Comments (4)
FYI: I see similar failures in p11test
on current branch develop
, for both openssl-1.1.1w and libbotan 2.19 (Ubuntu 22.04).
from softhsmv2.
The make check
command gives me 4 unit test errors [same failures w/botan as with OpenSSL]:
$ cat src/lib/crypto/test/test-suite.log
o o o
1) test: DESTests::testCBC (F) line: 262 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::CBC, IV)
2) test: DESTests::testECB (F) line: 537 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::ECB, IV)
3) test: DESTests::testOFