose -t 10 ninja: Entering directory `/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu' [1/29] Compiling C object tests/tdigests.p/tdigests.c.o [2/29] Compiling C object tests/tcmpkeys.p/tcmpkeys.c.o [3/29] Compiling C object tests/treadkeys.p/treadkeys.c.o [4/29] Compiling C object tests/tlssetkey.p/tlssetkey.c.o [5/29] Compiling C object tests/tfork.p/tfork.c.o [6/29] Compiling C object tests/tsession.p/tsession.c.o [7/29] Compiling C object tests/tgenkey.p/util.c.o [8/29] Compiling C object tests/tcmpkeys.p/util.c.o [9/29] Compiling C object tests/tpkey.p/tpkey.c.o [10/29] Compiling C object tests/ccerts.p/ccerts.c.o [11/29] Compiling C object tests/tlsctx.p/util.c.o [12/29] Compiling C object tests/tpkey.p/util.c.o [13/29] Compiling C object tests/tlsctx.p/tlsctx.c.o [14/29] Compiling C object tests/tlssetkey.p/util.c.o [15/29] Compiling C object tests/tfork.p/util.c.o [16/29] Linking target tests/tdigests [17/29] Linking target tests/treadkeys [18/29] Linking target tests/tcmpkeys [19/29] Linking target tests/tsession [20/29] Compiling C object tests/pincache.p/pincache.c.o [21/29] Linking target tests/tlsctx [22/29] Linking target tests/tpkey [23/29] Linking target tests/tlssetkey [24/29] Linking target tests/tfork [25/29] Compiling C object tests/tgenkey.p/tgenkey.c.o [26/29] Compiling C object tests/ccerts.p/util.c.o [27/29] Linking target tests/pincache [28/29] Linking target tests/tgenkey [29/29] Linking target tests/ccerts 1/92 pkcs11-provider:softokn / setup RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so MALLOC_PERTURB_=162 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softokn + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softokn/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softokn == softhsm ']' + '[' softokn == softokn ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Setup NSS Softokn' ++ echo '' ++ command -v certutil ++ echo 'NSS'\''s certutil command is required' ++ exit 0 ######################################## ## Setup NSS Softokn NSS's certutil command is required ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 1/92 pkcs11-provider:softokn / setup OK 0.03s 2/92 pkcs11-provider:softhsm / setup RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=192 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=softhsm + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' softhsm == softhsm ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/softhsm-init.sh ++ title SECTION 'Searching for SoftHSM PKCS#11 library' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for SoftHSM PKCS#11 library' ++ echo '' ++ command -v softhsm2-util ######################################## ## Searching for SoftHSM PKCS#11 library +++++ type -p softhsm2-util ++++ dirname /usr/bin/softhsm2-util +++ dirname /usr/bin ++ softhsm_prefix=/usr ++ find_softhsm /usr/lib64/softhsm/libsofthsm2.so /usr/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/local/lib/softhsm/libsofthsm2.so /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib64/softhsm/libsofthsm2.so ++ for _lib in "$@" ++ test -f /usr/lib/softhsm/libsofthsm2.so ++ echo 'Using softhsm path /usr/lib/softhsm/libsofthsm2.so' ++ P11LIB=/usr/lib/softhsm/libsofthsm2.so ++ return Using softhsm path /usr/lib/softhsm/libsofthsm2.so ++ export P11LIB ++ title SECTION 'Set up testing system' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Set up testing system' ++ echo '' ++ cat ######################################## ## Set up testing system ++ export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf ++ export 'TOKENLABEL=SoftHSM Token' ++ TOKENLABEL='SoftHSM Token' ++ export TOKENLABELURI=SoftHSM%20Token ++ TOKENLABELURI=SoftHSM%20Token ++ softhsm2-util --init-token --label 'SoftHSM Token' --free --pin 12345678 --so-pin 12345678 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1472295143 ++ export 'TOKENOPTIONS=\npkcs11-module-quirks = no-deinit no-operation-state' ++ TOKENOPTIONS='\npkcs11-module-quirks = no-deinit no-operation-state' ++ export 'TOKENCONFIGVARS=export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ TOKENCONFIGVARS='export SOFTHSM2_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/softhsm.conf' ++ export TESTPORT=32000 ++ TESTPORT=32000 ++ export SUPPORT_ALLOWED_MECHANISMS=1 ++ SUPPORT_ALLOWED_MECHANISMS=1 + SEEDFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/noisefile.bin bs=2048 count=1 + RAND64FILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin + dd if=/dev/urandom of=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/64krandom.bin bs=2048 count=32 ++ uname + '[' Linux == Darwin ']' ++ type -p certtool + certtool=/usr/bin/certtool + '[' -z /usr/bin/certtool ']' + P11DEFARGS=("--module=${P11LIB}" "--login" "--pin=${PINVALUE}" "--token-label=${TOKENLABEL}") + cat + SERIAL=1 + title LINE 'Creating new Self Sign CA' + case "$1" in + shift 1 + echo 'Creating new Self Sign CA' + KEYID=0000 + URIKEYID=%00%00 + CACRTN=caCert Creating new Self Sign CA + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=caCert --id=0000 Key pair generated: Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=public + crt_selfsign caCert Issuer 0000 + LABEL=caCert + CN=Issuer + KEYID=0000 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = Issuer|g' -e 's|serial = .*|serial = 2|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=caCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 02 Validity: Not Before: Sun Mar 30 11:09:02 UTC 2025 Not After: Mon Mar 30 11:09:02 UTC 2026 Subject: CN=Issuer Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:d9:1c:fc:c4:52:0f:91:3f:7b:b9:ff:25:39:1f:c5 ca:c5:23:60:63:d4:46:46:be:61:47:40:b3:2b:27:79 33:a0:82:5d:22:f3:f3:e3:c8:40:8f:f9:85:26:1f:89 24:7b:36:56:40:72:3b:26:c3:92:9d:c9:68:51:c4:f5 3b:82:aa:be:7e:f5:d0:c6:ad:1e:c3:d8:f4:f8:99:d2 89:47:34:ca:d1:4a:70:60:46:05:18:4f:17:6e:e8:7e d5:a0:f5:e8:21:99:0e:e5:0c:95:b9:60:2f:e5:c1:97 80:16:52:99:11:1d:2a:b3:06:e3:9b:e3:12:d9:fa:ce f6:b7:60:2e:b2:a2:33:97:d7:71:30:4f:a8:a1:bd:7d 77:16:24:84:11:3a:ba:e4:a2:28:eb:88:96:b9:40:fa 8f:de:e1:38:0b:37:9f:8c:d1:2f:ce:4f:4f:39:66:ad ed:51:bf:71:af:db:76:90:e1:46:c4:7f:bc:22:c8:ee f0:59:a7:3e:af:bc:15:8e:f2:0b:23:ef:a6:ca:7a:3b 1d:76:f7:05:a6:f4:63:f4:7a:73:70:29:b8:e3:b6:b3 bc:94:32:4d:8a:dc:29:f0:57:a8:58:8c:38:92:03:d1 91:40:8c:2f:ce:19:d7:42:d5:47:b5:e6:d8:30:5c:32 43 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:301955a7e37d1d98d29e58807329c703d100ba53 sha256:104892d505883f546166349c35e2d91a0b5669ee8be45017dba91a2a59e91ffb Public Key PIN: pin-sha256:EEiS1QWIP1RhZjScNeLZGgtWae6L5FAX26kaKlnpH/s= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --type=cert --id=0000 --label=caCert Created certificate: Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + CACRT_PEM=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CACRT=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt + openssl x509 -inform DER -in /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt -outform PEM -out /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem + CABASEURIWITHPINVALUE='pkcs11:id=%00%00?pin-value=12345678' + CABASEURIWITHPINSOURCE='pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + CABASEURI=pkcs11:id=%00%00 + CAPUBURI='pkcs11:type=public;id=%00%00' + CAPRIURI='pkcs11:type=private;id=%00%00' + CACRTURI='pkcs11:type=cert;object=caCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%00?pin-value=12345678' + echo 'pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%00 + echo 'pkcs11:type=public;id=%00%00' + echo 'pkcs11:type=private;id=%00%00' + echo 'pkcs11:type=cert;object=caCert' + echo '' + cat /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg RSA PKCS11 URIS pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%00 pkcs11:type=public;id=%00%00 pkcs11:type=private;id=%00%00 pkcs11:type=cert;object=caCert + echo 'organization = "PKCS11 Provider"' + sed -e '/^cert_signing_key$/d' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + KEYID=0001 + URIKEYID=%00%01 + TSTCRTN=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert --id=0001 Key pair generated: Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=public + ca_sign testCert 'My Test Cert' 0001 + LABEL=testCert + CN='My Test Cert' + KEYID=0001 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert|g' -e 's|serial = .*|serial = 3|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:03 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: Not Before: Sun Mar 30 11:09:03 UTC 2025 Not After: Mon Mar 30 11:09:03 UTC 2026 Subject: CN=My Test Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:cd:e1:87:15:15:b3:92:70:c0:0c:bf:27:80:2e:00 6f:0b:8f:2b:01:b8:df:df:18:56:29:3d:56:d2:cc:fc 5f:5a:aa:9b:c1:b1:83:f7:3c:6c:a6:92:80:8f:1b:90 2a:22:a1:43:41:e5:39:44:a5:99:8d:9e:23:d3:d7:e6 b9:a5:0f:ea:7d:37:11:75:88:6b:91:8f:00:57:ff:9d 86:75:ca:d3:67:1d:0a:ba:f4:ae:39:94:41:5b:86:86 45:5f:f0:93:fa:bb:3c:d5:21:e7:62:0b:65:97:f1:05 10:a0:bb:09:da:92:18:b4:44:c0:88:26:15:2a:9e:0d 80:f0:14:1e:3c:02:45:b8:b2:67:77:15:64:c0:1e:31 b9:2b:8d:a9:de:02:a4:ac:74:e4:d5:f3:7f:be:22:58 ce:98:fc:d9:38:fc:8d:f6:2e:23:86:d8:7c:55:8b:51 15:f6:ba:e5:ed:51:b0:b5:2e:73:88:d4:ca:e6:c0:34 10:f7:8f:97:be:73:79:21:ba:dd:af:03:5d:81:9b:8e e0:8d:c0:f9:ec:e4:8e:1f:e5:77:4e:1a:d2:66:ae:c2 78:3c:e6:29:ef:89:12:c2:1a:96:91:34:10:54:f8:3c 8c:60:2f:e8:86:8a:5e:5a:37:d9:20:ff:c6:c1:77:20 51 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): c7f71e65ef591bbc10dd898309db641da6301368 Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:c7f71e65ef591bbc10dd898309db641da6301368 sha256:2b9bf02eeb5f8d0a4fc08f41b7f678bb37735d22e8912311b8efbb57e1f0e15b Public Key PIN: pin-sha256:K5vwLutfjQpPwI9Bt/Z4uzdzXSLokSMRuO+7V+Hw4Vs= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert.crt --type=cert --id=0001 --label=testCert Created certificate: Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert + BASEURIWITHPINVALUE='pkcs11:id=%00%01?pin-value=12345678' + BASEURIWITHPINSOURCE='pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASEURI=pkcs11:id=%00%01 + PUBURI='pkcs11:type=public;id=%00%01' + PRIURI='pkcs11:type=private;id=%00%01' + CRTURI='pkcs11:type=cert;object=testCert' + title LINE 'RSA PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA PKCS11 URIS' + echo 'pkcs11:id=%00%01?pin-value=12345678' + echo 'pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%01 + echo 'pkcs11:type=public;id=%00%01' + echo 'pkcs11:type=private;id=%00%01' + echo 'pkcs11:type=cert;object=testCert' + echo '' + KEYID=0002 + URIKEYID=%00%02 + ECCRTN=ecCert RSA PKCS11 URIS pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%01 pkcs11:type=public;id=%00%01 pkcs11:type=private;id=%00%01 pkcs11:type=cert;object=testCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecCert --id=0002 Key pair generated: Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441046869a2133b0d1e5ee8413b75a43bd74137d73667f88043eb95a3bb11cfe1203092e345bd67c7e4c42347baae9fa56bdf1dd8c7cb61b263b68f084df2d734f34c EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public + ca_sign ecCert 'My EC Cert' 0002 + LABEL=ecCert + CN='My EC Cert' + KEYID=0002 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert|g' -e 's|serial = .*|serial = 4|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:03 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 04 Validity: Not Before: Sun Mar 30 11:09:03 UTC 2025 Not After: Mon Mar 30 11:09:03 UTC 2026 Subject: CN=My EC Cert,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 68:69:a2:13:3b:0d:1e:5e:e8:41:3b:75:a4:3b:d7:41 37:d7:36:67:f8:80:43:eb:95:a3:bb:11:cf:e1:20:30 Y: 00:92:e3:45:bd:67:c7:e4:c4:23:47:ba:ae:9f:a5:6b df:1d:d8:c7:cb:61:b2:63:b6:8f:08:4d:f2:d7:34:f3 4c Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 83851db2b56f0e86837433741883d734e2f3d977 Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:83851db2b56f0e86837433741883d734e2f3d977 sha256:a601a18d5c6212e3f78303725863050068d190d8ab61ec02dbc4ada5e623428c Public Key PIN: pin-sha256:pgGhjVxiEuP3gwNyWGMFAGjRkNirYewC28StpeYjQow= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert.crt --type=cert --id=0002 --label=ecCert Created certificate: Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert + ECBASEURIWITHPINVALUE='pkcs11:id=%00%02?pin-value=12345678' + ECBASEURIWITHPINSOURCE='pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASEURI=pkcs11:id=%00%02 + ECPUBURI='pkcs11:type=public;id=%00%02' + ECPRIURI='pkcs11:type=private;id=%00%02' + ECCRTURI='pkcs11:type=cert;object=ecCert' + KEYID=0003 + URIKEYID=%00%03 + ECPEERCRTN=ecPeerCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp256r1 --label=ecPeerCert --id=0003 Key pair generated: Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104c303c7b28b646c4f720eb93f92db980403f52f0dbc165ece33c0615c1b336aa40aa22bb26fa57f5f08696613b582fab2ba5ea2cd48b4c5f7df8d5686a8b2c11a EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public + crt_selfsign ecPeerCert 'My Peer EC Cert' 0003 + LABEL=ecPeerCert + CN='My Peer EC Cert' + KEYID=0003 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Peer EC Cert|g' -e 's|serial = .*|serial = 5|g' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg + /usr/bin/certtool --generate-self-signed --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cacert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecPeerCert;token=SoftHSM%20Token;type=public' --outder Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 05 Validity: Not Before: Sun Mar 30 11:09:03 UTC 2025 Not After: Mon Mar 30 11:09:03 UTC 2026 Subject: CN=My Peer EC Cert Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 00:c3:03:c7:b2:8b:64:6c:4f:72:0e:b9:3f:92:db:98 04:03:f5:2f:0d:bc:16:5e:ce:33:c0:61:5c:1b:33:6a a4 Y: 0a:a2:2b:b2:6f:a5:7f:5f:08:69:66:13:b5:82:fa:b2 ba:5e:a2:cd:48:b4:c5:f7:df:8d:56:86:a8:b2:c1:1a Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Certificate signing. Subject Key Identifier (not critical): 50fae8214d6c673ef8fc92af1a4d0fa92442b579 Other Information: Public Key ID: sha1:50fae8214d6c673ef8fc92af1a4d0fa92442b579 sha256:c7f8b5a2e29fc47e480236e3046630c6a1b51fc51acf8b3dd04ba99151c529c9 Public Key PIN: pin-sha256:x/i1ouKfxH5IAjbjBGYwxqG1H8Uaz4s90EupkVHFKck= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecPeerCert.crt --type=cert --id=0003 --label=ecPeerCert Created certificate: Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert + ECPEERBASEURIWITHPINVALUE='pkcs11:id=%00%03?pin-value=12345678' + ECPEERBASEURIWITHPINSOURCE='pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECPEERBASEURI=pkcs11:id=%00%03 + ECPEERPUBURI='pkcs11:type=public;id=%00%03' + ECPEERPRIURI='pkcs11:type=private;id=%00%03' + ECPEERCRTURI='pkcs11:type=cert;object=ecPeerCert' + title LINE 'EC PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC PKCS11 URIS' + echo 'pkcs11:id=%00%02?pin-value=12345678' + echo 'pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%02 + echo 'pkcs11:type=public;id=%00%02' + echo 'pkcs11:type=private;id=%00%02' + echo 'pkcs11:type=cert;object=ecCert' + echo 'pkcs11:id=%00%03?pin-value=12345678' + echo 'pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%03 + echo 'pkcs11:type=public;id=%00%03' + echo 'pkcs11:type=private;id=%00%03' + echo 'pkcs11:type=cert;object=ecPeerCert' + echo '' + '[' 1 -eq 1 ']' + KEYID=0004 + URIKEYID=%00%04 + EDCRTN=edCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:edwards25519 --label=edCert --id=0004 EC PKCS11 URIS pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%02 pkcs11:type=public;id=%00%02 pkcs11:type=private;id=%00%02 pkcs11:type=cert;object=ecCert pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%03 pkcs11:type=public;id=%00%03 pkcs11:type=private;id=%00%03 pkcs11:type=cert;object=ecPeerCert Key pair generated: Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 0420bc034762820e92349d8f3dff8242d29400a3ff2c40d7af7dee639017b50f26a4 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=public + ca_sign edCert 'My ED25519 Cert' 0004 + LABEL=edCert + CN='My ED25519 Cert' + KEYID=0004 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED25519 Cert|g' -e 's|serial = .*|serial = 6|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=edCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:03 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 06 Validity: Not Before: Sun Mar 30 11:09:03 UTC 2025 Not After: Mon Mar 30 11:09:03 UTC 2026 Subject: CN=My ED25519 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed25519) Algorithm Security Level: High (256 bits) Curve: Ed25519 X: bc:03:47:62:82:0e:92:34:9d:8f:3d:ff:82:42:d2:94 00:a3:ff:2c:40:d7:af:7d:ee:63:90:17:b5:0f:26:a4 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 4f24ac9d902b2ab7eb4f9cdc033816b49863a99c Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:4f24ac9d902b2ab7eb4f9cdc033816b49863a99c sha256:1f475920344d6d82ffa6c3f5d72996d70b88dacbb8aeb7ebc65e34a46214ee1a Public Key PIN: pin-sha256:H0dZIDRNbYL/psP11ymW1wuI2su4rrfrxl40pGIU7ho= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/edCert.crt --type=cert --id=0004 --label=edCert Created certificate: Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert + EDBASEURIWITHPINVALUE='pkcs11:id=%00%04;pin-value=12345678' + EDBASEURIWITHPINSOURCE='pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + EDBASEURI=pkcs11:id=%00%04 + EDPUBURI='pkcs11:type=public;id=%00%04' + EDPRIURI='pkcs11:type=private;id=%00%04' + EDCRTURI='pkcs11:type=cert;object=edCert' + title LINE 'ED25519 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED25519 PKCS11 URIS' + echo 'pkcs11:id=%00%04;pin-value=12345678' + echo 'pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%04 + echo 'pkcs11:type=public;id=%00%04' + echo 'pkcs11:type=private;id=%00%04' + echo 'pkcs11:type=cert;object=edCert' + '[' 1 -eq 1 ']' + KEYID=0009 + URIKEYID=%00%09 + ED2CRTN=ed2Cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:Ed448 --label=ed2Cert --id=0009 ED25519 PKCS11 URIS pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%04 pkcs11:type=public;id=%00%04 pkcs11:type=private;id=%00%04 pkcs11:type=cert;object=edCert Key pair generated: Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439a78436331077b0c6206fad3f22d3c65278ce98f3eb5952cbd928b90cb23319d506133767fbfdef8fc1948ba4f4693cb787391aabd6a6ec0380 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public + ca_sign ed2Cert 'My ED448 Cert' 0009 + LABEL=ed2Cert + CN='My ED448 Cert' + KEYID=0009 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My ED448 Cert|g' -e 's|serial = .*|serial = 7|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ed2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:04 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 07 Validity: Not Before: Sun Mar 30 11:09:04 UTC 2025 Not After: Mon Mar 30 11:09:04 UTC 2026 Subject: CN=My ED448 Cert,O=PKCS11 Provider Subject Public Key Algorithm: EdDSA (Ed448) Algorithm Security Level: Ultra (456 bits) Curve: Ed448 X: a7:84:36:33:10:77:b0:c6:20:6f:ad:3f:22:d3:c6:52 78:ce:98:f3:eb:59:52:cb:d9:28:b9:0c:b2:33:19:d5 06:13:37:67:fb:fd:ef:8f:c1:94:8b:a4:f4:69:3c:b7 87:39:1a:ab:d6:a6:ec:03:80 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): a039353eca3805186238fc2f172c170281eb30db Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:a039353eca3805186238fc2f172c170281eb30db sha256:986f1fc85b5f673192073b175206f0b90c9d4413e38281f8e2c0b95d39ca6998 Public Key PIN: pin-sha256:mG8fyFtfZzGSBzsXUgbwuQydRBPjgoH44sC5XTnKaZg= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ed2Cert.crt --type=cert --id=0009 --label=ed2Cert Created certificate: Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert + ED2BASEURIWITHPINVALUE='pkcs11:id=%00%09;pin-value=12345678' + ED2BASEURIWITHPINSOURCE='pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ED2BASEURI=pkcs11:id=%00%09 + ED2PUBURI='pkcs11:type=public;id=%00%09' + ED2PRIURI='pkcs11:type=private;id=%00%09' + ED2CRTURI='pkcs11:type=cert;object=ed2Cert' + title LINE 'ED448 PKCS11 URIS' + case "$1" in + shift 1 + echo 'ED448 PKCS11 URIS' ED448 PKCS11 URIS pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%09 pkcs11:type=public;id=%00%09 pkcs11:type=private;id=%00%09 pkcs11:type=cert;object=ed2Cert + echo 'pkcs11:id=%00%09;pin-value=12345678' + echo 'pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%09 + echo 'pkcs11:type=public;id=%00%09' + echo 'pkcs11:type=private;id=%00%09' + echo 'pkcs11:type=cert;object=ed2Cert' + title PARA 'generate RSA key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 ## generate RSA key pair, self-signed certificate, remove public key + echo '' + echo '## generate RSA key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0005 + URIKEYID=%00%05 + TSTCRTN=testCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testCert2 --id=0005 Key pair generated: Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: testCert2 ID: 0005 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public + ca_sign testCert2 'My Test Cert 2' 0005 + LABEL=testCert2 + CN='My Test Cert 2' + KEYID=0005 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My Test Cert 2|g' -e 's|serial = .*|serial = 8|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:04 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 08 Validity: Not Before: Sun Mar 30 11:09:04 UTC 2025 Not After: Mon Mar 30 11:09:04 UTC 2026 Subject: CN=My Test Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:b7:ff:0f:59:90:41:32:1c:77:27:d9:eb:f4:e2:ac d4:ab:ff:09:37:bd:18:45:90:66:5a:c0:bc:aa:47:d3 3c:e8:7c:9c:19:05:7d:9d:6c:0d:79:06:c9:4f:c1:3a 42:7c:1a:ab:be:b0:69:5a:8b:bb:eb:ec:42:5a:9a:6f 6a:0b:ff:12:40:42:b8:5f:7f:25:63:fc:d6:4f:af:38 a4:2c:39:de:fd:4e:d4:ae:9f:db:79:2d:73:18:b7:93 05:16:ce:a1:58:5e:8f:39:b9:4d:b2:69:84:fc:2e:77 bf:ff:f2:ce:91:84:d9:31:b0:82:88:28:9c:bd:bb:5a 1a:53:24:bb:41:db:2d:8a:f7:e2:38:84:12:3f:a1:14 01:3f:63:e3:69:1e:d0:d3:32:54:53:8d:3b:fa:c5:e7 1d:66:59:64:58:97:ed:3b:db:1d:4c:d0:e7:78:2a:39 99:79:a2:e3:aa:c5:7e:3b:4f:0e:4a:f4:ad:ac:58:ad 54:19:8f:6b:8f:f0:00:85:63:58:53:ed:ea:00:29:bc 7d:f2:5d:6a:d5:eb:1e:e3:0e:1f:23:54:97:0b:11:2b 41:3d:d6:43:d5:d5:f0:10:36:89:b3:3c:3d:aa:ce:84 b3:0a:9e:10:a3:89:0f:24:fe:c1:a0:22:11:f1:90:43 51 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 92258c12a5fb804ecec784016e64a7906caa1b4b Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:92258c12a5fb804ecec784016e64a7906caa1b4b sha256:a2fbb7306880aab5067e7e9da4777f9cf1884c1fd639034d9677c49fa2b49555 Public Key PIN: pin-sha256:ovu3MGiAqrUGfn6dpHd/nPGITB/WOQNNlnfEn6K0lVU= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testCert2.crt --type=cert --id=0005 --label=testCert2 Created certificate: Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0005 + BASE2URIWITHPINVALUE='pkcs11:id=%00%05?pin-value=12345678' + BASE2URIWITHPINSOURCE='pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + BASE2URI=pkcs11:id=%00%05 + PRI2URI='pkcs11:type=private;id=%00%05' + CRT2URI='pkcs11:type=cert;object=testCert2' + title LINE 'RSA2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA2 PKCS11 URIS' + echo 'pkcs11:id=%00%05?pin-value=12345678' + echo 'pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%05 + echo 'pkcs11:type=private;id=%00%05' + echo 'pkcs11:type=cert;object=testCert2' + echo '' + title PARA 'generate EC key pair, self-signed certificate, remove public key' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair, self-signed certificate, remove public key' + '[' -f '' ']' + KEYID=0006 + URIKEYID=%00%06 + TSTCRTN=ecCert2 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp384r1 --label=ecCert2 --id=0006 RSA2 PKCS11 URIS pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%05 pkcs11:type=private;id=%00%05 pkcs11:type=cert;object=testCert2 ## generate EC key pair, self-signed certificate, remove public key Key pair generated: Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Public Key Object; EC EC_POINT 384 bits EC_POINT: 046104ae0dd50359c7015485cdc9e3d571d474a0e4307deaa25e2454336b9114881ad63e012f9f083227716a5f80bd0ffc01ff1ccb262a22de61601df27a456bcdf00fe6dbaeb7e868634c73b12cd8204d04083c430e126cddc2efc1bfa776a774cbc0 EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34) label: ecCert2 ID: 0006 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public + ca_sign ecCert2 'My EC Cert 2' 0006 + LABEL=ecCert2 + CN='My EC Cert 2' + KEYID=0006 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 2|g' -e 's|serial = .*|serial = 9|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert2;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:04 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 09 Validity: Not Before: Sun Mar 30 11:09:04 UTC 2025 Not After: Mon Mar 30 11:09:04 UTC 2026 Subject: CN=My EC Cert 2,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Ultra (384 bits) Curve: SECP384R1 X: 00:ae:0d:d5:03:59:c7:01:54:85:cd:c9:e3:d5:71:d4 74:a0:e4:30:7d:ea:a2:5e:24:54:33:6b:91:14:88:1a d6:3e:01:2f:9f:08:32:27:71:6a:5f:80:bd:0f:fc:01 ff Y: 1c:cb:26:2a:22:de:61:60:1d:f2:7a:45:6b:cd:f0:0f e6:db:ae:b7:e8:68:63:4c:73:b1:2c:d8:20:4d:04:08 3c:43:0e:12:6c:dd:c2:ef:c1:bf:a7:76:a7:74:cb:c0 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): c0b783ad01ebc23e7ef80fe30c00b1e84925a0c6 Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:c0b783ad01ebc23e7ef80fe30c00b1e84925a0c6 sha256:91265fb2f385de6338f1778932647e1a301a8db4ad57ffae730ab14462580a13 Public Key PIN: pin-sha256:kSZfsvOF3mM48XeJMmR+GjAajbStV/+ucwqxRGJYChM= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert2.crt --type=cert --id=0006 --label=ecCert2 Created certificate: Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --delete-object --type pubkey --id 0006 + ECBASE2URIWITHPINVALUE='pkcs11:id=%00%06?pin-value=12345678' + ECBASE2URIWITHPINSOURCE='pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE2URI=pkcs11:id=%00%06 + ECPRI2URI='pkcs11:type=private;id=%00%06' + ECCRT2URI='pkcs11:type=cert;object=ecCert2' + title LINE 'EC2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC2 PKCS11 URIS' + echo 'pkcs11:id=%00%06?pin-value=12345678' + echo 'pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%06 + echo 'pkcs11:type=private;id=%00%06' + echo 'pkcs11:type=cert;object=ecCert2' + echo '' + '[' -z '' ']' + title PARA 'explicit EC unsupported' + case "$1" in + shift 1 + echo '' + echo '## explicit EC unsupported' + '[' -f '' ']' + title PARA 'generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + case "$1" in + shift 1 + echo '' + echo '## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate' + '[' -f '' ']' + KEYID=0008 + URIKEYID=%00%08 + TSTCRTN=ecCert3 + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=EC:secp521r1 --label=ecCert3 --id=0008 --always-auth EC2 PKCS11 URIS pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%06 pkcs11:type=private;id=%00%06 pkcs11:type=cert;object=ecCert2 ## explicit EC unsupported ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate Key pair generated: Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 04818504002fe205024aa55e08a0d4a6b81b0a41350203920953584dfc0f1d44982635a19d70379cc0063c4fe05c590f1821643bed231d3ab93a375676aa456ea8aac568bb4600f691bb6cf1e394e70b7f08dd52a05e7d11355dbc48b93a7ebd0287d01ce3e80394bab1c38b05f10386476ec6d7dbfb093e961e9ca8202af536caeb766f6e553191 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public + ca_sign ecCert3 'My EC Cert 3' 0008 + LABEL=ecCert3 + CN='My EC Cert 3' + KEYID=0008 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My EC Cert 3|g' -e 's|serial = .*|serial = 10|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=ecCert3;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' Generating a signed certificate... Expiration time: Sun Mar 29 23:09:04 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0a Validity: Not Before: Sun Mar 30 11:09:04 UTC 2025 Not After: Mon Mar 30 11:09:04 UTC 2026 Subject: CN=My EC Cert 3,O=PKCS11 Provider Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: Future (528 bits) Curve: SECP521R1 X: 2f:e2:05:02:4a:a5:5e:08:a0:d4:a6:b8:1b:0a:41:35 02:03:92:09:53:58:4d:fc:0f:1d:44:98:26:35:a1:9d 70:37:9c:c0:06:3c:4f:e0:5c:59:0f:18:21:64:3b:ed 23:1d:3a:b9:3a:37:56:76:aa:45:6e:a8:aa:c5:68:bb 46 Y: 00:f6:91:bb:6c:f1:e3:94:e7:0b:7f:08:dd:52:a0:5e 7d:11:35:5d:bc:48:b9:3a:7e:bd:02:87:d0:1c:e3:e8 03:94:ba:b1:c3:8b:05:f1:03:86:47:6e:c6:d7:db:fb 09:3e:96:1e:9c:a8:20:2a:f5:36:ca:eb:76:6f:6e:55 31:91 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Subject Key Identifier (not critical): ef4e073c2e917545d019d73c4646400bc552768a Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:ef4e073c2e917545d019d73c4646400bc552768a sha256:68a132e9a2ce32b5d79f9c8dc86a179ee08e5effce74e34f7f9b6578aa61acff Public Key PIN: pin-sha256:aKEy6aLOMrXXn5yNyGoXnuCOXv/OdONPf5tleKphrP8= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/ecCert3.crt --type=cert --id=0008 --label=ecCert3 Created certificate: Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert + ECBASE3URIWITHPINVALUE='pkcs11:id=%00%08?pin-value=12345678' + ECBASE3URIWITHPINSOURCE='pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + ECBASE3URI=pkcs11:id=%00%08 + ECPUB3URI='pkcs11:type=public;id=%00%08' + ECPRI3URI='pkcs11:type=private;id=%00%08' + ECCRT3URI='pkcs11:type=cert;object=ecCert3' + title LINE 'EC3 PKCS11 URIS' + case "$1" in + shift 1 + echo 'EC3 PKCS11 URIS' + echo 'pkcs11:id=%00%08?pin-value=12345678' + echo 'pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%08 + echo 'pkcs11:type=public;id=%00%08' + echo 'pkcs11:type=private;id=%00%08' EC3 PKCS11 URIS pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%08 pkcs11:type=public;id=%00%08 pkcs11:type=private;id=%00%08 + echo 'pkcs11:type=cert;object=ecCert3' + echo '' pkcs11:type=cert;object=ecCert3 + '[' 1 -eq 1 ']' + KEYID=0010 + URIKEYID=%00%10 + TSTCRTN=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:2048 --label=testRsaPssCert --id=0010 --allowed-mechanisms RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS Key pair generated: Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public + ca_sign testRsaPssCert 'My RsaPss Cert' 0010 --sign-params=RSA-PSS + LABEL=testRsaPssCert + CN='My RsaPss Cert' + KEYID=0010 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss Cert|g' -e 's|serial = .*|serial = 11|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPssCert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS Generating a signed certificate... Expiration time: Sun Mar 29 23:09:06 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0b Validity: Not Before: Sun Mar 30 11:09:06 UTC 2025 Not After: Mon Mar 30 11:09:06 UTC 2026 Subject: CN=My RsaPss Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:b9:76:d2:e2:d2:cc:e9:67:35:af:63:f6:82:83:65 fe:60:2e:97:80:cb:86:e9:3d:84:7c:b7:36:a7:cb:8f b2:3c:c4:15:a4:ca:da:ef:d4:1f:79:87:06:93:9e:f4 78:0d:ab:20:7d:78:c1:07:8c:51:ec:ca:4b:7b:f3:35 05:d2:1b:f8:05:34:36:27:3f:37:e1:11:01:98:a6:08 28:4a:10:de:a0:54:7a:d0:7b:1a:bb:86:5e:53:a7:1f 6b:df:fd:e9:b1:15:39:ce:b0:ce:61:88:91:66:e3:ca 4d:13:e2:4e:f7:35:6e:10:3d:64:dc:19:94:e9:22:d3 a5:0c:01:62:ad:39:6c:28:73:f9:6b:b0:3f:22:39:76 7c:d2:2d:fa:f8:6d:2e:b7:6f:ab:60:14:10:7c:21:04 73:8a:dc:8c:b3:fb:ac:b5:d7:0d:7e:42:79:bc:1d:e0 4b:f5:e2:30:ce:ee:25:de:75:d1:25:e9:8c:69:b2:61 db:6e:52:40:11:df:3d:2f:fb:32:f8:c7:d3:5e:b0:f9 92:6d:5c:25:47:51:1c:59:93:7b:5b:60:79:ea:44:68 47:50:39:98:ec:ca:47:a0:95:8d:07:21:1e:4f:ef:0d 4c:06:53:d9:a7:5d:0a:65:7a:17:77:42:eb:92:60:20 15 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 3c99db2f32eb03e9f16027a584867a07de165aba Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:3c99db2f32eb03e9f16027a584867a07de165aba sha256:86b1588b2b38d106412330f59b39dfe07278042f3dd8a02430858984b5cce5c7 Public Key PIN: pin-sha256:hrFYiys40QZBIzD1mznf4HJ4BC892KAkMIWJhLXM5cc= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPssCert.crt --type=cert --id=0010 --label=testRsaPssCert Created certificate: Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert + RSAPSSBASEURIWITHPINVALUE='pkcs11:id=%00%10?pin-value=12345678' + RSAPSSBASEURIWITHPINSOURCE='pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSSBASEURI=pkcs11:id=%00%10 + RSAPSSPUBURI='pkcs11:type=public;id=%00%10' + RSAPSSPRIURI='pkcs11:type=private;id=%00%10' + RSAPSSCRTURI='pkcs11:type=cert;object=testRsaPssCert' + title LINE 'RSA-PSS PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS PKCS11 URIS' + echo 'pkcs11:id=%00%10?pin-value=12345678' + echo 'pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%10 + echo 'pkcs11:type=public;id=%00%10' + echo 'pkcs11:type=private;id=%00%10' + echo 'pkcs11:type=cert;object=testRsaPssCert' + echo '' + KEYID=0011 + URIKEYID=%00%11 + TSTCRTN=testRsaPss2Cert RSA-PSS PKCS11 URIS pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%10 pkcs11:type=public;id=%00%10 pkcs11:type=private;id=%00%10 pkcs11:type=cert;object=testRsaPssCert + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --keypairgen --key-type=RSA:3092 --label=testRsaPss2Cert --id=0011 --allowed-mechanisms SHA256-RSA-PKCS-PSS Key pair generated: Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public + ca_sign testRsaPss2Cert 'My RsaPss2 Cert' 0011 --sign-params=RSA-PSS --hash=SHA256 + LABEL=testRsaPss2Cert + CN='My RsaPss2 Cert' + KEYID=0011 + shift 3 + (( SERIAL+=1 )) + sed -e 's|cn = .*|cn = My RsaPss2 Cert|g' -e 's|serial = .*|serial = 12|g' -e '/^ca$/d' -i /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg + /usr/bin/certtool --generate-certificate --outfile=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --template=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/cert.cfg --provider=/usr/lib/softhsm/libsofthsm2.so --load-privkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=private' --load-pubkey 'pkcs11:object=testRsaPss2Cert;token=SoftHSM%20Token;type=public' --outder --load-ca-certificate /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.crt --inder '--load-ca-privkey=pkcs11:object=caCert;token=SoftHSM%20Token;type=private' --sign-params=RSA-PSS --hash=SHA256 Generating a signed certificate... Expiration time: Sun Mar 29 23:09:07 2026 CA expiration time: Sun Mar 29 23:09:02 2026 Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 0c Validity: Not Before: Sun Mar 30 11:09:07 UTC 2025 Not After: Mon Mar 30 11:09:07 UTC 2026 Subject: CN=My RsaPss2 Cert,O=PKCS11 Provider Subject Public Key Algorithm: RSA Algorithm Security Level: High (3092 bits) Modulus (bits 3092): 0c:64:55:72:67:58:2b:42:ef:48:68:36:ec:71:b2:89 a6:40:28:f2:a4:90:92:cf:b2:45:da:38:2f:a3:6d:f1 fc:e5:c0:ad:b7:bc:3a:0d:00:77:e1:96:4f:38:58:be 20:9a:77:15:3d:db:82:41:c4:b8:b6:b2:49:9e:fc:a2 71:64:af:14:0b:f1:eb:6e:72:5d:2d:dc:4a:7e:26:e2 73:dc:7c:bb:19:64:68:e2:16:d4:70:be:ec:a2:f8:2f e5:2c:d6:94:ac:d1:2c:bb:e0:86:07:7d:88:0e:74:d3 eb:71:90:8e:5b:e6:f4:58:fc:65:63:2e:3c:69:d3:72 23:17:9d:42:9f:f7:08:4b:a9:16:fd:3c:a0:97:f9:33 ef:44:26:99:c4:64:28:6a:37:36:e4:99:1a:74:7b:e7 de:c8:f8:9f:66:a5:02:82:2b:56:e7:5a:0f:07:b0:c4 b7:06:0d:3f:6f:f6:3b:ad:bc:b9:a7:a4:b1:ca:1b:c9 79:91:04:1a:53:ca:e8:39:88:1b:1c:07:9a:32:a9:cb 54:73:40:db:df:64:39:3c:55:e6:ec:88:8b:2e:a8:c8 b8:33:4c:78:8a:15:50:48:46:2e:36:47:0d:25:f2:a0 de:42:b8:d0:d4:99:92:ab:0b:29:7b:1f:6b:fe:11:50 b0:cf:60:19:96:6d:eb:ed:76:5b:d4:f0:c4:8a:d3:69 01:ae:e2:26:f5:9f:b9:bc:c6:6e:85:3c:5f:ca:21:49 f2:a5:e1:a2:cd:af:e7:65:3c:00:28:6d:b5:3d:cc:a5 bb:7e:31:cc:4d:44:33:0b:fe:13:80:89:6a:75:47:0e 78:b0:83:20:7c:3d:9b:48:4d:c1:df:1b:29:5a:38:a9 ef:1a:ab:45:ee:6a:79:f9:74:99:e6:2d:ab:e4:4a:64 1b:a8:38:3e:b6:3f:9b:db:f0:e7:d4:d7:ab:ac:48:65 29:66:12:cd:06:50:57:ac:4d:33:2b:d4:d2:57:f1:27 b6:5e:33 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Alternative Name (not critical): RFC822Name: testcert@example.org Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 402c2cda6a198e83a113ce228cdb75705929d3f4 Authority Key Identifier (not critical): 301955a7e37d1d98d29e58807329c703d100ba53 Other Information: Public Key ID: sha1:402c2cda6a198e83a113ce228cdb75705929d3f4 sha256:5643e15ebece5bf17a50942f69aba4b7082487087843d94725ee7e7fd24deb63 Public Key PIN: pin-sha256:VkPhXr7OW/F6UJQvaauktwgkhwh4Q9lHJe5+f9JN62M= Signing certificate... + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' --write-object /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testRsaPss2Cert.crt --type=cert --id=0011 --label=testRsaPss2Cert Created certificate: Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert + RSAPSS2BASEURIWITHPINVALUE='pkcs11:id=%00%11?pin-value=12345678' + RSAPSS2BASEURIWITHPINSOURCE='pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + RSAPSS2BASEURI=pkcs11:id=%00%11 + RSAPSS2PUBURI='pkcs11:type=public;id=%00%11' + RSAPSS2PRIURI='pkcs11:type=private;id=%00%11' + RSAPSS2CRTURI='pkcs11:type=cert;object=testRsaPss2Cert' + title LINE 'RSA-PSS 2 PKCS11 URIS' + case "$1" in + shift 1 + echo 'RSA-PSS 2 PKCS11 URIS' + echo 'pkcs11:id=%00%11?pin-value=12345678' + echo 'pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt' + echo pkcs11:id=%00%11 + echo 'pkcs11:type=public;id=%00%11' RSA-PSS 2 PKCS11 URIS pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt pkcs11:id=%00%11 pkcs11:type=public;id=%00%11 pkcs11:type=private;id=%00%11 + echo 'pkcs11:type=private;id=%00%11' + echo 'pkcs11:type=cert;object=testRsaPss2Cert' + echo '' + title PARA 'Show contents of softhsm token' + case "$1" in + shift 1 + echo '' + echo '## Show contents of softhsm token' + '[' -f '' ']' + echo ' ----------------------------------------------------------------------------------------------------' + pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --login --pin=12345678 '--token-label=SoftHSM Token' -O pkcs11:type=cert;object=testRsaPss2Cert ## Show contents of softhsm token ---------------------------------------------------------------------------------------------------- Certificate Object; type = X.509 cert label: testRsaPss2Cert subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert serial: 0C ID: 0011 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert Private Key Object; EC label: ecCert2 ID: 0006 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private Private Key Object; EC_EDWARDS label: ed2Cert ID: 0009 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private Certificate Object; type = X.509 cert label: edCert subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert serial: 06 ID: 0004 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert Public Key Object; EC_EDWARDS EC_POINT 472 bits EC_POINT: 0439a78436331077b0c6206fad3f22d3c65278ce98f3eb5952cbd928b90cb23319d506133767fbfdef8fc1948ba4f4693cb787391aabd6a6ec0380 EC_PARAMS: 06032b6571 (OID 1.3.101.113) label: ed2Cert ID: 0009 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public Certificate Object; type = X.509 cert label: testCert2 subject: DN: O=PKCS11 Provider, CN=My Test Cert 2 serial: 08 ID: 0005 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert Private Key Object; RSA label: caCert ID: 0000 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=private Certificate Object; type = X.509 cert label: ed2Cert subject: DN: O=PKCS11 Provider, CN=My ED448 Cert serial: 07 ID: 0009 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441046869a2133b0d1e5ee8413b75a43bd74137d73667f88043eb95a3bb11cfe1203092e345bd67c7e4c42347baae9fa56bdf1dd8c7cb61b263b68f084df2d734f34c EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecCert ID: 0002 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public Public Key Object; EC_EDWARDS EC_POINT 272 bits EC_POINT: 0420bc034762820e92349d8f3dff8242d29400a3ff2c40d7af7dee639017b50f26a4 EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519) label: edCert ID: 0004 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=public Private Key Object; EC label: ecPeerCert ID: 0003 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private Certificate Object; type = X.509 cert label: ecCert subject: DN: O=PKCS11 Provider, CN=My EC Cert serial: 04 ID: 0002 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert Private Key Object; RSA label: testRsaPssCert ID: 0010 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private Private Key Object; RSA label: testCert2 ID: 0005 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private Public Key Object; RSA 2048 bits label: caCert ID: 0000 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=public Certificate Object; type = X.509 cert label: ecCert2 subject: DN: O=PKCS11 Provider, CN=My EC Cert 2 serial: 09 ID: 0006 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert Public Key Object; RSA 2048 bits label: testCert ID: 0001 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=public Certificate Object; type = X.509 cert label: ecPeerCert subject: DN: CN=My Peer EC Cert serial: 05 ID: 0003 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert Public Key Object; RSA 2048 bits label: testRsaPssCert ID: 0010 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104c303c7b28b646c4f720eb93f92db980403f52f0dbc165ece33c0615c1b336aa40aa22bb26fa57f5f08696613b582fab2ba5ea2cd48b4c5f7df8d5686a8b2c11a EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7) label: ecPeerCert ID: 0003 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public Private Key Object; EC label: ecCert3 ID: 0008 Usage: decrypt, sign, signRecover, unwrap, derive Access: always authenticate, sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private Certificate Object; type = X.509 cert label: testRsaPssCert subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert serial: 0B ID: 0010 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert Private Key Object; EC_EDWARDS label: edCert ID: 0004 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0004;object=edCert;type=private Public Key Object; EC EC_POINT 528 bits EC_POINT: 04818504002fe205024aa55e08a0d4a6b81b0a41350203920953584dfc0f1d44982635a19d70379cc0063c4fe05c590f1821643bed231d3ab93a375676aa456ea8aac568bb4600f691bb6cf1e394e70b7f08dd52a05e7d11355dbc48b93a7ebd0287d01ce3e80394bab1c38b05f10386476ec6d7dbfb093e961e9ca8202af536caeb766f6e553191 EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35) label: ecCert3 ID: 0008 Usage: encrypt, verify, verifyRecover, wrap, derive Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public Private Key Object; RSA label: testCert ID: 0001 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=private Private Key Object; EC label: ecCert ID: 0002 Usage: decrypt, sign, signRecover, unwrap, derive Access: sensitive, always sensitive, never extractable, local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private Public Key Object; RSA 3092 bits label: testRsaPss2Cert ID: 0011 Usage: encrypt, verify, verifyRecover, wrap Access: local uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public Private Key Object; RSA label: testRsaPss2Cert ID: 0011 Usage: decrypt, sign, signRecover, unwrap Access: sensitive, always sensitive, never extractable, local Allowed mechanisms: SHA256-RSA-PKCS-PSS uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private Certificate Object; type = X.509 cert label: testCert subject: DN: O=PKCS11 Provider, CN=My Test Cert serial: 03 ID: 0001 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert Certificate Object; type = X.509 cert label: ecCert3 subject: DN: O=PKCS11 Provider, CN=My EC Cert 3 serial: 0A ID: 0008 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert Certificate Object; type = X.509 cert label: caCert subject: DN: CN=Issuer serial: 02 ID: 0000 uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert + echo ' ----------------------------------------------------------------------------------------------------' + title PARA 'Output configurations' + case "$1" in + shift 1 + echo '' + echo '## Output configurations' + '[' -f '' ']' + OPENSSL_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf + title LINE 'Generate openssl config file' + case "$1" in + shift 1 + echo 'Generate openssl config file' + sed -e 's|@libtoollibs@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src|g' -e 's|@testsblddir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests|g' -e 's|@testsdir@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm|g' -e 's|@SHARED_EXT@|.so|g' -e 's|@PINFILE@|/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/pinfile.txt|g' -e 's|##TOKENOPTIONS|\npkcs11-module-quirks = no-deinit no-operation-state|g' /build/reproducible-path/pkcs11-provider-1.0/tests/openssl.cnf.in ---------------------------------------------------------------------------------------------------- ## Output configurations Generate openssl config file + title LINE 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + case "$1" in + shift 1 + echo 'Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars' + cat Export test variables to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + '[' -n pkcs11:id=%00%04 ']' + cat + '[' -n pkcs11:id=%00%09 ']' + cat + '[' -n '' ']' + '[' -n pkcs11:id=%00%10 ']' + cat + cat + gen_unsetvars + grep '^export' /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/testvars + sed -e s/export/unset/ -e 's/=.*$//' + title ENDSECTION + case "$1" in + echo '' + echo ' ##' + echo '########################################' + echo '' ## ######################################## ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 2/92 pkcs11-provider:softhsm / setup OK 5.93s 3/92 pkcs11-provider:kryoptic / setup RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so MALLOC_PERTURB_=54 TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic == softhsm ']' + '[' kryoptic == softokn ']' + '[' kryoptic == kryoptic ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh ++ title SECTION 'Searching for Kryoptic module' ++ case "$1" in ++ shift 1 ++ echo '########################################' ++ echo '## Searching for Kryoptic module' ++ echo '' ++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/debug/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /target/release/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so ++ for _lib in "$@" ++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so ++ for _lib in "$@" ++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so ++ echo 'skipped: Unable to find kryoptic PKCS#11 library' ++ exit 0 ######################################## ## Searching for Kryoptic module skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 3/92 pkcs11-provider:kryoptic / setup OK 0.03s 4/92 pkcs11-provider:kryoptic.nss / setup RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 SOFTOKNPATH=/usr/lib/i386-linux-gnu LIBSPATH=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests P11KITCLIENTPATH=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-client.so UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=250 SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh kryoptic.nss ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests ++ helper_emit=1 ++ sed --version ++ grep -q 'GNU sed' ++ sed_inplace=('-i') ++ export sed_inplace + '[' 1 -ne 1 ']' + TOKENTYPE=kryoptic.nss + SUPPORT_ED25519=1 + SUPPORT_ED448=1 + SUPPORT_RSA_PKCS1_ENCRYPTION=1 + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1 + SUPPORT_TLSFUZZER=1 + SUPPORT_ALLOWED_MECHANISMS=0 ++ opensc-tool -i ++ grep OpenSC ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/' Failed to establish context: Unable to load external module + OPENSC_VERSION=26 + [[ 26 -le 25 ]] + [[ '' = \1 ]] ++ cat /proc/sys/crypto/fips_enabled + [[ 0 = \1 ]] + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss ']' + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/tokens + PINVALUE=12345678 + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/pinfile.txt + echo 12345678 + export GNUTLS_PIN=12345678 + GNUTLS_PIN=12345678 + '[' kryoptic.nss == softhsm ']' + '[' kryoptic.nss == softokn ']' + '[' kryoptic.nss == kryoptic ']' + '[' kryoptic.nss == kryoptic.nss ']' + source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic.nss-init.sh ++ export KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ KRYOPTIC_CONF=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/kryoptic.nss/kryoptic.conf ++ cat ++ export 'TOKENLABEL=Kryoptic Soft Token' ++ TOKENLABEL='Kryoptic Soft Token' ++ export TOKENLABELURI=Kryoptic%20Soft%20Token ++ TOKENLABELURI=Kryoptic%20Soft%20Token ++ source /build/reproducible-path/pkcs11-provider-1.0/tests/kryoptic-init.sh +++ title SECTION 'Searching for Kryoptic module' +++ case "$1" in +++ shift 1 +++ echo '########################################' +++ echo '## Searching for Kryoptic module' +++ echo '' +++ find_kryoptic /target/debug/libkryoptic_pkcs11.so /target/release/libkryoptic_pkcs11.so /usr/local/lib/kryoptic/libkryoptic_pkcs11so /usr/lib64/pkcs11/libkryoptic_pkcs11.so /usr/lib/pkcs11/libkryoptic_pkcs11.so /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/debug/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /target/release/libkryoptic_pkcs11.so +++ for _lib in "$@" ######################################## ## Searching for Kryoptic module +++ test -f /usr/local/lib/kryoptic/libkryoptic_pkcs11so +++ for _lib in "$@" +++ test -f /usr/lib64/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/pkcs11/libkryoptic_pkcs11.so +++ for _lib in "$@" +++ test -f /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so +++ echo 'skipped: Unable to find kryoptic PKCS#11 library' +++ exit 0 skipped: Unable to find kryoptic PKCS#11 library ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 4/92 pkcs11-provider:kryoptic.nss / setup OK 0.04s 5/92 pkcs11-provider:softokn / basic RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=151 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 5/92 pkcs11-provider:softokn / basic SKIP 0.01s exit status 77 6/92 pkcs11-provider:softhsm / basic RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=151 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tbasic ## Raw Sign check error openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:none -in ${TMPPDIR}/64Brandom.bin -out ${TMPPDIR}/raw-sig.bin Public Key operation error 0027FBF7:error:0200007A:rsa routines:p11prov_sig_operate:data too small for key size:../src/signature.c:971: ## Sign and Verify with provided Hash and RSA openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## Sign and Verify with provided Hash and RSA with DigestInfo struct openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${PRIURI}" -pkeyopt digest:sha256 -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-sig.bin openssl pkeyutl -verify -inkey "${PUBURI}" -pkeyopt digest:sha256 -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-sig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully RSA basic encrypt and decrypt openssl pkeyutl -encrypt -inkey "${PUBURI}" -pubin -in ${SECRETFILE} -out ${SECRETFILE}.enc openssl pkeyutl -decrypt -inkey "${PRIURI}" -in ${SECRETFILE}.enc -out ${SECRETFILE}.dec ## Test Disallow Public Export openssl pkey -in $PUBURI -pubin -pubout -text ## Test CSR generation from RSA private keys openssl req -new -batch -key "${PRIURI}" -out ${TMPPDIR}/rsa_csr.pem openssl req -in ${TMPPDIR}/rsa_csr.pem -verify -noout Certificate request self-signature verify OK ## Test fetching public keys without PIN in config files openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/rsa.pub.nopin.pem openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ec.pub.nopin.pem openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/ed.pub.nopin.pem ## Test fetching public keys with a PIN in URI openssl pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripin.pem openssl pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem openssl pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem openssl pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem ## Test fetching public keys with a PIN source in URI openssl pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem openssl pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem openssl pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem openssl pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem ## Test prompting without PIN in config files ## Test EVP_PKEY_eq on public RSA key both on token ## Test EVP_PKEY_eq on public EC key both on token ## Test EVP_PKEY_eq on public RSA key via import ## Match private RSA key against public key ## Match private RSA key against public key (commutativity) ## Test EVP_PKEY_eq on public EC key via import ## Match private EC key against public key ## Match private EC key against public key (commutativity) ## Test EVP_PKEY_eq with key exporting disabled ## Test RSA key ## Test EC key ## Test PIN caching Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1472295143 - SoftHSM slot ID 0x57c170e7):" Returning: 12345678 Child Done ALL A-OK! Prompt: "Enter pass phrase for PKCS#11 Token (Slot 1472295143 - SoftHSM slot ID 0x57c170e7):" Returning: 12345678 Child Done ALL A-OK! ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ## Test Key generation Performed tests: 4 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 6/92 pkcs11-provider:softhsm / basic OK 13.44s 7/92 pkcs11-provider:kryoptic / basic RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=134 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 7/92 pkcs11-provider:kryoptic / basic SKIP 0.01s exit status 77 8/92 pkcs11-provider:kryoptic.nss / basic RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=224 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper basic-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 8/92 pkcs11-provider:kryoptic.nss / basic SKIP 0.01s exit status 77 9/92 pkcs11-provider:softokn / pubkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=42 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 9/92 pkcs11-provider:softokn / pubkey SKIP 0.01s exit status 77 10/92 pkcs11-provider:softhsm / pubkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=140 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tpubkey ## Export RSA Public key to a file openssl pkey -in $BASEURI -pubin -pubout -out ${TMPPDIR}/baseout.pub Export Public key to a file (pub-uri) openssl pkey -in $PUBURI -pubin -pubout -out ${TMPPDIR}/pubout.pub Print Public key from private openssl pkey -in $PRIURI -pubout -text ## Export Public check error openssl pkey -in pkcs11:id=%de%ad -pubin -pubout -out ${TMPPDIR}/pubout-invlid.pub Could not find private key of Public Key from pkcs11:id=%de%ad ## Export EC Public key to a file openssl pkey -in $ECBASEURI -pubin -pubout -out ${TMPPDIR}/baseecout.pub Export EC Public key to a file (pub-uri) openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/pubecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Check we can get RSA public keys from certificate objects Export Public key to a file (priv-uri) openssl pkey -in $PRI2URI -pubout -out ${TMPPDIR}/priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $BASE2URI -pubout -out ${TMPPDIR}/base-cert.pub ## Check we can get EC public keys from certificate objects Export Public EC key to a file (priv-uri) openssl pkey -in $ECPRI2URI -pubout -out ${TMPPDIR}/ec-priv-cert.pub Export Public key to a file (base-uri) openssl pkey -in $ECBASE2URI -pubout -out ${TMPPDIR}/ec-base-cert.pub ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 10/92 pkcs11-provider:softhsm / pubkey OK 0.48s 11/92 pkcs11-provider:kryoptic / pubkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=114 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 11/92 pkcs11-provider:kryoptic / pubkey SKIP 0.01s exit status 77 12/92 pkcs11-provider:kryoptic.nss / pubkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=108 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pubkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 12/92 pkcs11-provider:kryoptic.nss / pubkey SKIP 0.01s exit status 77 13/92 pkcs11-provider:softokn / certs RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=225 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 13/92 pkcs11-provider:softokn / certs SKIP 0.01s exit status 77 14/92 pkcs11-provider:softhsm / certs RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=52 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tcerts ## Check we can fetch certifiatce objects openssl x509 -in ${CRTURI} -subject -out ${TMPPDIR}/crt-subj.txt openssl x509 -in ${ECCRTURI} -subject -out ${TMPPDIR}/eccrt-subj.txt ## Use storeutl command to match specific certs via params openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate openssl storeutl -certs -subject "${subj}" -out ${TMPPDIR}/storeutl-crt-subj.txt pkcs11:type=cert 0: Certificate ## Test fetching certificate without PIN in config files openssl x509 -in $CRTURI -subject -out ${TMPPDIR}/crt-subj-nopin.txt ## Test fetching certificate via STORE api Cert load successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 14/92 pkcs11-provider:softhsm / certs OK 0.34s 15/92 pkcs11-provider:kryoptic / certs RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=155 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 15/92 pkcs11-provider:kryoptic / certs SKIP 0.01s exit status 77 16/92 pkcs11-provider:kryoptic.nss / certs RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=48 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper certs-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 16/92 pkcs11-provider:kryoptic.nss / certs SKIP 0.01s exit status 77 17/92 pkcs11-provider:softokn / ecc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=4 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 17/92 pkcs11-provider:softokn / ecc SKIP 0.01s exit status 77 18/92 pkcs11-provider:softhsm / ecc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=126 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecc ## Export EC Public key to a file openssl pkey -in $ECPUBURI -pubin -pubout -out ${TMPPDIR}/ecout.pub Print EC Public key from private openssl pkey -in $ECPRIURI -pubout -text ## Sign and Verify with provided Hash and EC openssl dgst -sha256 -binary -out ${TMPPDIR}/sha256.bin ${SEEDFILE} openssl pkeyutl -sign -inkey "${ECBASEURI}" -in ${TMPPDIR}/sha256.bin -out ${TMPPDIR}/sha256-ecsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully openssl pkeyutl -verify -inkey "${TMPPDIR}/ecout.pub" -pubin -in ${TMPPDIR}/sha256.bin -sigfile ${TMPPDIR}/sha256-ecsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha512-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-256) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-256 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-256-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-256 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-256-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-384) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-384 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-384-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-384 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-384-ecdgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with ECC (SHA3-512) openssl pkeyutl -sign -inkey "${ECBASEURI}" -digest sha3-512 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha3-512-ecdgstsig.bin openssl pkeyutl -verify -inkey "${ECBASEURI}" -pubin -digest sha3-512 -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha3-512-ecdgstsig.bin Signature Verified Successfully ## Test CSR generation from private ECC keys openssl req -new -batch -key "${ECPRIURI}" -out ${TMPPDIR}/ecdsa_csr.pem openssl req -in ${TMPPDIR}/ecdsa_csr.pem -verify -noout Certificate request self-signature verify OK ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 18/92 pkcs11-provider:softhsm / ecc OK 0.73s 19/92 pkcs11-provider:kryoptic / ecc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=211 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 19/92 pkcs11-provider:kryoptic / ecc SKIP 0.01s exit status 77 20/92 pkcs11-provider:kryoptic.nss / ecc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=203 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 20/92 pkcs11-provider:kryoptic.nss / ecc SKIP 0.01s exit status 77 21/92 pkcs11-provider:softhsm / edwards RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=195 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tedwards ## Export ED25519 Public key to a file openssl pkey -in $EDPUBURI -pubin -pubout -out ${TMPPDIR}/edout.pub Print ED25519 Public key from private openssl pkey -in $EDPRIURI -pubout -text ## DigestSign and DigestVerify with ED25519 openssl pkeyutl -sign -inkey "${EDBASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${EDBASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED25519 keys openssl req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem openssl req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED key via import ## Match private ED key against public key ## Match private ED key against public key (commutativity) ## Test Key generation Performed tests: 1 ## Export ED448 Public key to a file openssl pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub Print ED448 Public key from private openssl pkey -in $ED2PRIURI -pubout -text ## DigestSign and DigestVerify with ED448 openssl pkeyutl -sign -inkey "${ED2BASEURI}" -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-eddgstsig.bin openssl pkeyutl -verify -inkey "${ED2BASEURI}" -pubin -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-eddgstsig.bin Signature Verified Successfully ## Test CSR generation from private ED448 keys openssl req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem openssl req -in ${TMPPDIR}/ed448_csr.pem -verify -noout Certificate request self-signature verify OK ## Test EVP_PKEY_eq on public Edwards key both on token ## Test EVP_PKEY_eq on public ED448 key via import ## Match private ED448 key against public key ## Match private ED448 key against public key (commutativity) ## Test Ed448 Key generation Performed tests: 1 ## Test interactive Login on key without ALWAYS AUTHENTICATE expect: spawn id exp3 not open while executing "expect "ALL A-OK"" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 21/92 pkcs11-provider:softhsm / edwards OK 1.49s 22/92 pkcs11-provider:kryoptic / edwards RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=228 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 22/92 pkcs11-provider:kryoptic / edwards SKIP 0.01s exit status 77 23/92 pkcs11-provider:kryoptic.nss / edwards RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=119 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper edwards-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 23/92 pkcs11-provider:kryoptic.nss / edwards SKIP 0.01s exit status 77 24/92 pkcs11-provider:softokn / ecdh RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=103 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 24/92 pkcs11-provider:softokn / ecdh SKIP 0.01s exit status 77 25/92 pkcs11-provider:kryoptic / ecdh RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=249 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 25/92 pkcs11-provider:kryoptic / ecdh SKIP 0.01s exit status 77 26/92 pkcs11-provider:kryoptic.nss / ecdh RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=41 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecdh-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 26/92 pkcs11-provider:kryoptic.nss / ecdh SKIP 0.01s exit status 77 27/92 pkcs11-provider:softokn / democa RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=27 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 27/92 pkcs11-provider:softokn / democa SKIP 0.01s exit status 77 28/92 pkcs11-provider:softhsm / democa RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=241 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdemoca ## Set up demoCA ## Generating CA cert if needed openssl req -batch -noenc -x509 -new -key ${PRIURI} -out ${DEMOCA}/cacert.pem ## Generating a new CSR with key in file openssl req -batch -noenc -newkey rsa:2048 -subj "/CN=testing-csr-signing/O=PKCS11 Provider/C=US" -keyout ${DEMOCA}/cert.key -out ${DEMOCA}/cert.csr .+++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++*.+...++++++ ....+.+......+...+..+..........+++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++*......+......+........+.+...+........+.......+......+.................+..........+........+.+........+.+......+.........+..+.......+.....+......+....+......+............+.........+...+..+...+......+.+...+........+.......+.....+.+.....+.+...........+..........+..+................+............+..+...+....+...............+.........+..+....+...+.....+.+......+......+...............+...............+...+.................+..................+.+..............+.......+...+......+........+.+..+....+......+.....+.........+....+.....+....+..+..........+.....+...+.+..+.......+.....+......+.+......+..+............+......+.......+...+........+.+.....+.+.....+.......+.....+.......+........+..................+.......+...+.................+......+.+...+..+......+....+...+..+.+.....+...+............+....+.....+.........+....+......+..+...+....+...........+.........+.......+.....+.+..+......+.+......+...+.....................+........+.+......+...+.....+.+......+.....+.+...............+..+.+.....+......+......+...+.+...+......+.........+..+.+..+............+.........+.......+...+.....+......+..........++++++ ----- ## Signing the new certificate openssl ca -batch -in ${DEMOCA}/cert.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-csr-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:25 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA key in token openssl req -batch -noenc -new -key ${PRIURI} -subj "/CN=testing-rsa-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa.csr ## Signing the new RSA key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsa-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:25 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing EC key in token openssl req -batch -noenc -new -key ${ECPRIURI} -subj "/CN=testing-ec-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ec.csr ## Signing the new EC key certificate openssl ca -batch -in ${DEMOCA}/cert-ec.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ec-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:25 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED key in token openssl req -batch -noenc -new -key ${EDPRIURI} -subj "/CN=testing-ed-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed.csr ## Signing the new ED key certificate openssl ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:25 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing ED448 key in token openssl req -batch -noenc -new -key ${ED2PRIURI} -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-ed2.csr ## Signing the new ED448 key certificate openssl ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-ed2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:26 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSSPRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -sigopt rsa_padding_mode:pss -out ${DEMOCA}/cert-rsa-pss.csr ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:26 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing SHA256 restricted RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-sha2-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 ## Signing the new SHA256 restricted RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-sha2-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:26 2026 GMT (365 days) Write out database with 1 new entries Database updated openssl x509 -text -in ${DEMOCA}/cert.pem ## Generating a new CSR with existing RSA-PSS key in token openssl req -batch -noenc -new -key ${RSAPSS2PRIURI} -sigopt rsa_padding_mode:pss -subj "/CN=testing-rsapss-signing/O=PKCS11 Provider/C=US" -out ${DEMOCA}/cert-rsa-pss2.csr -sigopt rsa_padding_mode:pss -sigopt digest:sha256 -sigopt rsa_pss_saltlen:-2 ## Signing the new RSA-PSS key certificate openssl ca -batch -in ${DEMOCA}/cert-rsa-pss.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'testing-rsapss-signing' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:26 2026 GMT (365 days) Write out database with 1 new entries Database updated ## Set up OCSP openssl req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" -key ${PRIURI} -out ${DEMOCA}/ocspSigning.csr openssl ca -batch -keyfile ${PRIURI} -cert ${DEMOCA}/cacert.pem -in ${DEMOCA}/ocspSigning.csr -out ${DEMOCA}/ocspSigning.pem Using configuration from /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'OCSP' organizationName :ASN.1 12:'PKCS11 Provider' countryName :PRINTABLE:'US' Certificate is to be certified until Mar 30 11:09:26 2026 GMT (365 days) Write out database with 1 new entries Database updated ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 28/92 pkcs11-provider:softhsm / democa OK 2.15s 29/92 pkcs11-provider:kryoptic / democa RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=92 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 29/92 pkcs11-provider:kryoptic / democa SKIP 0.01s exit status 77 30/92 pkcs11-provider:kryoptic.nss / democa RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=162 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper democa-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 30/92 pkcs11-provider:kryoptic.nss / democa SKIP 0.01s exit status 77 31/92 pkcs11-provider:softokn / digest RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=212 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 31/92 pkcs11-provider:softokn / digest SKIP 0.01s exit status 77 32/92 pkcs11-provider:softhsm / digest RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=151 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tdigest ## Test Digests support sha512-224: Unsupported by pkcs11 token sha512-256: Unsupported by pkcs11 token sha3-224: Unsupported by pkcs11 token sha3-256: Unsupported by pkcs11 token sha3-384: Unsupported by pkcs11 token sha3-512: Unsupported by pkcs11 token PASSED ## Test Digests Blocked No digest available for testing pkcs11 provider Digest operations failed as expected ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 32/92 pkcs11-provider:softhsm / digest OK 0.09s 33/92 pkcs11-provider:kryoptic / digest RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=3 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 33/92 pkcs11-provider:kryoptic / digest SKIP 0.01s exit status 77 34/92 pkcs11-provider:kryoptic.nss / digest RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=232 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper digest-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 34/92 pkcs11-provider:kryoptic.nss / digest SKIP 0.01s exit status 77 35/92 pkcs11-provider:softokn / fork RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=99 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 35/92 pkcs11-provider:softokn / fork SKIP 0.01s exit status 77 36/92 pkcs11-provider:softhsm / fork RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=176 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tfork Child Done Child Done ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 36/92 pkcs11-provider:softhsm / fork OK 0.45s 37/92 pkcs11-provider:kryoptic / fork RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=36 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 37/92 pkcs11-provider:kryoptic / fork SKIP 0.01s exit status 77 38/92 pkcs11-provider:kryoptic.nss / fork RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=121 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper fork-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 38/92 pkcs11-provider:kryoptic.nss / fork SKIP 0.01s exit status 77 39/92 pkcs11-provider:softokn / oaepsha2 RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=246 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 39/92 pkcs11-provider:softokn / oaepsha2 SKIP 0.01s exit status 77 40/92 pkcs11-provider:kryoptic / oaepsha2 RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=177 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 40/92 pkcs11-provider:kryoptic / oaepsha2 SKIP 0.01s exit status 77 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=128 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper oaepsha2-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 41/92 pkcs11-provider:kryoptic.nss / oaepsha2 SKIP 0.01s exit status 77 42/92 pkcs11-provider:softokn / hkdf RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=124 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 42/92 pkcs11-provider:softokn / hkdf SKIP 0.01s exit status 77 43/92 pkcs11-provider:kryoptic / hkdf RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=136 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 43/92 pkcs11-provider:kryoptic / hkdf SKIP 0.01s exit status 77 44/92 pkcs11-provider:kryoptic.nss / hkdf RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=109 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper hkdf-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 44/92 pkcs11-provider:kryoptic.nss / hkdf SKIP 0.01s exit status 77 45/92 pkcs11-provider:softokn / imported RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=139 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 45/92 pkcs11-provider:softokn / imported SKIP 0.01s exit status 77 46/92 pkcs11-provider:kryoptic / imported RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=248 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 46/92 pkcs11-provider:kryoptic / imported SKIP 0.01s exit status 77 47/92 pkcs11-provider:kryoptic.nss / imported RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests MALLOC_PERTURB_=108 TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper imported-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 47/92 pkcs11-provider:kryoptic.nss / imported SKIP 0.01s exit status 77 48/92 pkcs11-provider:softokn / rsapss RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 48/92 pkcs11-provider:softokn / rsapss SKIP 0.01s exit status 77 49/92 pkcs11-provider:softhsm / rsapss RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=185 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapss ## DigestSign and DigestVerify with RSA PSS openssl pkeyutl -sign -inkey "${BASEURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-dgstsig.bin Signature Verified Successfully ## DigestSign and DigestVerify with RSA PSS with default params openssl pkeyutl -sign -inkey "${BASEURI}" -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -out ${TMPPDIR}/def-dgstsig.bin openssl pkeyutl -verify -inkey "${BASEURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully Re-verify using OpenSSL default provider openssl pkeyutl -verify -inkey "${PUBURI}" -pubin -pkeyopt pad-mode:pss -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/def-dgstsig.bin Signature Verified Successfully ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 49/92 pkcs11-provider:softhsm / rsapss OK 0.26s 50/92 pkcs11-provider:kryoptic / rsapss RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=73 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 50/92 pkcs11-provider:kryoptic / rsapss SKIP 0.01s exit status 77 51/92 pkcs11-provider:kryoptic.nss / rsapss RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=94 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapss-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 51/92 pkcs11-provider:kryoptic.nss / rsapss SKIP 0.01s exit status 77 52/92 pkcs11-provider:softhsm / rsapssam RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=30 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trsapssam ## DigestSign and DigestVerify with RSA PSS (SHA256 restriction) openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin openssl pkeyutl -verify -inkey "${RSAPSS2PUBURI}" -pubin -digest sha256 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha256 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -sigfile ${TMPPDIR}/sha256-rsapps-genpkey-dgstsig.bin Signature Verified Successfully ## Fail DigestSign with RSA PSS because of restricted Digest openssl pkeyutl -sign -inkey "${RSAPSS2PRIURI}" -digest sha384 -pkeyopt pad-mode:pss -pkeyopt mgf1-digest:sha384 -pkeyopt saltlen:digest -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsapps-genpkey-dgstsig.bin 2>&1 ## Fail Signing with RSA PKCS1 mech and RSA-PSS key openssl pkeyutl -sign -inkey "${RSAPSSPRIURI}" -digest sha256 -pkeyopt rsa_padding_mode:pkcs1 -in ${RAND64FILE} -rawin -out ${TMPPDIR}/sha384-rsa-not-rsapss-sig.bin 2>&1 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 52/92 pkcs11-provider:softhsm / rsapssam OK 0.21s 53/92 pkcs11-provider:kryoptic / rsapssam RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=60 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rsapssam-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 53/92 pkcs11-provider:kryoptic / rsapssam SKIP 0.01s exit status 77 54/92 pkcs11-provider:softokn / genkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=219 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 54/92 pkcs11-provider:softokn / genkey SKIP 0.01s exit status 77 55/92 pkcs11-provider:softhsm / genkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tgenkey Performed tests: 0 ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 55/92 pkcs11-provider:softhsm / genkey OK 0.02s 56/92 pkcs11-provider:kryoptic / genkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=139 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 56/92 pkcs11-provider:kryoptic / genkey SKIP 0.01s exit status 77 57/92 pkcs11-provider:kryoptic.nss / genkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=30 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper genkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 57/92 pkcs11-provider:kryoptic.nss / genkey SKIP 0.01s exit status 77 58/92 pkcs11-provider:softokn / pkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=43 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 58/92 pkcs11-provider:softokn / pkey SKIP 0.01s exit status 77 59/92 pkcs11-provider:softhsm / pkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=152 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tpkey ALL A-OK! ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 59/92 pkcs11-provider:softhsm / pkey OK 0.80s 60/92 pkcs11-provider:kryoptic / pkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=101 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 60/92 pkcs11-provider:kryoptic / pkey SKIP 0.01s exit status 77 61/92 pkcs11-provider:kryoptic.nss / pkey RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=19 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pkey-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 61/92 pkcs11-provider:kryoptic.nss / pkey SKIP 0.01s exit status 77 62/92 pkcs11-provider:softokn / session RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=54 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 62/92 pkcs11-provider:softokn / session SKIP 0.01s exit status 77 63/92 pkcs11-provider:softhsm / session RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=252 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/tsession ALL A-OK!―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 63/92 pkcs11-provider:softhsm / session OK 0.45s 64/92 pkcs11-provider:kryoptic / session RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=225 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 64/92 pkcs11-provider:kryoptic / session SKIP 0.01s exit status 77 65/92 pkcs11-provider:kryoptic.nss / session RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=61 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper session-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 65/92 pkcs11-provider:kryoptic.nss / session SKIP 0.01s exit status 77 66/92 pkcs11-provider:softokn / rand RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=14 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 66/92 pkcs11-provider:softokn / rand SKIP 0.01s exit status 77 67/92 pkcs11-provider:softhsm / rand RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=210 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/trand ## Test PKCS11 RNG openssl rand 1 40A9FFF7:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (PKCS11-RAND : 0), Properties () 40A9FFF7:error:12000090:random number generator:rand_new_drbg:unable to fetch drbg:../crypto/rand/rand_lib.c:660: openssl rand 1 A ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 67/92 pkcs11-provider:softhsm / rand OK 0.08s 68/92 pkcs11-provider:kryoptic / rand RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=8 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 68/92 pkcs11-provider:kryoptic / rand SKIP 0.01s exit status 77 69/92 pkcs11-provider:kryoptic.nss / rand RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=132 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper rand-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 69/92 pkcs11-provider:kryoptic.nss / rand SKIP 0.01s exit status 77 70/92 pkcs11-provider:softokn / readkeys RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=120 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 70/92 pkcs11-provider:softokn / readkeys SKIP 0.01s exit status 77 71/92 pkcs11-provider:softhsm / readkeys RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=248 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/treadkeys ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 71/92 pkcs11-provider:softhsm / readkeys OK 0.06s 72/92 pkcs11-provider:kryoptic / readkeys RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=229 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 72/92 pkcs11-provider:kryoptic / readkeys SKIP 0.01s exit status 77 73/92 pkcs11-provider:kryoptic.nss / readkeys RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=126 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper readkeys-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 73/92 pkcs11-provider:kryoptic.nss / readkeys SKIP 0.01s exit status 77 74/92 pkcs11-provider:softokn / tls RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=214 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 74/92 pkcs11-provider:softokn / tls SKIP 0.01s exit status 77 75/92 pkcs11-provider:softhsm / tls RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=70 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttls ## Test SSL_CTX creation SSL Context works! ## Test setting cert/keys on TLS Context Cert and Key successfully set on TLS Context! ## Test setting cert/keys on TLS Context w/o pub key Cert and Key successfully set on TLS Context! ## Test an actual TLS connection ######################################## ## TLS with key in provider ## Run sanity test with default values (RSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 701E4B5B9C34941998FBC36F48546DBB853452A3AC135C7C8AF82C1EAA61446A Session-ID-ctx: Resumption PSK: B9B5FDEA274325F2C4EC4D8F33E1195EB32B05760CB2B2C7C3AD922499F5D7A06F3ABD9C9EE2913432804B433E45757A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - be 25 a3 2a 7f be 9b da-2c 32 01 07 09 f6 4a 35 .%.*....,2....J5 0010 - ca e2 84 a3 01 f4 f4 45-ee 81 b0 fe b9 41 36 a1 .......E.....A6. 0020 - be fa 12 fc 9d 76 66 df-78 18 72 93 2b cf d2 90 .....vf.x.r.+... 0030 - f2 da 53 c5 51 99 e7 35-0d e4 0d dd 4d 76 2f 14 ..S.Q..5....Mv/. 0040 - 9b 99 9e b3 17 14 8a 84-38 20 2d 7d a2 e5 fc 72 ........8 -}...r 0050 - 1c a6 7e 92 c9 0c f0 3c-0e 48 0d 5f 02 6d a0 75 ..~....<.H._.m.u 0060 - e4 c0 24 53 6f 18 d3 ec-d4 6f 99 15 78 5c ef 1d ..$So....o..x\.. 0070 - d3 2e c7 1d a0 40 5b 4b-6a c6 18 67 7d da 67 70 .....@[Kj..g}.gp 0080 - 28 ab 73 e3 32 72 7d 3c-63 ec f1 ed ed fa 1f f1 (.s.2r}.. 0080 - 06 e9 6e 6c ae 66 a3 b5-91 84 f3 eb 5a 3d 96 df ..nl.f......Z=.. 0090 - 4e 28 4d 30 df d6 e9 9c-d9 25 23 ac 7a 04 09 28 N(M0.....%#.z..( 00a0 - 34 b8 f1 ac ac 01 5a 70-0e 54 f3 16 c9 41 02 9a 4.....Zp.T...A.. 00b0 - df d8 22 af 9c 2f 41 bb-f1 66 93 e0 8a f7 51 30 .."../A..f....Q0 00c0 - 22 76 e0 95 1b d2 b6 ef-77 ea 84 05 3d 8e f7 03 "v......w...=... Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4029F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIKm5KwOldpjXsB61XrScnxzk8UIC7cfyTpRC9WS0Pvbu BDC5kpKT8xv+Zo64FtIPJBdNY6PIZPmzCl74cYWP5GDM5vIDrqAlqb7Cx6GZtUae gQahBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgYCBCFaPTmzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3092 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 30 11:09:30 2025 GMT; NotAfter: Apr 29 11:09:30 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUadeX3MYTkstaEMDgxku0U47NijkwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzMwMTEwOTMwWhcNMjUwNDI5MTEwOTMwWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwxkVXJnWCtC70hoNuxx sommQCjypJCSz7JF2jgvo23x/OXArbe8Og0Ad+GWTzhYviCadxU924JBxLi2skme /KJxZK8UC/HrbnJdLdxKfibic9x8uxlkaOIW1HC+7KL4L+Us1pSs0Sy74IYHfYgO dNPrcZCOW+b0WPxlYy48adNyIxedQp/3CEupFv08oJf5M+9EJpnEZChqNzbkmRp0 e+feyPifZqUCgitW51oPB7DEtwYNP2/2O628uaekscobyXmRBBpTyug5iBscB5oy qctUc0Db32Q5PFXm7IiLLqjIuDNMeIoVUEhGLjZHDSXyoN5CuNDUmZKrCyl7H2v+ EVCwz2AZlm3r7XZb1PDEitNpAa7iJvWfubzGboU8X8ohSfKl4aLNr+dlPAAobbU9 zKW7fjHMTUQzC/4TgIlqdUcOeLCDIHw9m0hNwd8bKVo4qe8aq0Xuann5dJnmLavk SmQbqDg+tj+b2/Dn1NerrEhlKWYSzQZQV6xNMyvU0lfxJ7ZeMwIDAQABo2kwZzAd BgNVHQ4EFgQUMu+b/6XXEAkK/SPVfP0XmtSQVzIwHwYDVR0jBBgwFoAUMu+b/6XX EAkK/SPVfP0XmtSQVzIwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAJzSELEYCi6w+KfwsV7APDcaBHfcAjF 7GAhRBmM/Vclf80cwdOS/CgfmNoR29VatCtYuV4BqPCzIy2g2KlAbmZ7kzmGD4j8 ROaHMXlRUhXF3arN4vyMOJUwCP4M3MXO5RsD1d9hKkBpItGHMKZfJ34hEvNNTJOE yOPwWodFweQrjCjFJraS+xLJE33gHL7NHq0ArjmweZZLhOueVPITBpRTk9kIk6T7 kP+v1CQD3RLutGJUdcel4vb55no2aYg8o5Rs3VBsJf+G/9V7vaxVCtH1rptDvSVR XYAvl1i22m49qi4DQgNcxseYhPEvIqtN53SNY5yyYYAr99V6NhgTcjhZXEggN87z sLooXzxeYHr7uBIZACase/xLxi4KwMGGxTl4zt7+eSU1RJwp6/JpxVDXeQnuTr1n feGnBzq+BIaACr5FNaNxCbPNzw+SedZXzufYKxBSJ3X46eO/xv0Y+FVMZvFseAfE kxshBPROIhuDpUkeAPJo1sDKX4drvmQyHA1V2Q== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3092 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: E291DFD57BEA6F2E3F4DE714A6F045FCEC9ED29B2C2F8A8090D98799FD0412E5 Session-ID-ctx: Resumption PSK: A0E9A5F4EF3A8507696FD784B18A9C37BF2E8E721EC3CE533AAD5DC66C07808DFEA061B60EB14895A172A5F2FF2D69E6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 00 9d b3 8f 77 c8 0a 63-c4 e2 90 f0 41 f2 84 eb ....w..c....A... 0010 - eb ec b5 56 30 72 ac 45-b2 c7 6d e2 18 6a a0 00 ...V0r.E..m..j.. 0020 - 42 1f 69 f7 b2 4a fc 05-d9 13 dc 21 81 85 44 0c B.i..J.....!..D. 0030 - dd 89 08 d8 b2 2c 9a 2e-f2 46 52 8b 88 44 8f 54 .....,...FR..D.T 0040 - 8e 55 52 7d ad 42 5d 30-49 d4 7b 78 6c 36 c6 7a .UR}.B]0I.{xl6.z 0050 - 0c 36 e0 f8 f8 11 ec 25-f8 c5 06 d3 2c b3 65 bd .6.....%....,.e. 0060 - 9c ab 18 d4 5e 66 65 f6-3e 5a 55 81 43 98 4c 23 ....^fe.>ZU.C.L# 0070 - a0 c2 8b 84 00 b3 d4 f8-5f a8 9a fb 23 24 02 c1 ........_...#$.. 0080 - 4d 85 ac f4 74 55 e8 d4-d2 ee a0 da 8a b9 4c 8b M...tU........L. 0090 - 0b e6 3c 05 cc af 2a ef-b2 2e 42 42 5d ec af 4b ..<...*...BB]..K 00a0 - 36 e6 7c f1 78 0b 6a f1-59 a4 35 af 9d 4f 17 97 6.|.x.j.Y.5..O.. 00b0 - 93 71 cc 65 a1 68 09 c2-16 81 9b a2 31 77 ae 6d .q.e.h......1w.m 00c0 - 9a 5d 67 a8 48 49 2c a6-ac 3d 6c 28 f8 da 8f 84 .]g.HI,..=l(.... Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 729DE688C9C326BC4E5054DBE446A36A03317CA2A7EA65F15E76226F60A7B3D6 Session-ID-ctx: Resumption PSK: 1894A6B22C19C721BF4661A7B575E2FBE4D49A084B5874DF28E04E59E4E61FC051B4217DDE69ECBC54B0CC58BCF4D064 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 00 9d b3 8f 77 c8 0a 63-c4 e2 90 f0 41 f2 84 eb ....w..c....A... 0010 - e1 93 6a 89 ee df 24 53-7e 2d dc 35 49 86 ce 29 ..j...$S~-.5I..) 0020 - fe ba 47 c6 97 28 ef 82-94 13 23 fe e1 4e bb c7 ..G..(....#..N.. 0030 - 2a 0c 7b 83 67 c0 97 e3-83 4b af 9c 2e 5a e2 b6 *.{.g....K...Z.. 0040 - 1d 72 2d ad 2a e8 98 d4-48 84 93 e9 ea c9 f1 cc .r-.*...H....... 0050 - 81 e6 f4 34 5c 01 a4 cc-6d a8 a9 2e 97 b6 06 fa ...4\...m....... 0060 - c6 2d fe ce 21 71 97 10-5b 0b 18 a1 38 30 8f 40 .-..!q..[...80.@ 0070 - 00 33 c9 b0 3b b7 db 38-48 7a 06 c7 9d 13 91 c6 .3..;..8Hz...... 0080 - 8e 27 d6 73 29 07 53 c6-2d 26 71 e7 23 98 b4 57 .'.s).S.-&q.#..W 0090 - 3a ca 43 85 06 43 f5 ec-22 97 20 b9 c4 a7 ae 0d :.C..C..". ..... 00a0 - fb 6b f6 79 fd b4 88 39-d2 73 0b 1a b7 cd ed bf .k.y...9.s...... 00b0 - 7e cb 9f cf d9 65 7a 53-d2 f4 42 1b 55 65 b9 f1 ~....ezS..B.Ue.. 00c0 - 34 b9 b2 14 10 c5 e7 66-92 41 95 68 9b 8a 09 70 4......f.A.h...p Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069ECF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%11 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-sha256.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEICqU3RZh4zVY6XNc9thdgBU3lmlcdI502tynTwdv2uzL BDAYlKayLBnHIb9GYae1deL75NSaCEtYdN8o4E5Z5OYfwFG0IX3eaey8VLDMWLz0 0GShBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgcCBQDDVo6xswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1002 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7D894E961EC1CD89BAE2139464D45CCEFB55B689161C9C4FE6F301A86788D9DC Session-ID-ctx: Resumption PSK: 5F237C54D4326F1D851CAFF7D1166D6AA3EEA2873D5EFEF1F366948CBC64C501636A43796B8E380DF2D78160F0CC844E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 77 ef ca cc e5 f6 b2 74-a5 8b 6e 26 42 54 d4 f0 w......t..n&BT.. 0010 - aa 32 8c 1e 70 eb d0 03-f7 36 74 9a 53 9e 78 68 .2..p....6t.S.xh 0020 - 57 03 6a 13 25 f0 3b 18-68 cc 13 34 fe df 76 5a W.j.%.;.h..4..vZ 0030 - 09 47 15 38 88 d8 10 2a-ae ac 0f 15 2d e8 35 2e .G.8...*....-.5. 0040 - 99 43 c7 42 df 8c 2b 74-07 e6 a5 43 1a af e3 55 .C.B..+t...C...U 0050 - f2 30 2c 4b 96 cf 69 4f-38 29 4c 15 cb 42 62 ce .0,K..iO8)L..Bb. 0060 - 49 74 fa 83 c6 f3 a9 ff-69 56 99 b3 b5 df 4d 1f It......iV....M. 0070 - 6b 97 b2 e6 9a 7c 46 3e-82 17 01 74 92 c5 0a 68 k....|F>...t...h 0080 - 08 eb 88 65 b6 d9 fd 88-bf 8d 85 02 47 35 a4 db ...e........G5.. 0090 - 4a 53 be 41 db ef 88 2c-6b 3f d4 df 08 84 29 37 JS.A...,k?....)7 00a0 - fc d0 81 92 50 ab 54 5b-a4 37 d8 7d bc f4 a7 b6 ....P.T[.7.}.... 00b0 - d8 4d 6f ca 2e 88 1b 4a-de 59 a9 5f cb ce 07 c3 .Mo....J.Y._.... 00c0 - 14 02 1f 95 cc 3b 27 97-1e 88 30 f9 b0 68 4a e1 .....;'...0..hJ. Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 2E885149EABEBF26845EE874A795945094945A3ED0590264539CAC38D9D921FD Session-ID-ctx: Resumption PSK: 05059BFCC9AEBE77E79D77442AAC03973A9FBCDA4B96C039F0074B210C9695FDAEA36772B68ADFD032C2412169A3C0DC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 77 ef ca cc e5 f6 b2 74-a5 8b 6e 26 42 54 d4 f0 w......t..n&BT.. 0010 - b4 67 81 07 52 a2 b3 1c-2c 36 6f 6e c2 3e 75 f3 .g..R...,6on.>u. 0020 - 11 ba bc 30 f1 fa 1c 0f-02 d9 6c a4 29 f2 94 90 ...0......l.)... 0030 - 57 c0 99 29 53 1f 84 14-16 30 12 9b 33 dd 31 78 W..)S....0..3.1x 0040 - 8f 13 e6 c5 77 bd 61 8b-b2 b6 81 b1 ea e6 a0 92 ....w.a......... 0050 - 3d dd 8b 0e 1d 35 00 c5-e2 ff 19 c2 3f 44 71 07 =....5......?Dq. 0060 - 3e 0c 33 3d 7e 46 78 74-c8 bc 12 1e 48 44 9b a1 >.3=~Fxt....HD.. 0070 - 07 6c 27 3f e4 5e 8e d9-39 4b 3a e6 81 f7 42 ef .l'?.^..9K:...B. 0080 - 33 a2 00 36 f6 5b 59 8f-c2 79 0b b3 3b 59 3c 18 3..6.[Y..y..;Y<. 0090 - 63 53 a4 c8 3c cd 15 8e-15 0b a0 fc 70 13 cf 22 cS..<.......p.." 00a0 - fd 27 84 8b 26 48 fb 95-f0 73 8e 5b cd 8e 81 21 .'..&H...s.[...! 00b0 - f1 38 00 8a ec bd 13 f3-c4 9d aa 6e 3d 68 ef 8e .8.........n=h.. 00c0 - 36 0d 74 cd ad 77 13 50-3b 68 55 31 21 8a 43 d9 6.t..w.P;hU1!.C. Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIKeIWsbKNyxE/xvhAX8ehGEprqaTRKs6/Iyc9wy3noLe BDAFBZv8ya6+d+edd0QqrAOXOp+82kuWwDnwB0shDJaV/a6jZ3K2it/QMsJBIWmj wNyhBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgcCBQDFI1H+swMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhALwDR2KCDpI0nY89/4JC0pQAo/8sQNevfe5jkBe1Dyako4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFE8krJ2QKyq360+c3AM4FrSYY6mcMB8GA1UdIwQY MBaAFDAZVafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQBIahDh p0UyJThR4jeMcjFydptFYNTFKZDkev1+L0NNASWmC1IimwvBBw+NMVGTDF+S8nwr /fvhE4NzZyBxEhCtf4jLvFnYr7u7P0AkJHkBXporMdgC69lQgt4DI+g1cTtsldXh SsbMtx+vQEPahWOrFOqmZd/4zkkqJVbhrPSspJi6whWVUcf0w2bz0/TUP1Xk6PD0 P+ZmKlz1vU1VmVxlse1Sgh3zBvXTWu7S+cEV2ItzN2NxZ9EADtfSHqIzjOLPOQGo UOOIXmHmIU2OpisV5k1wBYhpqCDZZq5igTibTTUIY6dXxmV564BfLte1AwKfahbQ c0DSR8U8vTJacvz0 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 080944E02704CDA8CCD2F9C2C9361EB6DE01E77C0A653E9C54BDC57C2F95527C Session-ID-ctx: Resumption PSK: 4EC540951508DA3D4B0EB8D629563FD50C7200D54977B3EE3B685997A9C240595F0EEEEF574B2DE0141414E7DA035043 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef 2c 6d e2 03 b9 09 8c-da 4d 3b b4 05 8c bd 7c .,m......M;....| 0010 - af a5 cd 94 f8 a4 38 a0-48 da 1a 8f d0 e4 14 76 ......8.H......v 0020 - e2 86 f4 e7 b3 e5 aa ba-46 99 05 75 db 9f d1 20 ........F..u... 0030 - 37 4a 44 a4 90 35 27 12-7e 4c 7c 1e 25 bb 9d 0b 7JD..5'.~L|.%... 0040 - e0 08 a9 ae d8 77 0c b7-5e b6 ff f1 d8 c3 e8 a2 .....w..^....... 0050 - 4c fd af e5 72 89 bf 32-85 7a 83 6c 19 c3 42 33 L...r..2.z.l..B3 0060 - 2c b2 22 0a 0a 36 9d 7f-a3 82 3f 89 37 e5 f6 9c ,."..6....?.7... 0070 - b0 6d e1 70 5d 86 a2 a2-d5 44 93 5f a8 8a 3a 09 .m.p]....D._..:. 0080 - fe f8 18 09 6d 5c da d8-8e 84 1d b9 c1 83 5e ff ....m\........^. 0090 - 29 b4 74 d7 79 1e 43 ef-aa d0 b9 67 8b e2 b0 e3 ).t.y.C....g.... 00a0 - 0d 84 d8 40 cb 8f 7c 2a-c6 85 6a aa 4f b4 33 93 ...@..|*..j.O.3. 00b0 - 48 1d e4 a8 be 67 2e 80-6d d0 89 3b 6f 90 03 52 H....g..m..;o..R 00c0 - df d8 8e de 36 d2 41 8d-3a 87 81 2e dd 5f 31 4c ....6.A.:...._1L Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9FE641AE7824D0B6329DD3211C9BD2BEE370923ACF7CD55FDEB4944EA53C76BB Session-ID-ctx: Resumption PSK: A8AC76C0C112AF826E9EF664146FDFF78990A84C6C22CF3C738D270C315ACC5645727362E084C8582334653C9F4077A9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ef 2c 6d e2 03 b9 09 8c-da 4d 3b b4 05 8c bd 7c .,m......M;....| 0010 - f9 6b 6b 4f e4 b1 9a 54-d8 b4 a2 19 73 3f 9a d3 .kkO...T....s?.. 0020 - ed 6a 96 da 84 8e 8a e2-e5 2a 46 e6 ba 51 3d 5c .j.......*F..Q=\ 0030 - fd b4 5e 07 20 4a 9e bc-9d d4 9c 2a b7 ed 89 81 ..^. J.....*.... 0040 - 29 5d 9a 6b 74 9d f3 80-67 cb de b8 01 54 08 61 )].kt...g....T.a 0050 - 8a d9 df 91 61 3e ab 3e-50 14 b0 74 78 f8 34 65 ....a>.>P..tx.4e 0060 - 73 59 19 b3 ea 9c f6 c7-d9 0a 18 78 f8 d7 9c dc sY.........x.... 0070 - 8f fa d1 c1 15 50 70 ce-9b 7f af 25 1c b4 e0 e6 .....Pp....%.... 0080 - 78 48 93 a9 30 0a f7 5b-46 52 ae 39 20 95 72 55 xH..0..[FR.9 .rU 0090 - 20 e1 67 99 3a 5d 65 7e-2e 4d 32 24 a6 4a d6 c4 .g.:]e~.M2$.J.. 00a0 - f6 a4 21 b7 d0 77 17 ad-0d b2 7e 0e d8 f7 20 dc ..!..w....~... . 00b0 - 95 d1 06 74 2d 2c 40 bc-a7 09 62 59 79 3f 99 10 ...t-,@...bYy?.. 00c0 - e0 1f 4f b5 4e dd bb 46-1f de d5 b2 07 d4 16 ce ..O.N..F........ Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4099FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIKl+magD7Ct7YrMIvxNx++XyUzW+oALj3Nk0vjzDusON BDCorHbAwRKvgm6e9mQUb9/3iZCoTGwizzxzjScMMVrMVkVyc2LghMhYIzRlPJ9A d6mhBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgcCBQCSqO+ZswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:04 2025 GMT; NotAfter: Mar 30 11:09:04 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTA0WhcNMjYwMzMwMTEwOTA0WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgCnhDYzEHewxiBvrT8i08ZSeM6Y8+tZUsvZKLkMsjMZ1QYTN2f7/e+PwZSLpPRp PLeHORqr1qbsA4CjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUoDk1Pso4 BRhiOPwvFywXAoHrMNswHwYDVR0jBBgwFoAUMBlVp+N9HZjSnliAcynHA9EAulMw DQYJKoZIhvcNAQELBQADggEBAGGJYBDCPirHIaR3YXYmw6wz18u8Nxl/xAqJ0qyc T+mraXLwg1sKXnS9pK5AJFS0Kp4DjikEtDrKqILgW+eEIEn9LwldD4Yv3ClyPxLr IxaqE6MO9b2dRMDfMB8Fq3tlNcytawpOe+n1JGBuT2bPYAB5RE6aPIKhpwUtTt4G jV0gmK8IXhm4ZhcpWmlHB2+Vvz7oSMOc+oO/rQ9lQrNH7/oazrUzNgEBAxAShZQ8 u+QNC8rDiXsYIQMMKhR5b/TX5tV3aDG168+N3Xpi/WWSpLDw6G97CYgnzDAz1DB3 O7jj6YXBbGmNbxXLQcJ5Z8VcU43F9sSrky54YtXf7u821D8= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 65E76F3669F5373AC3356D370A049E639E69A158158F2E4679C190D7E7DC5664 Session-ID-ctx: Resumption PSK: 6E01978EDDB6D6DD334ECA0DC660F1B3D92B23ED569735C44F78BD806DD232C93EA8BC10104D54597E926415C6002FAD PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8f 75 74 33 0f cf ef 90-06 9d 9b 93 19 17 f2 37 .ut3...........7 0010 - a8 58 43 cf 96 0f 2a dd-56 44 3f 32 b1 ed 3a 8e .XC...*.VD?2..:. 0020 - 04 81 ba 1f 74 79 50 fa-5d e9 c1 73 37 68 41 4d ....tyP.]..s7hAM 0030 - 97 1a 79 ae ea f2 44 73-14 8f de 9e 4c f5 6d 86 ..y...Ds....L.m. 0040 - dd a5 06 54 03 e3 64 fa-cb ef 17 87 cc 12 eb 05 ...T..d......... 0050 - 2e 3e 02 15 90 9b 47 2f-d8 f0 9e 83 68 c4 d1 3a .>....G/....h..: 0060 - c4 ee cf fc 5a 90 ec 59-55 1c f6 7d 24 d7 09 0b ....Z..YU..}$... 0070 - 8a 9d ce d6 6a 54 1b c4-47 89 31 88 69 e1 06 49 ....jT..G.1.i..I 0080 - 38 fd b5 57 39 2a a3 99-3d b9 77 9f d4 f2 9e 3d 8..W9*..=.w....= 0090 - 20 67 1b 65 1e a2 c3 3f-6a 62 87 7a ea 94 23 d9 g.e...?jb.z..#. 00a0 - cc 3b a5 53 a0 86 4d b3-60 ea 61 95 4c a3 e3 d2 .;.S..M.`.a.L... 00b0 - 7f d3 91 ed ec 9f b4 02-ad 45 4d 4d c8 f0 53 a6 .........EMM..S. 00c0 - ad b9 ca d4 d1 f0 64 ea-d1 14 c4 c8 2d 39 79 16 ......d.....-9y. Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 74A40A7ACB0E8DE485F9A1AEEB6ED2EE0AC611A1281E34B58D6DFED8AB37848B Session-ID-ctx: Resumption PSK: 98E4FB8EA1842B1DCA3545135050E5490E8397ABB235F081B32F78DD9FF862247BA0366177B788E42C3460A86A3AEFF2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8f 75 74 33 0f cf ef 90-06 9d 9b 93 19 17 f2 37 .ut3...........7 0010 - 7e 3e 5a 61 34 8d f3 5b-26 a9 c7 b7 40 73 82 af ~>Za4..[&...@s.. 0020 - 4f 8e c5 95 00 1a 78 6f-aa 81 26 cc 50 2f 95 00 O.....xo..&.P/.. 0030 - 8a c2 00 bb 12 85 9e 95-35 73 ea 8a 81 3e 9c 10 ........5s...>.. 0040 - a0 0e ba 10 b5 de b7 0f-a5 f0 86 94 eb c8 84 b8 ................ 0050 - 22 65 37 46 b6 fb c0 26-71 3d 7f 58 0b d9 65 e9 "e7F...&q=.X..e. 0060 - 19 f5 b1 26 24 0d 29 ab-26 73 0d 19 8a 0f a5 cb ...&$.).&s...... 0070 - d0 18 8d 4d 89 94 bb 63-34 31 72 16 3f 29 cf 15 ...M...c41r.?).. 0080 - 8b ff 8d 1a 77 95 ae c3-4b cf 27 5a d2 b8 86 f3 ....w...K.'Z.... 0090 - 5a 63 03 1c 83 ad 90 73-df d4 4a 01 f0 88 49 72 Zc.....s..J...Ir 00a0 - 19 e3 2b fe d9 2f ec bd-94 0e c3 04 ae 76 dd df ..+../.......v.. 00b0 - 68 0c 25 da 86 33 df ec-38 c6 26 ab a6 40 dd 2c h.%..3..8.&..@., 00c0 - fb c3 6b 39 01 43 5b 12-c3 f2 00 d6 2b 7b 29 d0 ..k9.C[.....+{). Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4089F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIL1HbWr4fgQlI4LSflACXVBsbMe0IPZ8kARhdW3VqAw7 BDCY5PuOoYQrHco1RRNQUOVJDoOXq7I18IGzL3jdn/hiJHugNmF3t4jkLDRgqGo6 7/KhBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgYCBGO7+Z2zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: D6B66A6B5A144436B54E92952244F4128FC076AB3C3D8580D86D0D105B756C20 Session-ID-ctx: Master-Key: C7EE2E761CCC1EB9BE5BD06DCC2A440B3077147F94142046A365DF1682A15FA2ADC7EF051F443847B551460C3597EE28 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 79 70 ff 13 db bd 7f 52-be 1f a9 96 c4 c9 bf 0d yp.....R........ 0010 - 86 32 14 70 b1 b3 6f 00-4f 3f bb a6 16 53 8b 83 .2.p..o.O?...S.. 0020 - 85 dd d8 75 92 12 2b ee-bd 62 50 64 f5 e0 f6 19 ...u..+..bPd.... 0030 - 37 43 12 cd 75 2d 79 3d-42 a2 13 18 49 b9 1f 3f 7C..u-y=B...I..? 0040 - 10 18 c2 b4 b1 ba 75 f0-4a 7f 14 bc bf 4a 84 86 ......u.J....J.. 0050 - 34 34 57 31 96 02 3e d0-fe 76 fe 97 df 31 74 19 44W1..>..v...1t. 0060 - 04 c2 27 bf b9 d4 af 66-22 cd 37 1d 5d eb 38 c4 ..'....f".7.].8. 0070 - 92 96 3f 03 81 0f 21 ae-30 05 35 f9 90 13 18 1a ..?...!.0.5..... 0080 - 98 39 eb 8c 99 49 e7 c3-27 39 65 47 7f e0 84 d1 .9...I..'9eG.... 0090 - ef d2 4d b2 d2 4f 3a 71-be 6b ca a9 4c c3 e3 52 ..M..O:q.k..L..R 00a0 - ae b5 3c f2 9b e9 55 eb-cd c3 47 7e fe 3e e0 5d ..<...U...G~.>.] Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 00A7F5F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDDH7i52HMweub5b0G3MKkQLMHcUf5QUIEajZd8WgqFf oq3H7wUfRDhHtVFGDDWX7iihBgIEZ+kmaqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: CED838D60B076197B8F64EF7B4EE3BD2F8CC16202D05B7FB00E27F6B5F2CD75F Session-ID-ctx: Resumption PSK: 3674090963BDFEA751F97673B6FF46C2EDADBD97CA9E5F5B42D3B1C33D754049F47ECE059834110C2557BE26A09547F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0e 8d 2a dd 4f 40 55 2b-81 39 11 29 89 78 c7 09 ..*.O@U+.9.).x.. 0010 - 1c ab a5 20 81 64 f4 72-b2 40 90 74 28 ac 92 c5 ... .d.r.@.t(... 0020 - c0 51 2a bd b3 b2 d2 26-7f db 6b a7 e0 fe 19 06 .Q*....&..k..... 0030 - 56 ca 40 9f 48 12 ff 34-71 d5 6f fb c1 41 05 f9 V.@.H..4q.o..A.. 0040 - 42 85 d0 6c 55 6d 43 0f-a9 cc 63 02 6b 98 04 8b B..lUmC...c.k... 0050 - 1f f9 f9 b2 6d 56 05 d2-da 95 66 67 41 a8 30 19 ....mV....fgA.0. 0060 - 0d cd 72 85 1e 1c 1d 55-45 0e a9 3c f1 46 58 bf ..r....UE..<.FX. 0070 - f1 e3 7d 43 81 44 dc b7-e9 81 84 67 66 33 0e 12 ..}C.D.....gf3.. 0080 - c4 18 b8 66 92 b4 97 95-ad db 6f 7e fd a4 d9 c8 ...f......o~.... 0090 - ee 32 86 06 ff cf 1f da-2b a0 9a 5f 17 a2 f5 fe .2......+.._.... 00a0 - 89 d4 fb 8b 72 3d c2 f5-e9 4a d1 23 20 83 d6 30 ....r=...J.# ..0 00b0 - 9d 29 d9 b6 fe c7 3b f0-a7 fd d9 1d 72 bc fd 88 .)....;.....r... 00c0 - 9d ab b3 6b 8d 89 a0 c6-ec 85 31 ca c2 2c 00 e6 ...k......1..,.. Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 70379CFF0684CD7C87F9C4A0893066B631488A51DA15664777C6BA664E9784B5 Session-ID-ctx: Resumption PSK: D4C6DD9A8CF2938C458926480F352DD1F6DD35FBD9B9D316C6EE693E41E48FC2B444008C3A47147E6B13AB3AAE7CE26C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0e 8d 2a dd 4f 40 55 2b-81 39 11 29 89 78 c7 09 ..*.O@U+.9.).x.. 0010 - 1b 76 14 cd dd 8a cf e5-7c 54 9b d5 b1 2a f7 1c .v......|T...*.. 0020 - 97 28 ca d2 eb 77 be aa-cd 0c f7 7a 3b 80 95 e2 .(...w.....z;... 0030 - 7b a2 b3 72 21 27 0e aa-cd 0f 41 59 97 c3 be 37 {..r!'....AY...7 0040 - 3f f0 78 a8 52 01 4c e2-d7 9e 73 bc 18 f0 fd 7d ?.x.R.L...s....} 0050 - f8 09 81 fe e1 ff 77 71-c2 c6 11 62 8f 45 c3 f0 ......wq...b.E.. 0060 - e9 3b ea 94 8b eb 54 e6-8d 1f 2a ba 03 62 3d 52 .;....T...*..b=R 0070 - 30 bc 1a 3c c3 79 b7 d0-d0 2b a0 78 c7 52 91 f6 0..<.y...+.x.R.. 0080 - ee 0c b3 50 1a 47 b2 b1-7c b6 22 f0 26 52 9e 76 ...P.G..|.".&R.v 0090 - 5b a0 55 48 e1 e7 0a 47-d8 23 fd b6 f5 36 1a 14 [.UH...G.#...6.. 00a0 - 26 5c 91 39 2d 50 65 f4-60 d7 d9 cf db 52 1e b3 &\.9-Pe.`....R.. 00b0 - 16 43 56 6c c9 8d f2 3d-3e 30 03 0a df c6 c1 f0 .CVl...=>0...... 00c0 - fa f7 3c 9c 84 dd 12 ee-ee 78 7a a2 be ba 19 36 ..<......xz....6 Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A9F1F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIEFRCbniyplNjBPxiJNlCf4uuwMdRff8o9lUwHK2d/76 BDDUxt2ajPKTjEWJJkgPNS3R9t01+9m50xbG7mk+QeSPwrREAIw6RxR+axOrOq58 4myhBgIEZ+kmaqIEAgIcIKQGBAQBAAAArgcCBQCWpG9UswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1086 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: E78A1C6B2F57EC7CAFBB60F56461CEAA066856C6E0CA3A60E6FA954CD35B0B96 Session-ID-ctx: Master-Key: 92FA148D2479AA87AEDB7B5A1573350F9F3224132498D32F48C7980814BD4F5C7231C7F505761121D06F379E0F5CE581 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9f 40 d6 d0 04 9d f6 94-dc f7 1b d0 0c b4 0f 7d .@.............} 0010 - ae d2 d3 48 72 37 2d 4a-59 39 d1 07 03 a4 77 ad ...Hr7-JY9....w. 0020 - 14 bd e0 da f2 bb 0a a8-57 3b 53 89 78 13 ff 39 ........W;S.x..9 0030 - cd 03 27 e9 bb 6b f5 3c-12 0a 0d 99 14 10 ad 45 ..'..k.<.......E 0040 - df ec 73 2e 80 4d f5 70-e4 bd db e2 3e bf 3b ab ..s..M.p....>.;. 0050 - df ce b0 00 d7 ad 17 1d-b9 71 67 f5 e6 6b 27 7f .........qg..k'. 0060 - 98 44 b8 46 26 6f ef e4-e7 15 6a 1f d8 44 61 48 .D.F&o....j..DaH 0070 - 23 3d c6 10 2b d9 86 01-ae 3c c1 31 09 e2 e8 b1 #=..+....<.1.... 0080 - 49 93 fe 73 a4 f4 5f 26-f1 57 ec 10 a9 89 8b 18 I..s.._&.W...... 0090 - 2c 4e 45 c7 8b ba ff 72-43 1c 2e 7d cf 94 07 2f ,NE....rC..}.../ 00a0 - 74 aa cc b2 86 ee 15 e9-9b 02 f8 95 c3 31 0e 4c t............1.L Start Time: 1743332970 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4009F9F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDCS+hSNJHmqh67be1oVczUPnzIkEySY0y9Ix5gIFL1P XHIxx/UFdhEh0G83ng9c5YGhBgIEZ+kmaqIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1119 bytes and written 263 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 4F8B3C56ACD6D0DB86418525843A042EE9D1AEB61D990180BCD69FB9ED3FBDA9 Session-ID-ctx: Master-Key: 682ADDB5208BF24BE0BF0DF3E9A31ED0397EB8622D7312A6A68549FC03443BCD164897485A9A97A7A5546DF396DAFD5C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 58 ba 32 a1 12 1f 27 9b-b4 6d 30 a3 d1 ef 10 1e X.2...'..m0..... 0010 - 47 98 af df 36 e8 34 9a-74 52 d3 9e 94 bf 6b 4d G...6.4.tR....kM 0020 - ea 27 38 49 50 62 e4 78-aa 0f f7 e8 21 9e 89 1f .'8IPb.x....!... 0030 - f7 a4 f3 a9 e7 2f 6b 58-b5 56 9a f3 b9 51 2d 04 ...../kX.V...Q-. 0040 - 1b 82 3e 91 29 d6 03 45-61 83 f0 ab 07 c3 c9 a2 ..>.)..Ea....... 0050 - ae 6b 83 50 87 01 26 77-9e 35 14 18 f2 b7 4b 73 .k.P..&w.5....Ks 0060 - a0 f2 3d 1b 9b 24 21 53-68 4c 8a 55 1b e2 2c d9 ..=..$!ShL.U..,. 0070 - 41 c8 c4 98 ea 01 24 4d-a8 2a 2e 8d bd 20 73 1e A.....$M.*... s. 0080 - f1 46 9b 74 e4 e1 86 74-e5 2d 06 49 72 f4 4a c9 .F.t...t.-.Ir.J. 0090 - 30 54 4c ee 2b 4c 05 76-19 ff 7b 4b f8 7f 1a 1e 0TL.+L.v..{K.... 00a0 - 9e 63 21 44 1a 34 6b 45-53 ac a2 ab ef 69 e2 95 .c!D.4kES....i.. Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 4089F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDBoKt21IIvyS+C/DfPpox7QOX64Yi1zEqamhUn8A0Q7 zRZIl0hampenpVRt85ba/VyhBgIEZ+kma6IEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1061 bytes and written 329 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DBED6A0735D500B09FD2C872AB4440B59008B037FB4A2A3CDA0897744AA9C23A Session-ID-ctx: Resumption PSK: FA86E7445A957B672054A37FDA272B223B4A085BE9DB04C3E43C95365C51F03C1F9063F63825EBC9E167477257240476 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9f 7b 60 93 d5 1a d4 78-fa 7d 6c da 60 3d c9 50 .{`....x.}l.`=.P 0010 - c1 36 94 b3 7b 99 7e df-6d 09 82 71 af 83 e6 21 .6..{.~.m..q...! 0020 - 08 79 a6 bc a2 d2 b7 7e-80 1a 1c c1 3c 69 02 60 .y.....~.....%.q~|.oN 0080 - b9 4d 0b 29 b4 cb 2e 77-da ac 9b 7f b1 fa 1c 3f .M.)...w.......? 0090 - a8 0c 84 51 c0 5a 56 81-48 25 25 35 ce ae ff b8 ...Q.ZV.H%%5.... 00a0 - ce 24 90 2b 5c 30 e6 31-e8 4b ec 35 aa c0 97 97 .$.+\0.1.K.5.... 00b0 - d3 ca 08 90 4a 95 47 3e-ec 5b 2f c6 1f 32 94 4b ....J.G>.[/..2.K 00c0 - fa 9b 63 31 18 8d 6c c6-17 e7 d8 ee ac ce dc e9 ..c1..l......... Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C2227C6CB8CCF15B5471C3CCD6804EC9ACC98F5BC40710DBBF2FB3579A499800 Session-ID-ctx: Resumption PSK: F77F8BDAD8B200DC7115297EC5A9F4ED92A9D6E8E18F56D1918249BCA81FBA7C77FF70C43018D2CAF8E4EEB5FF63A511 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9f 7b 60 93 d5 1a d4 78-fa 7d 6c da 60 3d c9 50 .{`....x.}l.`=.P 0010 - 51 eb 6e 3d 22 40 e0 f3-a1 dd 6f 2b 6a 5a 8f dc Q.n="@....o+jZ.. 0020 - 55 8d 74 8c 04 ff b3 42-7c 11 e0 37 d3 f3 0b b1 U.t....B|..7.... 0030 - de 6a 23 d8 cf 7a f2 b7-b1 9e b0 3a 5f 28 1e 78 .j#..z.....:_(.x 0040 - c1 0d 25 60 7e d4 a0 ba-1c 07 51 44 aa 5f 77 2e ..%`~.....QD._w. 0050 - de 92 b7 34 e0 68 6e 58-4e ba f1 57 61 9a 9b 6c ...4.hnXN..Wa..l 0060 - 3c dd de 5d 7b 3b 01 19-d3 37 89 c5 55 03 4a f0 <..]{;...7..U.J. 0070 - 4e f3 a3 81 a6 3a a7 38-38 9c 0d a9 0d b5 ef 9b N....:.88....... 0080 - 6d f3 95 92 23 09 54 26-21 83 09 7c 65 ef 99 fe m...#.T&!..|e... 0090 - b4 6a 5b 60 75 d1 e9 83-32 19 74 49 ad e6 7a 41 .j[`u...2.tI..zA 00a0 - 08 52 9a 1d aa fd c2 72-7c 64 fc 42 c6 ff c5 4c .R.....r|d.B...L 00b0 - e5 6b c1 2f 8f ae 24 1f-a7 71 0e b2 0c 8c 85 0a .k./..$..q...... 00c0 - 5e 23 20 75 46 5b 0f d5-8d b3 f8 50 fb 0b 4f 19 ^# uF[.....P..O. Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4099FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIBPlNEf7891a/RSnGP8XMlGJ8PaB/hUCevi/cg3fPIGC BDD3f4va2LIA3HEVKX7FqfTtkqnW6OGPVtGRgkm8qB+6fHf/cMQwGNLK+OTutf9j pRGhBgIEZ+kma6IEAgIcIKQGBAQBAAAArgYCBCEUTj+zAwIBFw== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## ######################################## ## Forcing the provider for all server operations ## Run sanity test with default values (RSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 16327C61BA853B0BE4AABD9DA4557561F166795636F72409E244003ACFE65497 Session-ID-ctx: Resumption PSK: 8DEE3C8192E2C43686047F2E6C9D33D669741C65F5905393B5EFF677E6228324C6FD0F57CFF040D4FF2545E9FA8064F8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0e dd b3 e8 ec 63 4c 96-71 bf ad 2e 46 5f d7 6f .....cL.q...F_.o 0010 - 9e 7c ba 7f 97 44 6c 35-dc db b2 41 de 15 be de .|...Dl5...A.... 0020 - d0 d6 66 63 b0 75 97 6b-04 a9 11 54 0e ca bb 89 ..fc.u.k...T.... 0030 - 0d f0 2b 0e ea e5 57 33-08 8a fb cc d6 69 f9 90 ..+...W3.....i.. 0040 - 9a 69 72 cd 05 c1 d5 2d-cf 46 5e e9 43 6b 8c cc .ir....-.F^.Ck.. 0050 - 05 18 55 05 03 1a dc 86-98 ba 2f 55 7f 75 f6 c0 ..U......./U.u.. 0060 - 73 0b 83 26 24 df 85 1e-64 95 9d 5c b7 91 94 aa s..&$...d..\.... 0070 - 76 ec ce 0b d9 de e1 87-ef ab a9 fb 4b b3 61 d4 v...........K.a. 0080 - 76 e8 6b 82 78 8d a7 57-da 0b da 9e 1b 23 d5 f3 v.k.x..W.....#.. 0090 - 80 52 71 a4 05 c0 a5 24-cc 9a f2 d2 89 42 66 cb .Rq....$.....Bf. 00a0 - f0 c0 10 9e 0e 46 a6 d5-93 c1 20 8d 03 4a 27 79 .....F.... ..J'y 00b0 - 7f 82 18 54 04 c3 7b f7-2f 4b 92 b6 fb 35 4c 83 ...T..{./K...5L. 00c0 - 07 1b 13 fe a1 8a f8 40-d9 34 8e 55 f0 ec a2 b5 .......@.4.U.... Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 17E6A83884488D14A111CC6A9CE853723AF25CC3149FA29243249645E386FB63 Session-ID-ctx: Resumption PSK: 79635FFC685C3891E4B14AD49B370FF9C9095B2C9147F9533EE789302C559AD73DF84EA940921DC8BDDCF71BCAC39DD7 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 0e dd b3 e8 ec 63 4c 96-71 bf ad 2e 46 5f d7 6f .....cL.q...F_.o 0010 - e4 e4 54 62 c9 9c ae f5-25 61 45 60 18 f5 eb 70 ..Tb....%aE`...p 0020 - ac 6c f9 a0 a1 00 22 a0-4d 20 11 fe 3e 68 00 31 .l....".M ..>h.1 0030 - d2 9f 76 56 47 b0 6d e2-f6 e0 2a f9 0c 95 6b f3 ..vVG.m...*...k. 0040 - 3a 7b 2d 50 fc 72 a0 6b-40 55 b2 ec 06 b2 c2 9e :{-P.r.k@U...... 0050 - 11 69 6d ac e4 43 f0 28-13 8c ff bd 78 7b bc 7d .im..C.(....x{.} 0060 - 54 9b 0d 90 92 34 d0 1f-b4 f2 c8 29 96 a1 59 1e T....4.....)..Y. 0070 - fa 79 38 4b c0 e9 88 a3-f8 4f 5d 16 00 22 ec 5b .y8K.....O]..".[ 0080 - 3e 3d 4c f1 58 8b 07 7a-86 c1 8e 02 d9 d7 2e bc >=L.X..z........ 0090 - c7 f9 e7 96 f0 37 c9 8f-67 5f 84 e6 04 d1 0c 66 .....7..g_.....f 00a0 - 9f b5 d4 d4 0d 7a 04 96-6e 40 ce 26 87 e1 22 db .....z..n@.&..". 00b0 - 0d 8f a6 b1 fa 5e 2e 2d-2d ac 4b 5c 05 bb 07 2b .....^.--.K\...+ 00c0 - 85 86 c4 38 10 c1 e5 b8-06 ed 50 9e 56 52 a5 ee ...8......P.VR.. Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4099F1F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEINuvtsM9ha1eY2puOQmfDmDBCsV9L1SJP0wI+VK49flv BDB5Y1/8aFw4keSxStSbNw/5yQlbLJFH+VM+54kwLFWa1z34TqlAkh3Ivdz3G8rD ndehBgIEZ+kma6IEAgIcIKQGBAQBAAAArgcCBQDfv1JpswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 TLS SUCCESSFUL Q Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (RSA-PSS) ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%10 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 2048 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 30 11:09:31 2025 GMT; NotAfter: Apr 29 11:09:31 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEIzCCAtugAwIBAgIUQwznf1k6aWbLXmqFUzaDUnHqkvAwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzMwMTEwOTMxWhcNMjUwNDI5MTEwOTMxWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQC5dtLi0szpZzWvY/aC g2X+YC6XgMuG6T2EfLc2p8uPsjzEFaTK2u/UH3mHBpOe9HgNqyB9eMEHjFHsykt7 8zUF0hv4BTQ2Jz834REBmKYIKEoQ3qBUetB7GruGXlOnH2vf/emxFTnOsM5hiJFm 48pNE+JO9zVuED1k3BmU6SLTpQwBYq05bChz+WuwPyI5dnzSLfr4bS63b6tgFBB8 IQRzityMs/ustdcNfkJ5vB3gS/XiMM7uJd510SXpjGmyYdtuUkAR3z0v+zL4x9Ne sPmSbVwlR1EcWZN7W2B56kRoR1A5mOzKR6CVjQchHk/vDUwGU9mnXQplehd3QuuS YCAVAgMBAAGjaTBnMB0GA1UdDgQWBBQjKe0DsLc6wfCi8zkefNrwkStr2jAfBgNV HSMEGDAWgBQjKe0DsLc6wfCi8zkefNrwkStr2jAPBgNVHRMBAf8EBTADAQH/MAkG A1UdEQQCMAAwCQYDVR0SBAIwADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQC AaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEALjKNSklcbVrA v95QObcqmhzXasrrF++w13GW1RnoCg24Yxx1ATVqb+9x5WlwtZFQwllcyAtcgGI/ WKRigdOaQgAGqJG6oCsW4l+HBLcgdUNYDm5CTZm/I8QVT/YtWL83pIB396IAmcc2 13k78sn4FA996M/56IoGu7byYxqza5NL6fvG+VFv1wHHyHjGBpiQ3NP4fWrJ+dS6 yHj4388Z1XQJ2GNPXSugwKHkwtcfyNoP+9tVAAAJbC+vsuAHAHsv86yepowjihsE O91G5Amc0oFDxDQzCPzTaQPOOVWxAW3dqQLH3/7BlqyFfpZIcchYKYo8czGTcLUZ lwdYTfpKWg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1619 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: AD496BABF10F8B19436517CF6CAC18D495B15C52EC6C264E5376E195441E1E49 Session-ID-ctx: Resumption PSK: C257E8C477825FF61FECD8BE97697F3928242E088D6A746A7BD5AD78218F57D8CC919CFC4A42EFB96F180E3CEE1D9987 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - da 7c f7 47 f2 b5 6a 54-e6 62 68 85 4d 19 3f 1c .|.G..jT.bh.M.?. 0010 - 1c e5 bb 06 fc bb f5 2b-8d 10 a1 ac 7d 2c 1b df .......+....},.. 0020 - da f6 50 cd 9e 2d 21 48-f1 57 8c 93 36 92 25 62 ..P..-!H.W..6.%b 0030 - 40 3d 08 06 9e 10 19 49-54 26 ee 21 7c df 63 a5 @=.....IT&.!|.c. 0040 - 34 e9 bd ab 5d 85 f3 a9-b4 23 21 6a ca e7 cb ad 4...]....#!j.... 0050 - 3e f9 62 a5 27 38 56 4a-af 83 34 c6 ff 51 9c 8c >.b.'8VJ..4..Q.. 0060 - d6 ea e9 78 6d 5f 97 60-c2 66 b8 82 a6 04 aa a7 ...xm_.`.f...... 0070 - 90 3f cb 8a 2b c3 55 3f-06 71 da 08 2e bd 84 ea .?..+.U?.q...... 0080 - c2 f5 49 02 1e 1c 13 dd-5a 22 82 bc fb 3d 9c 7f ..I.....Z"...=.. 0090 - 39 3a bf 8f e2 41 be b8-57 1e 48 07 b9 ae c7 d8 9:...A..W.H..... 00a0 - 69 ac 22 29 6c 36 bf 60-76 0d 11 76 7f f0 2b 95 i.")l6.`v..v..+. 00b0 - ae c4 f8 2d cc 13 36 20-36 4f 7c 1b ae 60 f9 61 ...-..6 6O|..`.a 00c0 - 5b d6 b5 3e 37 ea 88 23-61 9e 60 ec fa bc d1 18 [..>7..#a.`..... Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 50E42E1798CE3CD4F891E568A1A20C39019030688B18612AEF4E19A35B5A7884 Session-ID-ctx: Resumption PSK: 080FFA48B85DF1ACF64B491409DFB8604E56B261A4B486A8F011EDB59F076ED5F767B1754033C0BEB019BFBED9A0AB64 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - da 7c f7 47 f2 b5 6a 54-e6 62 68 85 4d 19 3f 1c .|.G..jT.bh.M.?. 0010 - a1 3a ac 9c 09 b5 b4 11-af 56 7d 76 94 e8 26 c1 .:.......V}v..&. 0020 - 79 bc 5b 8d 81 ec 11 67-e4 db da ab 9f 0b be 69 y.[....g.......i 0030 - 8b 27 5d 4f 3a be 02 6a-a9 47 66 7f 96 25 07 f0 .']O:..j.Gf..%.. 0040 - eb 38 2d 40 53 4a 3d ef-6d e8 04 25 84 f2 df 91 .8-@SJ=.m..%.... 0050 - dc 82 8c 9d 6b 65 63 1e-89 e6 4b 14 fb 35 8d 1e ....kec...K..5.. 0060 - e7 31 2f fe 38 b9 5e e2-80 4b 55 c7 5c 5a ad a6 .1/.8.^..KU.\Z.. 0070 - e4 a7 05 e9 40 55 a8 bb-58 76 1a 2f 00 0a cd 10 ....@U..Xv./.... 0080 - 75 97 d6 f4 c8 45 6a af-58 db 9b c5 72 db d2 bb u....Ej.X...r... 0090 - 2a 0d f7 c2 4a 53 63 fd-82 da 40 6f 6e 73 39 16 *...JSc...@ons9. 00a0 - d3 57 0d 4e 5c 25 99 33-67 d1 3c f9 6a 42 b5 d8 .W.N\%.3g.<.jB.. 00b0 - d3 14 ab c7 73 a0 fd 41-d5 52 34 e5 b6 88 b2 b4 ....s..A.R4..... 00c0 - 44 05 4d c5 44 a6 15 49-6c 1c 76 43 67 d2 b3 f5 D.M.D..Il.vCg... Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 40A9ECF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%10 -cert /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/rsapss-default.pem Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEILcQKixJbLSRBEG9SxT8O1F+94eepqyKZ06IBI10hMUJ BDAID/pIuF3xrPZLSRQJ37hgTlayYaS0hqjwEe21nwdu1fdnsXVAM8C+sBm/vtmg q2ShBgIEZ+kma6IEAgIcIKQGBAQBAAAArgYCBG20PR2zAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with RSA-PSS and SHA256 ## Generating a new selfsigned certificate for pkcs11:type=private;id=%00%11 openssl req -batch -noenc -x509 -new -key ${KEY} ${AARGS} -out ${CERT} spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify error:num=18:self-signed certificate verify return:1 depth=0 C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness verify return:1 --- Certificate chain 0 s:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness i:C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness a:PKEY: RSASSA-PSS, 3096 (bit); sigalg: RSASSA-PSS v:NotBefore: Mar 30 11:09:31 2025 GMT; NotAfter: Apr 29 11:09:31 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFKDCCA12gAwIBAgIUHYJTLIpXKbrs5f/KO4+VqvjGQ6wwPQYJKoZIhvcNAQEK MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC ASAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazEYMBYGA1UECgwPUEtDUzExIFByb3ZpZGVyMRgwFgYDVQQLDA9UZXN0 aW5nIEhhcm5lc3MwHhcNMjUwMzMwMTEwOTMxWhcNMjUwNDI5MTEwOTMxWjBnMQsw CQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3Jr MRgwFgYDVQQKDA9QS0NTMTEgUHJvdmlkZXIxGDAWBgNVBAsMD1Rlc3RpbmcgSGFy bmVzczCCAaIwCwYJKoZIhvcNAQEKA4IBkQAwggGMAoIBgwxkVXJnWCtC70hoNuxx sommQCjypJCSz7JF2jgvo23x/OXArbe8Og0Ad+GWTzhYviCadxU924JBxLi2skme /KJxZK8UC/HrbnJdLdxKfibic9x8uxlkaOIW1HC+7KL4L+Us1pSs0Sy74IYHfYgO dNPrcZCOW+b0WPxlYy48adNyIxedQp/3CEupFv08oJf5M+9EJpnEZChqNzbkmRp0 e+feyPifZqUCgitW51oPB7DEtwYNP2/2O628uaekscobyXmRBBpTyug5iBscB5oy qctUc0Db32Q5PFXm7IiLLqjIuDNMeIoVUEhGLjZHDSXyoN5CuNDUmZKrCyl7H2v+ EVCwz2AZlm3r7XZb1PDEitNpAa7iJvWfubzGboU8X8ohSfKl4aLNr+dlPAAobbU9 zKW7fjHMTUQzC/4TgIlqdUcOeLCDIHw9m0hNwd8bKVo4qe8aq0Xuann5dJnmLavk SmQbqDg+tj+b2/Dn1NerrEhlKWYSzQZQV6xNMyvU0lfxJ7ZeMwIDAQABo2kwZzAd BgNVHQ4EFgQUMu+b/6XXEAkK/SPVfP0XmtSQVzIwHwYDVR0jBBgwFoAUMu+b/6XX EAkK/SPVfP0XmtSQVzIwDwYDVR0TAQH/BAUwAwEB/zAJBgNVHREEAjAAMAkGA1Ud EgQCMAAwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B AQgwCwYJYIZIAWUDBAIBogMCASADggGEAAodyKoKPqs8vdue6/o5DfjHfiGyJnJz Y+fzxff4vh2jNwyfmELdmYy7eNP0svtos2W2XZazFr7oev5TwpN5MTYAkIHMYrnM tEPJdP6r4iR5Bm/o9R4mHZ1wnrbiuYueyouIFoLf+rbUS2eltBCePPRc19VTXqh4 gqA8ISOepOuDcCvJ2AoIzQhzTUPPdbae5HWfzvF27T0g/I6MaszRBXXsHINxNiWA njEX9wGy5bNHI7oRc4/wAGi1wcY2LUA+uLUGIkoipEVNbMh4VUfg0O3T9vto3PzB b13BjEGZBvRfe7oVr3uaHa0x8E3q6+QEcmxr3qgOAN7bMBTNWl1IkbRIoBJDWLZn oH0gEBFn6hO9RW4eWSsrQDCdFI/MqCveeQtJv4fXvbaA3Rbpp827+df2MncUS5Kx SvTt7wtqcjVFgVgQ7DdJrkPwKy7201YChz62ppJpNFQzz/6e1NfeSSsSzrGumV8H Md1R+Ed+VqpjqE6wO7dV0ubE0M8nEkdJBM3MJg== -----END CERTIFICATE----- subject=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness issuer=C=US, ST=New York, L=New York, O=PKCS11 Provider, OU=Testing Harness --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2011 bytes and written 391 bytes Verification error: self-signed certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 3096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 18 (self-signed certificate) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C19E44BB4DBC26C4A3AF369CAAA06363580FBED3F7F77D3D2C29E420D87B692C Session-ID-ctx: Resumption PSK: 60FC7C9124CB9086C3E81359994739928FBCC9FC3189B6D4FD987625FD4B5C9BF801533732DB816ADB4A724B5AE9F9D9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 19 c9 65 09 24 26 9f 3d-72 4f 02 5e 9c bb 62 39 ..e.$&.=rO.^..b9 0010 - fa b4 ad f3 f9 2e 35 49-ee 4f d2 36 21 28 3d bf ......5I.O.6!(=. 0020 - 78 d6 6c a2 41 ce 69 5c-0f 0e 67 36 e3 0a 8c 36 x.l.A.i\..g6...6 0030 - 19 48 7e 94 9b 12 77 c8-b7 1c 53 c3 20 2a 84 7a .H~...w...S. *.z 0040 - 10 d9 3b d8 0c 24 67 03-f8 20 32 13 ce e7 b4 7d ..;..$g.. 2....} 0050 - ac 3e 8f 3c d0 f6 39 50-78 82 61 d6 5e c8 62 e3 .>.<..9Px.a.^.b. 0060 - ce 37 92 fc f3 4c d6 7d-1f ca 1d e2 3e 77 d1 44 .7...L.}....>w.D 0070 - 63 e6 76 9d ed 81 53 b1-06 d2 fb a5 c2 c4 91 ad c.v...S......... 0080 - da f5 a7 04 74 f9 f9 bb-03 43 c6 06 9a 7f db 30 ....t....C.....0 0090 - 98 bd 07 9d ed a5 90 d8-cb 97 d0 b3 80 84 d9 c0 ................ 00a0 - 7e e3 65 d5 5c 6a 26 3b-8f 38 6a 44 ff 06 90 3f ~.e.\j&;.8jD...? 00b0 - f9 04 a9 6b af 8c 95 a1-b1 e1 ad d3 d6 53 ed 3d ...k.........S.= 00c0 - af fe e7 0a 42 ed 61 4c-25 5b 77 9e 94 43 03 4a ....B.aL%[w..C.J Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 18 (self-signed certificate) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: C7E1FCF63E57BB68E6B50F433ACF74ED147C532137A69A9A1887EADC2AAF74F4 Session-ID-ctx: Resumption PSK: E0F95D6DD7DC3F6ECDCBAFDD765740174ED3A9F01B3D829EC1A1AF20D7673E9A5DA95D3189E2F681F356F11D653CF427 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 19 c9 65 09 24 26 9f 3d-72 4f 02 5e 9c bb 62 39 ..e.$&.=rO.^..b9 0010 - 03 d1 a3 de da 0d dd bf-ee 9f 55 4a 62 fd e2 71 ..........UJb..q 0020 - 2c 5c 5c c6 24 6a 29 64-ec 85 11 da 88 c0 63 91 ,\\.$j)d......c. 0030 - 73 ba 96 54 bd 3c b4 c7-e9 2f b9 56 e6 47 5e b4 s..T.<.../.V.G^. 0040 - 53 39 e2 bc 33 bf dc ec-83 44 7d 27 97 4b e0 96 S9..3....D}'.K.. 0050 - 00 a2 6f 43 a0 c0 7e 3d-5f 8e ce a8 67 9e f1 e1 ..oC..~=_...g... 0060 - 3a 90 97 4b 03 36 e8 ed-bd 41 35 7f f0 0d 0b 80 :..K.6...A5..... 0070 - 76 5d b2 15 63 09 e4 44-8e 4b 58 80 71 ff 3f f6 v]..c..D.KX.q.?. 0080 - e8 85 88 23 8d b5 32 97-8c 39 1d ee e7 31 d6 41 ...#..2..9...1.A 0090 - 5e 51 f3 96 72 ed 6d 88-3a 1b 0a 47 16 c9 3b 29 ^Q..r.m.:..G..;) 00a0 - f4 66 85 5d 33 7e d3 8f-f9 27 af b4 22 60 33 89 .f.]3~...'.."`3. 00b0 - d0 94 18 53 a2 1c 88 9a-82 a4 51 89 01 72 36 c8 ...S......Q..r6. 00c0 - 9c 9e 8b 1b 0c 85 c1 37-3c 66 11 8a be b1 02 74 .......7d....& 0020 - a1 dc 49 47 46 2e e5 d9-8b ea f0 cc ce 4f 8f 63 ..IGF........O.c 0030 - 71 5d 14 ab 19 3c 2c b4-a0 75 f3 75 59 b0 05 6d q]...<,..u.uY..m 0040 - ee 50 0f d2 b6 22 b6 27-52 6e e5 12 4b fe e3 15 .P...".'Rn..K... 0050 - 1a cd 6f d6 28 6e 57 e0-5e 07 ee 33 60 11 4a 1a ..o.(nW.^..3`.J. 0060 - aa 8d 6f b4 8c 9b 13 63-68 b2 a4 f7 8e a2 99 86 ..o....ch....... 0070 - 9a 81 77 59 0b 1a 50 79-fb 03 3c bf 85 e2 0c 8a ..wY..Py..<..... 0080 - be eb 52 97 85 cb 0a 0e-2c bd d7 9f 47 42 c5 8a ..R.....,...GB.. 0090 - 9f c7 a9 1a 25 3e 42 f4-52 c2 e3 62 7d 22 d8 56 ....%>B.R..b}".V 00a0 - 4f da 40 d5 12 00 1d b2-00 7d 2d 61 c0 74 72 ef O.@......}-a.tr. 00b0 - ac f2 49 ed 54 9e 38 fd-d4 f0 7d d9 e2 ee c3 53 ..I.T.8...}....S 00c0 - 79 0f 0f 40 79 d3 ea fc-54 c7 ec 82 30 d6 fe 48 y..@y...T...0..H Start Time: 1743332971 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009F6F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEINlG7SBXwPobD+1pAIofF2ojLHMmx6NeMAWwW2nTbrr9 BDB/ZM5FhbWeG1Gxj3U0HGA9NpgvnWRgwMEd2Khjeo6wl6IafrLL+WHudgLjOBZJ S5ChBgIEZ+kma6IEAgIcIKQGBAQBAAAArgcCBQCe6XgEswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 TLS SUCCESSFUL Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Q Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed25519) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED25519 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED25519 Cert i:CN=Issuer a:PKEY: ED25519, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICSDCCATCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjA0MRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxGDAWBgNVBAMTD015IEVEMjU1MTkgQ2VydDAqMAUGAytl cAMhALwDR2KCDpI0nY89/4JC0pQAo/8sQNevfe5jkBe1Dyako4GBMH8wDAYDVR0T AQH/BAIwADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8B Af8EBAMCB4AwHQYDVR0OBBYEFE8krJ2QKyq360+c3AM4FrSYY6mcMB8GA1UdIwQY MBaAFDAZVafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQBIahDh p0UyJThR4jeMcjFydptFYNTFKZDkev1+L0NNASWmC1IimwvBBw+NMVGTDF+S8nwr /fvhE4NzZyBxEhCtf4jLvFnYr7u7P0AkJHkBXporMdgC69lQgt4DI+g1cTtsldXh SsbMtx+vQEPahWOrFOqmZd/4zkkqJVbhrPSspJi6whWVUcf0w2bz0/TUP1Xk6PD0 P+ZmKlz1vU1VmVxlse1Sgh3zBvXTWu7S+cEV2ItzN2NxZ9EADtfSHqIzjOLPOQGo UOOIXmHmIU2OpisV5k1wBYhpqCDZZq5igTibTTUIY6dXxmV564BfLte1AwKfahbQ c0DSR8U8vTJacvz0 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED25519 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed25519 Server Temp Key: X25519, 253 bits --- SSL handshake has read 952 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9F26ECE53133AC08F48AB6C0338F12192EFF5AE944313E71780BEA00C4D7446D Session-ID-ctx: Resumption PSK: 1E0EE5D25C18092C1645C7D1F7AC2BB34364FDF9A383241114E952EBC3C6A0F8E7EC3C967E4A80AF0E6925502D116D5F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a9 d9 b7 96 f2 c1 15 be-40 6f a6 6a d2 4b 6e b7 ........@o.j.Kn. 0010 - 82 81 13 4e 68 27 1e ad-e7 94 48 7b af f3 94 c3 ...Nh'....H{.... 0020 - b0 91 cc f7 b1 5d 4e d5-20 0e 01 29 aa 86 bf 5e .....]N. ..)...^ 0030 - 0f 24 bb 9c bb 0f fc d1-93 a5 ec 11 5b 23 a2 ab .$..........[#.. 0040 - 1a a3 ad d6 70 21 ba ae-5e 5f d5 84 69 8b f3 c6 ....p!..^_..i... 0050 - 8e 80 88 73 8b 00 16 61-75 a0 66 69 ab c4 f8 d8 ...s...au.fi.... 0060 - c0 ea 1d 0d 9f d4 94 4c-88 b3 f5 7d 8b a9 09 12 .......L...}.... 0070 - f8 49 be 30 71 52 49 44-32 ea e6 b3 6b 05 b1 99 .I.0qRID2...k... 0080 - 0d fc f8 98 da db 61 9a-50 eb 06 6c 00 18 70 cf ......a.P..l..p. 0090 - b5 c6 0b c8 95 2f 96 cf-79 39 5b aa 50 b5 95 b4 ...../..y9[.P... 00a0 - db ce d6 37 77 e7 05 69-f8 11 6c 7a 6b ac 89 37 ...7w..i..lzk..7 00b0 - 70 e9 48 bd 9b 9f 19 d7-a5 88 cf ab f2 78 d4 52 p.H..........x.R 00c0 - e2 d0 fc 4c 85 9d bb e9-cc bd cd 25 56 48 4e 53 ...L.......%VHNS Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 7E187A46F0B8642A3DFF66B3E79FAE88D27588A04E26F27963578D96C7E387FB Session-ID-ctx: Resumption PSK: 655B91E2F6ECC9113B666EBDDC97358BCE37D60249AF8B33027AA399EC50059C1C2E85BE6D14F5E7E3718F0507C19610 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a9 d9 b7 96 f2 c1 15 be-40 6f a6 6a d2 4b 6e b7 ........@o.j.Kn. 0010 - 63 2c ba 1d 40 d5 d8 ed-85 95 09 f0 92 2e 5c c5 c,..@.........\. 0020 - ad 17 18 b9 7b b3 0f e3-33 1b 71 94 cb 06 06 ed ....{...3.q..... 0030 - a9 b4 f3 4e 05 44 f4 6d-0e 0d f1 36 cc 01 8f b5 ...N.D.m...6.... 0040 - ae b4 86 35 0a 60 d6 cf-ac 78 6f cf 84 d0 11 ee ...5.`...xo..... 0050 - b1 19 d1 39 be 8f f7 12-12 82 4f c0 95 75 63 ed ...9......O..uc. 0060 - 4a 35 fd 9c 9a e7 a3 17-b4 0d 7a b1 04 a4 ce 33 J5........z....3 0070 - f7 3b a7 63 8d fd d7 51-31 e8 02 71 9c 4b fd 62 .;.c...Q1..q.K.b 0080 - be 0a 65 9f 82 f5 3d 91-45 92 8a 44 04 3c d9 25 ..e...=.E..D.<.% 0090 - 46 b2 d3 a7 39 b4 b8 c7-4b 62 a6 78 82 79 da c4 F...9...Kb.x.y.. 00a0 - f8 f1 c1 20 96 27 75 c7-fe 57 f1 74 ce a9 7b e5 ... .'u..W.t..{. 00b0 - e6 01 d4 c6 6f de 34 16-32 19 3c 92 1f 93 3d b8 ....o.4.2.<...=. 00c0 - b3 d2 b8 a6 1d c5 c4 87-1b bd 7f 72 c3 a5 38 b3 ...........r..8. Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4069EEF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%04 -cert pkcs11:type=cert;object=edCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEIEDxKrOpHDlc+TqhHRNLGkB78eRD35VEU4iL31DsVCVK BDBlW5Hi9uzJETtmbr3clzWLzjfWAkmvizMCeqOZ7FAFnBwuhb5tFPXn43GPBQfB lhChBgIEZ+kmbKIEAgIcIKQGBAQBAAAArgcCBQDvctZuswMCAR0= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run sanity test with default values (Ed448) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My ED448 Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My ED448 Cert i:CN=Issuer a:PKEY: ED448, 456 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:04 2025 GMT; NotAfter: Mar 30 11:09:04 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICXzCCAUegAwIBAgIBBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTA0WhcNMjYwMzMwMTEwOTA0WjAyMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFjAUBgNVBAMTDU15IEVENDQ4IENlcnQwQzAFBgMrZXED OgCnhDYzEHewxiBvrT8i08ZSeM6Y8+tZUsvZKLkMsjMZ1QYTN2f7/e+PwZSLpPRp PLeHORqr1qbsA4CjgYEwfzAMBgNVHRMBAf8EAjAAMB8GA1UdEQQYMBaBFHRlc3Rj ZXJ0QGV4YW1wbGUub3JnMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUoDk1Pso4 BRhiOPwvFywXAoHrMNswHwYDVR0jBBgwFoAUMBlVp+N9HZjSnliAcynHA9EAulMw DQYJKoZIhvcNAQELBQADggEBAGGJYBDCPirHIaR3YXYmw6wz18u8Nxl/xAqJ0qyc T+mraXLwg1sKXnS9pK5AJFS0Kp4DjikEtDrKqILgW+eEIEn9LwldD4Yv3ClyPxLr IxaqE6MO9b2dRMDfMB8Fq3tlNcytawpOe+n1JGBuT2bPYAB5RE6aPIKhpwUtTt4G jV0gmK8IXhm4ZhcpWmlHB2+Vvz7oSMOc+oO/rQ9lQrNH7/oazrUzNgEBAxAShZQ8 u+QNC8rDiXsYIQMMKhR5b/TX5tV3aDG168+N3Xpi/WWSpLDw6G97CYgnzDAz1DB3 O7jj6YXBbGmNbxXLQcJ5Z8VcU43F9sSrky54YtXf7u821D8= -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My ED448 Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signature type: ed448 Server Temp Key: X25519, 253 bits --- SSL handshake has read 1025 bytes and written 391 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 456 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0C622BDA6A3B28915306BB577AFE062D73C9EBDC0B99C171B6DC17E486630346 Session-ID-ctx: Resumption PSK: AD04EEDCB268E33B8F95C0A673FC7D9B8BD4E7A0B362115084F81F1D62F3DCC22EBF84BB2B595978F39F9D0FDCD2E403 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - df b7 79 35 1d 24 b8 bf-de 02 63 49 ac f7 5d a8 ..y5.$....cI..]. 0010 - 3d 84 8f fe 0c de 38 fc-6b a6 03 69 fc 8b 37 fd =.....8.k..i..7. 0020 - d2 13 c8 17 d9 c4 9c dc-b0 23 7c ae ac 54 32 ca .........#|..T2. 0030 - 11 12 af 11 99 a6 d6 f1-82 f0 89 ca 8c fe 10 38 ...............8 0040 - 44 55 71 e8 f7 9b 8b 72-2a 13 11 99 92 cb c5 32 DUq....r*......2 0050 - 2a e0 01 7e 0d 5c bf a1-c3 54 15 11 b2 c8 87 72 *..~.\...T.....r 0060 - ce 08 3e ba 97 39 46 88-e7 e6 ce 96 d6 de 62 f0 ..>..9F.......b. 0070 - 59 03 ea bf c6 68 f7 12-3b ce f5 e1 f1 f0 fe b6 Y....h..;....... 0080 - 76 7e 7c c9 4f 45 16 57-1b 72 fa 21 01 df 37 4a v~|.OE.W.r.!..7J 0090 - 6c 30 03 bc fb ea 3a 04-72 98 1f 50 fe fe f5 2e l0....:.r..P.... 00a0 - 46 bb c8 98 2e b3 18 a2-0b d0 bb fc 62 97 18 74 F...........b..t 00b0 - 67 a7 e5 e4 4f 1a 18 69-f2 72 22 30 c8 ed 61 86 g...O..i.r"0..a. 00c0 - 81 86 a4 57 02 da 72 a7-2a f0 89 8b 7a ef da 1f ...W..r.*...z... Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0700FF7A648D31E4AAAB1219E2070517473335FACF5229195B646900F8F9637B Session-ID-ctx: Resumption PSK: E9CDC319A4FD8562DBE25D23A1DDB3386168910495007843603D163EB59E0A84819351C996F9EB6458F30F0CF7BB3023 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - df b7 79 35 1d 24 b8 bf-de 02 63 49 ac f7 5d a8 ..y5.$....cI..]. 0010 - 18 77 aa 78 c7 fd 9a a0-fc af 35 1e 1d 02 90 67 .w.x......5....g 0020 - 2a b4 a1 ae bf 40 be ad-f0 33 f3 22 a1 93 db d6 *....@...3.".... 0030 - fb 14 e5 a0 d5 9d 09 8c-ab 16 a8 d5 da 93 da 2b ...............+ 0040 - 81 43 aa 29 f6 9c 47 52-bc be a2 95 f1 1f 24 d8 .C.)..GR......$. 0050 - 14 bb 69 75 88 f4 0e d3-80 84 e6 a8 72 8e a3 26 ..iu........r..& 0060 - a6 95 75 36 8f 76 e5 69-7e 7d fa 68 6f 4a 69 20 ..u6.v.i~}.hoJi 0070 - 26 93 85 35 5d a3 c8 ac-b1 bb 03 c2 e6 a2 1d 58 &..5]..........X 0080 - fa 00 66 9f 9c 5b a0 5c-e2 b4 bf 21 dc 70 00 55 ..f..[.\...!.p.U 0090 - 4c 1b 51 83 07 3f 6d 87-d3 8a fe c1 bd d1 25 40 L.Q..?m.......%@ 00a0 - 20 b7 a8 4e d4 79 63 67-36 07 7c 40 18 97 4f a9 ..N.ycg6.|@..O. 00b0 - 70 ff f2 d2 27 a1 bb ce-64 41 80 12 d0 e2 d6 c4 p...'...dA...... 00c0 - 72 35 8c d3 8d 2a 3f f2-76 68 0d 93 be 63 30 2f r5...*?.vh...c0/ Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%09 -cert pkcs11:type=cert;object=ed2Cert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIAJeLOocmO3Gad/qBiIbWyI5APgmU7+txDsw6OXULDhU BDDpzcMZpP2FYtviXSOh3bM4YWiRBJUAeENgPRY+tZ4KhIGTUcmW+etkWPMPDPe7 MCOhBgIEZ+kmbKIEAgIcIKQGBAQBAAAArgYCBE9LquOzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1476 bytes and written 290 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 773C02CA1AD9C33C4C7C214C94B326B34C7FEF749BF9E37D293177B12C63F110 Session-ID-ctx: Master-Key: 077A7CE812793D2CAD47D500ADB0ED8F7220D05A8831EEE742FD13B2EFA41D83CFB27608973E4BC62EE27A4C1DCA2FB9 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 8f 7f 09 f6 88 4c 0f 6a-e1 19 43 23 a6 9e 1f dd .....L.j..C#.... 0010 - c2 10 2c 06 80 8e 86 1d-63 49 01 6e 6a 16 d1 7f ..,.....cI.nj... 0020 - 96 8c 33 17 9f 44 11 95-95 d7 eb 61 42 2c 44 e3 ..3..D.....aB,D. 0030 - 0a ab 99 e4 b9 b8 f5 22-d7 09 7a bd 7c 99 1f d0 ......."..z.|... 0040 - 6c e8 3e 3c 7c ad cb a0-c5 15 67 8e dc 91 1b 96 l.><|.....g..... 0050 - fc 61 6e d6 f6 69 10 ce-9c 4f 21 b2 62 28 e5 c3 .an..i...O!.b(.. 0060 - bb 92 bd 47 43 af c8 52-af 91 06 12 c9 b6 c2 c9 ...GC..R........ 0070 - 0f da f1 99 53 6a 28 13-3f d0 fb dc 74 7c 02 e7 ....Sj(.?...t|.. 0080 - 42 10 d8 b0 58 4b c5 15-06 ed 33 b6 95 a9 12 83 B...XK....3..... 0090 - a7 49 f0 2f c6 e2 e2 68-18 6e 3c f4 9e 13 f9 af .I./...h.n<..... 00a0 - 49 76 dd 72 dc e5 a4 d7-55 b3 7a ca d2 d2 d5 a6 Iv.r....U.z..... Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- TLS SUCCESSFUL 40A9F3F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAMAQABDAHenzoEnk9LK1H1QCtsO2PciDQWogx7udC/ROy76Qd g8+ydgiXPkvGLuJ6TB3KL7mhBgIEZ+kmbKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- TLS SUCCESSFUL Q Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-RSA-AES256-GCM-SHA384 Secure Renegotiation IS supported DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with explicit TLS 1.3 spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My Test Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My Test Cert i:CN=Issuer a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAxMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxFTATBgNVBAMTDE15IFRlc3QgQ2VydDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3hhxUVs5JwwAy/J4AuAG8LjysBuN/fGFYp PVbSzPxfWqqbwbGD9zxsppKAjxuQKiKhQ0HlOUSlmY2eI9PX5rmlD+p9NxF1iGuR jwBX/52GdcrTZx0KuvSuOZRBW4aGRV/wk/q7PNUh52ILZZfxBRCguwnakhi0RMCI JhUqng2A8BQePAJFuLJndxVkwB4xuSuNqd4CpKx05NXzf74iWM6Y/Nk4/I32LiOG 2HxVi1EV9rrl7VGwtS5ziNTK5sA0EPePl75zeSG63a8DXYGbjuCNwPns5I4f5XdO GtJmrsJ4POYp74kSwhqWkTQQVPg8jGAv6IaKXlo32SD/xsF3IFECAwEAAaOBgTB/ MAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFoEUdGVzdGNlcnRAZXhhbXBsZS5vcmcw DgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTH9x5l71kbvBDdiYMJ22QdpjATaDAf BgNVHSMEGDAWgBQwGVWn430dmNKeWIBzKccD0QC6UzANBgkqhkiG9w0BAQsFAAOC AQEAJKitS2ixpV9xqhrXdn7aSJc/liNSxxXXcjjDgJ9FHvr83J/xxo/H2pNHtDj3 0T1Fq4DiiSmM0/nbQC0XLmOlY4//vKIDYkkiPOkrJRarvtP9qC/A/Gtvpt/sDYIp tFnfAM+s7LLA+KnaTwRNNBuQf08ZnDqyFRJpCt9mKFah2dr3sBo6uGxahOh/Ck0J gV9zl+jX5qE9JPsuDVgi2IoOy2REs+Dl6YnH2lnnPHBj1/3e1FGsNbW81PEHYvCt AJp+OFh8li3QmXkqiF6lvcvouNeiLOfrm4d/Y4tLHg3wVhSGcrbth93qE2iI4ZeA 2sPxl9j9tuO5hYdtvtYpoySXgw== -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My Test Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1391 bytes and written 318 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B445417AEAFA93D75648FDE911B2F34762C3C74BCFA8D231DECEC2C367E34A19 Session-ID-ctx: Resumption PSK: FBABBBD24ABEC06B40040A19BF65D41680C0D7C5BBA4C7CFEF6C723DFDCC1DA50D7171A53214D3A6798A3171F00B544A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - be a9 dc a9 77 7f 52 74-8c c2 f2 80 c1 47 a8 1e ....w.Rt.....G.. 0010 - 49 07 d8 49 88 57 e5 24-7c 61 58 c4 c7 c2 bc ae I..I.W.$|aX..... 0020 - c8 0c 2d f0 93 d0 3b b3-37 ff 49 92 85 f3 e3 49 ..-...;.7.I....I 0030 - 2c 40 eb 9f 09 0e 5d 19-af 6d 13 05 18 44 0a e0 ,@....]..m...D.. 0040 - 5b eb a2 6c 39 43 f8 25-fb 7f 5a 02 6d ee c3 44 [..l9C.%..Z.m..D 0050 - 0a f0 0f d0 f2 46 5a 3f-4b a4 02 a9 44 5a 36 43 .....FZ?K...DZ6C 0060 - 4e d8 29 53 56 f8 fa da-02 8d 19 28 22 10 d7 11 N.)SV......("... 0070 - 14 f7 00 8f 34 a0 bf 47-97 cb 6a ff d9 6c 67 10 ....4..G..j..lg. 0080 - 11 f6 f6 50 a9 47 ac f8-99 e0 0e b9 ad a5 c7 b4 ...P.G.......... 0090 - e4 b6 5a c8 2b 15 d9 ef-26 63 38 c9 a2 97 6b cb ..Z.+...&c8...k. 00a0 - 68 76 ab 39 64 41 96 0a-ba 0d f4 3f 87 66 0c 86 hv.9dA.....?.f.. 00b0 - 3f ae 6a 24 9d 40 61 05-02 a6 32 8f 89 85 6e 05 ?.j$.@a...2...n. 00c0 - 1b 02 e8 58 4a c2 bf cf-56 ac ee 14 fa 23 9c fc ...XJ...V....#.. Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 4CCBA1BDDA5802840875085FA813EB8A78B6E2923D3EC20B895EC6247898C1E9 Session-ID-ctx: Resumption PSK: C9569B5911C88AFC1E56C10B014032921A0FD6A49EB5E39D0BEEC52637F4703252397D1E6D21020484FF1268CABCB14A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - be a9 dc a9 77 7f 52 74-8c c2 f2 80 c1 47 a8 1e ....w.Rt.....G.. 0010 - 27 f0 89 26 bd 7e 74 28-3d 04 6d 2d ac a1 9a f5 '..&.~t(=.m-.... 0020 - e0 21 73 f4 ef cc 6b ed-50 c2 3f 4b 55 a7 dd b8 .!s...k.P.?KU... 0030 - 76 e1 81 21 c2 a4 23 4a-c0 12 f9 e8 4d ea f9 5a v..!..#J....M..Z 0040 - eb 6a 91 9f f0 e3 87 a3-33 08 99 e3 f2 5c 4a 0f .j......3....\J. 0050 - 2c 08 ab dc d1 9a 07 19-72 c7 58 d6 c8 eb c6 90 ,.......r.X..... 0060 - 1a ae d9 46 dd 25 33 a4-4d db 6f 51 a0 a5 88 4e ...F.%3.M.oQ...N 0070 - 8c 9e 05 df 7d ee 69 e5-81 f1 5c 32 d9 5a 11 0e ....}.i...\2.Z.. 0080 - 0c 3f 93 ac 0f f8 4c ce-67 58 09 3b af a2 74 7c .?....L.gX.;..t| 0090 - c5 c0 a8 f2 c1 df 84 5b-ac 48 73 0b 48 f0 42 3e .......[.Hs.H.B> 00a0 - 34 39 f5 ed cf 65 91 04-7e e9 65 f1 bd a7 da 61 49...e..~.e....a 00b0 - 7c 48 8d 4a d6 ca a6 02-76 54 70 7c 16 3c 20 d1 |H.J....vTp|.< . 00c0 - cd 97 48 a6 a3 72 3e 5f-02 69 89 0d 85 c9 9a fc ..H..r>_.i...... Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4099F7F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%01 -cert pkcs11:type=cert;object=testCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGCAgEBAgIDBAQCEwIEIKJls34k6sxTsB5LggQ0A0ovhOhfE+bLe2XzIHst4TL2 BDDJVptZEciK/B5WwQsBQDKSGg/WpJ61450L7sUmN/RwMlI5fR5tIQIEhP8SaMq8 sUqhBgIEZ+kmbKIEAgIcIKQGBAQBAAAArgYCBGkcwGmzAwIBHQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 (ECDSA) spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1085 bytes and written 290 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 531ECAB12A387083338F29C0193F48C5CA528618BC5CE7C680AE92B7974E5AF4 Session-ID-ctx: Master-Key: 6A2E98338B97A985AA2EBB4666BCA88A64B45ADA6A0A02AD0F07BC945826122CF0A7685AAF1E18C3EFF725BC39F5DC9C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - de 84 0a 69 41 65 bd ec-40 e3 2e 76 1c 9b 61 4c ...iAe..@..v..aL 0010 - b0 f2 07 09 65 7b 51 c5-25 d6 d2 78 9c a0 83 c9 ....e{Q.%..x.... 0020 - 4d 12 41 0d fb 36 83 78-d4 e6 53 47 bf 00 f4 b0 M.A..6.x..SG.... 0030 - 58 58 3b 1f ef 8f a2 88-bd d5 75 a1 3b cc d6 8a XX;.......u.;... 0040 - 9e a4 c7 3d d6 f4 e1 75-aa 47 f0 a4 d0 c0 bd 14 ...=...u.G...... 0050 - 37 8e 0d 67 35 a8 cb 47-91 3f d7 2a 13 50 ef e2 7..g5..G.?.*.P.. 0060 - 39 e3 0f f1 af 22 94 1c-89 80 80 02 9d f3 2d 2c 9...."........-, 0070 - ad 4c f2 85 d2 a1 50 e4-e6 df 53 26 dc 70 5e bd .L....P...S&.p^. 0080 - e3 3c 2a 39 50 dd 1f 8c-5c ad 5d 77 84 f0 a7 85 .<*9P...\.]w.... 0090 - ac 79 0f 31 fe 03 da 13-af d9 c4 a7 e4 cb fa f5 .y.1............ 00a0 - 21 53 02 6c 93 4b 0c 75-69 4e 57 5e d1 85 ca c2 !S.l.K.uiNW^.... Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 00A7F5F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert -tls1_2 Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALALAQABDBqLpgzi5ephaouu0ZmvKiKZLRa2moKAq0PB7yUWCYS LPCnaFqvHhjD7/clvDn13JyhBgIEZ+kmbKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB HQ== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1 Shared groups: x25519:secp256r1:x448:secp521r1:secp384r1 CIPHER is ECDHE-ECDSA-AES256-GCM-SHA384 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.2 and ECDH spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1118 bytes and written 263 bytes Verification error: unspecified certificate verification error --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256 Protocol: TLSv1.2 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES128-GCM-SHA256 Session-ID: 6502D506DE0114A1C5D74584F1818B9755F37B6D7D8D5599B256A493D9474FCB Session-ID-ctx: Master-Key: A1BD82030BAC485F1BC44611A9E6F45E39E425D768AC6A2AECC87FBF6F8292F42D13EA741047D4C16FAD4B73329FBE26 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - ee 21 a7 3b ce eb a7 16-c2 8f 4f bf e0 a9 1d d8 .!.;......O..... 0010 - 74 53 97 c2 7b 21 0e e6-de 63 ea ab fa 36 49 f6 tS..{!...c...6I. 0020 - b4 fb 27 c2 ff 6f 49 ff-00 8f a0 0b 47 ab b4 53 ..'..oI.....G..S 0030 - cb fb f3 fe f4 7a a6 92-37 d4 29 3a c4 c7 27 fd .....z..7.):..'. 0040 - 0a d6 67 f3 bd 83 8e b0-9a 10 a4 b5 89 3a 56 1a ..g..........:V. 0050 - dc 21 b4 a3 6d b0 0a fb-16 22 2e e2 c6 4e b1 6a .!..m...."...N.j 0060 - 94 91 19 5e c0 76 4f c6-23 da 5d dc 2d 38 be b8 ...^.vO.#.].-8.. 0070 - 04 09 34 20 4b cc 05 14-53 e3 84 1d 10 9c 95 ce ..4 K...S....... 0080 - 9b 0c 49 63 f7 53 18 0e-22 69 e9 ca 1c 45 ac 9c ..Ic.S.."i...E.. 0090 - 3b 98 17 ad 13 13 ae 86-e9 96 47 f3 51 93 aa df ;.........G.Q... 00a0 - a6 62 e6 b5 96 a1 69 22-ca ee 0b 94 21 e6 61 af .b....i"....!.a. Start Time: 1743332972 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: yes --- TLS SUCCESSFUL 4009FAF7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MF8CAQECAgMDBALAKwQABDChvYIDC6xIXxvERhGp5vReOeQl12isairsyH+/b4KS 9C0T6nQQR9TBb61LczKfviahBgIEZ+kmbKIEAgIcIKQGBAQBAAAArQMCAQGzAwIB Fw== -----END SSL SESSION PARAMETERS----- Shared ciphers:ECDHE-ECDSA-AES128-GCM-SHA256 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256 Secure Renegotiation IS supported TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## Run test with TLS 1.3 and specific suite spawn openssl s_client -propquery ?provider=pkcs11 -connect localhost:23456 -CAfile /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests/softhsm/caCert.pem -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -groups secp256r1 Connecting to 127.0.0.1 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O=PKCS11 Provider, CN=My EC Cert verify error:num=1:unspecified certificate verification error verify return:1 depth=1 CN=Issuer verify return:1 depth=0 O=PKCS11 Provider, CN=My EC Cert verify return:1 --- Certificate chain 0 s:O=PKCS11 Provider, CN=My EC Cert i:CN=Issuer a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 11:09:03 2025 GMT; NotAfter: Mar 30 11:09:03 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICcjCCAVqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZJc3N1 ZXIwHhcNMjUwMzMwMTEwOTAzWhcNMjYwMzMwMTEwOTAzWjAvMRgwFgYDVQQKEw9Q S0NTMTEgUHJvdmlkZXIxEzARBgNVBAMTCk15IEVDIENlcnQwWTATBgcqhkjOPQIB BggqhkjOPQMBBwNCAARoaaITOw0eXuhBO3WkO9dBN9c2Z/iAQ+uVo7sRz+EgMJLj Rb1nx+TEI0e6rp+la98d2MfLYbJjto8ITfLXNPNMo4GBMH8wDAYDVR0TAQH/BAIw ADAfBgNVHREEGDAWgRR0ZXN0Y2VydEBleGFtcGxlLm9yZzAOBgNVHQ8BAf8EBAMC B4AwHQYDVR0OBBYEFIOFHbK1bw6Gg3QzdBiD1zTi89l3MB8GA1UdIwQYMBaAFDAZ VafjfR2Y0p5YgHMpxwPRALpTMA0GCSqGSIb3DQEBCwUAA4IBAQCxW5zdckMT1Iuk 9iGpNwM398CHJrSr9mYpNgUubL8nr9ArZQUZAFgdPK6hfrpt2H/Sx/Ru42gdR9jD p8c2w3Ey2PFWpx4V+EtW3xG5Xac21GQrX9dNVrLhuDE7h59IxnOyFq/TpZFPOYg+ 60xLRiNp/jHFBRlnLbkSh/ubeIRUkhSj7arbNTPQHH9kBdGDW4KtuAjejnIva9v9 miar52Um3egXURHStVuG2rS3a/Z7D9bNvSWnWmfogwaNpRJMkjWnP4737ph1GFfA qbWKwc/AZcPgH/X9kJCiArgOFjBovMdrKFXei/jKm5U3FIvKG7hWpC/a6xwcJAzS in4PbFz4 -----END CERTIFICATE----- subject=O=PKCS11 Provider, CN=My EC Cert issuer=CN=Issuer --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: ECDH, ?, 0 bits --- SSL handshake has read 1059 bytes and written 329 bytes Verification error: unspecified certificate verification error --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 1 (unspecified certificate verification error) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 06F898FA75FEFD4FD421920F4A4D52DBE92B17D7D83CB8FE4EC364060EA04763 Session-ID-ctx: Resumption PSK: 2E97AF186389841F9C22E4DD7E93EAA8583CCA57B0CF731B911833BEE09C630C3A1495CA843163F0AFF8A1327A43B48E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 69 2a d9 16 89 0f 3c 0f-dd 6a 5a 1d 0b 99 47 45 i*....<..jZ...GE 0010 - 7a e7 ad 5d 9a a2 d9 12-48 b3 aa 3b a5 15 c8 f8 z..]....H..;.... 0020 - b6 bf e9 3c 7d 82 a0 6b-b0 f5 b1 7d 08 b8 cd be ...<}..k...}.... 0030 - 83 2a 3d 5c ed 10 e0 7c-e0 79 af c3 0b c7 d1 48 .*=\...|.y.....H 0040 - 8b 56 8b aa a7 59 18 46-9d 7a fb 50 ea ad d8 ed .V...Y.F.z.P.... 0050 - ff a5 17 c9 4f 80 64 5c-77 54 19 af 6c b7 c1 b6 ....O.d\wT..l... 0060 - c9 a2 c6 a4 11 d0 5b 00-8f 22 6d a5 f7 ba 08 9d ......[.."m..... 0070 - d8 bc a3 11 87 19 a5 11-f6 ea b9 2f 77 b6 13 16 .........../w... 0080 - 37 27 c6 31 cb ca 29 8d-02 40 f8 34 d3 24 5c b8 7'.1..)..@.4.$\. 0090 - c6 5f 9b 17 f5 16 d6 d2-fb e1 58 57 19 16 be a5 ._........XW.... 00a0 - 62 0e 2c 39 74 13 f4 70-91 77 4f 2b 65 73 5d c1 b.,9t..p.wO+es]. 00b0 - 04 02 3e 3e 6e 5f e8 e6-1f fa 89 e2 09 73 52 5c ..>>n_.......sR\ 00c0 - 64 9b fc 64 88 7b 01 bd-ac 65 d2 56 dc 32 d6 a8 d..d.{...e.V.2.. Start Time: 1743332973 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 0AFDC5AC75F99DBE03D112A4E47FC76068A6D6372923FD9F688D5469B604748C Session-ID-ctx: Resumption PSK: C00A8289709972C8E75C9357805E9FD40FC386BDAEEAD7B9DB5F9138FE453473586A48ADBF94D3126A478F22641A889B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 69 2a d9 16 89 0f 3c 0f-dd 6a 5a 1d 0b 99 47 45 i*....<..jZ...GE 0010 - c9 8f 4a 30 99 23 36 88-a4 4b 2f 35 fe 05 00 3f ..J0.#6..K/5...? 0020 - 7c 4a af bd 5b b2 19 1a-e3 cb 91 de d5 a4 5f 98 |J..[........._. 0030 - fe 23 44 dc 60 fd 5f c6-41 4c 81 1f 34 2b 82 a0 .#D.`._.AL..4+.. 0040 - bc 86 8c cf c5 21 b0 36-67 bb 60 5c 84 8a 64 64 .....!.6g.`\..dd 0050 - 23 13 f0 11 e7 17 1c d5-1f 40 cd 54 8c cd 39 07 #........@.T..9. 0060 - 2e 68 e1 1f ee 96 82 4a-a8 0d ab 24 ed 6f 53 cf .h.....J...$.oS. 0070 - 3e 31 e1 c8 9e 64 c6 a3-60 24 a3 dc 92 da 10 76 >1...d..`$.....v 0080 - 02 5b bc 7a 01 a6 5d 6d-7a 76 4e 55 4e 96 a5 4c .[.z..]mzvNUN..L 0090 - f5 a5 55 ec bb 91 85 bd-7f f0 53 5d 47 aa 2a 46 ..U.......S]G.*F 00a0 - b4 36 8a 77 0d cc e0 9f-c7 fa 90 20 e3 2d de a2 .6.w....... .-.. 00b0 - e5 5a 75 41 bc e4 11 72-75 d7 aa 28 f4 84 d4 0c .ZuA...ru..(.... 00c0 - f1 fc 43 87 dc f0 e0 b9-ce 3b bf c4 59 61 0c 1c ..C......;..Ya.. Start Time: 1743332973 Timeout : 7200 (sec) Verify return code: 1 (unspecified certificate verification error) Extended master secret: no Max Early Data: 0 --- read R BLOCK TLS SUCCESSFUL 4009F8F7:error:0A000126:SSL routines::unexpected eof while reading:../ssl/record/rec_layer_s3.c:688: Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEILrvGZD4tMXG8rECqx4n+TurjBW/gisIsKbMnOFF9oll BDDACoKJcJlyyOdck1eAXp/UD8OGva7q17nbX5E4/kU0c1hqSK2/lNMSakePImQa iJuhBgIEZ+kmbaIEAgIcIKQGBAQBAAAArgcCBQCgQwJaswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ## ######################################## Server output: spawn openssl s_server -propquery ?provider=pkcs11 -accept 23456 -naccept 1 -key pkcs11:type=private;id=%00%02 -cert pkcs11:type=cert;object=ecCert Using default temp DH parameters ACCEPT -----BEGIN SSL SESSION PARAMETERS----- MIGDAgEBAgIDBAQCEwIEILrvGZD4tMXG8rECqx4n+TurjBW/gisIsKbMnOFF9oll BDDACoKJcJlyyOdck1eAXp/UD8OGva7q17nbX5E4/kU0c1hqSK2/lNMSakePImQa iJuhBgIEZ+kmbaIEAgIcIKQGBAQBAAAArgcCBQCgQwJaswMCARc= -----END SSL SESSION PARAMETERS----- Shared ciphers:TLS_AES_256_GCM_SHA384 Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:ecdsa_brainpoolP256r1_sha256:ecdsa_brainpoolP384r1_sha384:ecdsa_brainpoolP512r1_sha512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Supported groups: secp256r1 Shared groups: secp256r1 CIPHER is TLS_AES_256_GCM_SHA384 This TLS version forbids renegotiation. TLS SUCCESSFUL Q DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 75/92 pkcs11-provider:softhsm / tls OK 3.96s 76/92 pkcs11-provider:kryoptic / tls RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=151 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 76/92 pkcs11-provider:kryoptic / tls SKIP 0.01s exit status 77 77/92 pkcs11-provider:kryoptic.nss / tls RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=231 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tls-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 77/92 pkcs11-provider:kryoptic.nss / tls SKIP 0.01s exit status 77 78/92 pkcs11-provider:softokn / tlsfuzzer RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=191 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 78/92 pkcs11-provider:softokn / tlsfuzzer SKIP 0.01s exit status 77 79/92 pkcs11-provider:softhsm / tlsfuzzer RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=10 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/ttlsfuzzer TLS fuzzer is not available -- skipping ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 79/92 pkcs11-provider:softhsm / tlsfuzzer SKIP 0.02s exit status 77 80/92 pkcs11-provider:kryoptic / tlsfuzzer RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=132 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 80/92 pkcs11-provider:kryoptic / tlsfuzzer SKIP 0.01s exit status 77 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=195 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper tlsfuzzer-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 81/92 pkcs11-provider:kryoptic.nss / tlsfuzzer SKIP 0.01s exit status 77 82/92 pkcs11-provider:softokn / uri RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 MALLOC_PERTURB_=67 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 82/92 pkcs11-provider:softokn / uri SKIP 0.01s exit status 77 83/92 pkcs11-provider:softhsm / uri RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=119 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/turi ## Check that storeutl returns URIs openssl storeutl -text pkcs11: ## Check returned URIs work to find objects $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%A2%BA%32%C9%77%9D%2A%15%D5%F1%8F%18%3C%67%DB%98;object=Test-Ed-gen-a2ba32c9;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%06;object=ecCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%09;object=ed2Cert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%12%82%50%80%71%03%D4%87%11%30%05%B5%E1%E0%21%EC;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%00;object=caCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%44%1C%F4%8C%1C%87%C6%DE%08%C7%B6%30%7F%EB%6C%EC;object=Test-RSA-gen-441cf48c;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%21%BB%23%3C%2E%0D%C4%54%62%56%F6%48%99%98%4F%6A;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%03;object=ecPeerCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%6B%30%2C%F4%EB%08%C1%0A%20%4C%59%62%B5%5E%38%CD;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%69%86%EF%B5%E6%8F%CC%0C%33%A8%CE%C7%81%6A%4F%6F;object=Test-RSA-PSS-gen-6986efb5;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%10;object=testRsaPssCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%EB%C4%27%46%4E%0A%DA%A3%F2%7C%EB%57%20%BC%24%47;object=Test-RSA-Key-Usage-ebc42746;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%C5%CA%C8%92%28%59%DC%D4%31%2C%85%D5%DC%7D%0D%26;object=Pkey%20sigver%20Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%05;object=testCert2;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%D7%8F%36%AB%A2%59%C9%51%98%FF%69%B8%A4%D4%A2%C6;object=Test-EC-gen-d78f36ab;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%D7%78%1D%30%AB%F3%51%37%CC%AE%A4%44%A7%39%36%FC;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%08;object=ecCert3;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%04;object=edCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%AA%1E%F4%57%40%E0%A5%19%EC%73%B7%AA%A2%C5%7B%28;object=Test-Ed-gen-aa1ef457;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%01;object=testCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%D9%EA%6B%55%EC%86%43%75%9E%F1%A8%53%3B%AD%04%33;object=Fork-Test;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%02;object=ecCert;type=private openssl storeutl -text "$uri" $uri=pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=93e70c9f57c170e7;token=SoftHSM%20Token;id=%00%11;object=testRsaPss2Cert;type=private openssl storeutl -text "$uri" ## Check each URI component is tested $cmp=pkcs11:model=SoftHSM%20v2 openssl storeutl -text "pkcs11:${cmp}" $cmp=manufacturer=SoftHSM%20project openssl storeutl -text "pkcs11:${cmp}" $cmp=serial=93e70c9f57c170e7 openssl storeutl -text "pkcs11:${cmp}" $cmp=token=SoftHSM%20Token openssl storeutl -text "pkcs11:${cmp}" $cmp=id=%A2%BA%32%C9%77%9D%2A%15%D5%F1%8F%18%3C%67%DB%98 openssl storeutl -text "pkcs11:${cmp}" $cmp=object=Test-Ed-gen-a2ba32c9 openssl storeutl -text "pkcs11:${cmp}" $cmp=type=private openssl storeutl -text "pkcs11:${cmp}" ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 83/92 pkcs11-provider:softhsm / uri OK 2.22s 84/92 pkcs11-provider:kryoptic / uri RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=6 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 84/92 pkcs11-provider:kryoptic / uri SKIP 0.01s exit status 77 85/92 pkcs11-provider:kryoptic.nss / uri RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=84 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper uri-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 85/92 pkcs11-provider:kryoptic.nss / uri SKIP 0.01s exit status 77 86/92 pkcs11-provider:softhsm / ecxc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=78 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-softhsm.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― Executing /build/reproducible-path/pkcs11-provider-1.0/tests/tecxc ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 86/92 pkcs11-provider:softhsm / ecxc SKIP 0.02s exit status 77 87/92 pkcs11-provider:kryoptic / ecxc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=77 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 87/92 pkcs11-provider:kryoptic / ecxc SKIP 0.01s exit status 77 88/92 pkcs11-provider:kryoptic.nss / ecxc RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=178 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper ecxc-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 88/92 pkcs11-provider:kryoptic.nss / ecxc SKIP 0.01s exit status 77 89/92 pkcs11-provider:softokn / cms RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=99 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-softokn.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 89/92 pkcs11-provider:softokn / cms SKIP 0.01s exit status 77 90/92 pkcs11-provider:kryoptic / cms RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests MALLOC_PERTURB_=138 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 90/92 pkcs11-provider:kryoptic / cms SKIP 0.01s exit status 77 91/92 pkcs11-provider:kryoptic.nss / cms RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=221 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper cms-kryoptic.nss.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 91/92 pkcs11-provider:kryoptic.nss / cms SKIP 0.01s exit status 77 92/92 pkcs11-provider:kryoptic / pinlock RUNNING >>> MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 TEST_PATH=/build/reproducible-path/pkcs11-provider-1.0/tests TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/tests UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=31 /build/reproducible-path/pkcs11-provider-1.0/tests/test-wrapper pinlock-kryoptic.t ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― 92/92 pkcs11-provider:kryoptic / pinlock SKIP 0.01s exit status 77 Ok: 21 Expected Fail: 0 Fail: 0 Unexpected Pass: 0 Skipped: 71 Timeout: 0 Full log written to /build/reproducible-path/pkcs11-provider-1.0/obj-i686-linux-gnu/meson-logs/testlog.txt make[1]: Leaving directory '/build/reproducible-path/pkcs11-provider-1.0' create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=meson dh_prep -O--buildsystem=meson dh_auto_install --destdir=debian/pkcs11-provider/ -O--buildsystem=meson cd obj-i686-linux-gnu && DESTDIR=/build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider LC_ALL=C.UTF-8 ninja install [0/1] Installing files Installing src/pkcs11.so to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/lib/i386-linux-gnu/ossl-modules Installing /build/reproducible-path/pkcs11-provider-1.0/docs/provider-pkcs11.7 to /build/reproducible-path/pkcs11-provider-1.0/debian/pkcs11-provider/usr/share/man/man7 dh_installdocs -O--buildsystem=meson dh_installchangelogs -O--buildsystem=meson dh_installman -O--buildsystem=meson dh_installsystemduser -O--buildsystem=meson dh_perl -O--buildsystem=meson dh_link -O--buildsystem=meson dh_strip_nondeterminism -O--buildsystem=meson dh_compress -O--buildsystem=meson dh_fixperms -O--buildsystem=meson dh_missing -O--buildsystem=meson dh_dwz -a -O--buildsystem=meson dh_strip -a -O--buildsystem=meson dh_makeshlibs -a -O--buildsystem=meson dh_shlibdeps -a -O--buildsystem=meson dh_installdeb -O--buildsystem=meson dh_gencontrol -O--buildsystem=meson dh_md5sums -O--buildsystem=meson dh_builddeb -O--buildsystem=meson dpkg-deb: building package 'pkcs11-provider' in '../pkcs11-provider_1.0-2_i386.deb'. dpkg-deb: building package 'pkcs11-provider-dbgsym' in '../pkcs11-provider-dbgsym_1.0-2_i386.deb'. dpkg-genbuildinfo --build=binary -O../pkcs11-provider_1.0-2_i386.buildinfo dpkg-genchanges --build=binary -O../pkcs11-provider_1.0-2_i386.changes dpkg-genchanges: info: binary-only upload (no source code included) dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: not including original source code in upload I: copying local configuration I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /srv/workspace/pbuilder/44254 and its subdirectories I: Current time: Sat Mar 29 23:09:43 -12 2025 I: pbuilder-time-stamp: 1743332983 Sun Mar 30 11:09:45 UTC 2025 I: 1st build successful. Starting 2nd build on remote node ionos16-i386.debian.net. Sun Mar 30 11:09:45 UTC 2025 I: Preparing to do remote build '2' on ionos16-i386.debian.net. Sun Mar 30 11:10:59 UTC 2025 I: Deleting $TMPDIR on ionos16-i386.debian.net. Sun Mar 30 11:10:59 UTC 2025 I: pkcs11-provider_1.0-2_i386.changes: Format: 1.8 Date: Sat, 29 Mar 2025 01:25:16 +0000 Source: pkcs11-provider Binary: pkcs11-provider pkcs11-provider-dbgsym Architecture: i386 Version: 1.0-2 Distribution: unstable Urgency: medium Maintainer: Luca Boccassi Changed-By: Luca Boccassi Description: pkcs11-provider - OpenSSL 3 provider for PKCS11 Closes: 1095848 Changes: pkcs11-provider (1.0-2) unstable; urgency=medium . * Add timeout multiplier for unit tests to fix FTBFS on slow architectures (Closes: #1095848) * Add workaround for blhc failing due to meson test not compiling with verbosity * d/control: bump Standards-Version to 4.7.2, no changes Checksums-Sha1: d9eaaf8f214e230461f9633c1e688bd324e2bcfe 245244 pkcs11-provider-dbgsym_1.0-2_i386.deb 60e1c5ca1de614cc69182c2f2afec9111a86daee 7142 pkcs11-provider_1.0-2_i386.buildinfo e40f3bd94933a2ddc3d91c847f54efdb5f16edb9 125012 pkcs11-provider_1.0-2_i386.deb Checksums-Sha256: 98c5d750debb4414d1e8711d4d1ff47dd90b8f71b82b055ed236c9fc35a33426 245244 pkcs11-provider-dbgsym_1.0-2_i386.deb a46846febc91a0853371ec9c6c1c8095a9684cf7133b9fb464a936268fdbf14f 7142 pkcs11-provider_1.0-2_i386.buildinfo c3b4259dc84d445369dbf896c30dbaa401bd04f925574c89bbb4c6f63a20a3b7 125012 pkcs11-provider_1.0-2_i386.deb Files: eb03607000e4d5cc492bd98e9a01d132 245244 debug optional pkcs11-provider-dbgsym_1.0-2_i386.deb a7d12219d2f825781dfbf150f54974e7 7142 libs optional pkcs11-provider_1.0-2_i386.buildinfo 23b857b50ccce104aa0b487fc240adfc 125012 libs optional pkcs11-provider_1.0-2_i386.deb Sun Mar 30 11:11:01 UTC 2025 I: diffoscope 291 will be used to compare the two builds: Running as unit: rb-diffoscope-i386_7-62913.service # Profiling output for: /usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/pkcs11-provider_1.0-2.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/pkcs11-provider_1.0-2.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/pkcs11-provider_1.0-2.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/b1/pkcs11-provider_1.0-2_i386.changes /srv/reproducible-results/rbuild-debian/r-b-build.hFFg1vyX/b2/pkcs11-provider_1.0-2_i386.changes ## command (total time: 0.000s) 0.000s 1 call cmp (internal) ## has_same_content_as (total time: 0.000s) 0.000s 1 call diffoscope.comparators.binary.FilesystemFile ## main (total time: 0.003s) 0.003s 2 calls outputs 0.000s 1 call cleanup Finished with result: success Main processes terminated with: code=exited/status=0 Service runtime: 215ms CPU time consumed: 216ms Sun Mar 30 11:11:01 UTC 2025 I: diffoscope 291 found no differences in the changes files, and a .buildinfo file also exists. Sun Mar 30 11:11:01 UTC 2025 I: pkcs11-provider from unstable built successfully and reproducibly on i386. Sun Mar 30 11:11:02 UTC 2025 I: Submitting .buildinfo files to external archives: Sun Mar 30 11:11:02 UTC 2025 I: Submitting 8.0K b1/pkcs11-provider_1.0-2_i386.buildinfo.asc Sun Mar 30 11:11:03 UTC 2025 I: Submitting 8.0K b2/pkcs11-provider_1.0-2_i386.buildinfo.asc Sun Mar 30 11:11:04 UTC 2025 I: Done submitting .buildinfo files to http://buildinfo.debian.net/api/submit. Sun Mar 30 11:11:04 UTC 2025 I: Done submitting .buildinfo files. Sun Mar 30 11:11:04 UTC 2025 I: Removing signed pkcs11-provider_1.0-2_i386.buildinfo.asc files: removed './b1/pkcs11-provider_1.0-2_i386.buildinfo.asc' removed './b2/pkcs11-provider_1.0-2_i386.buildinfo.asc'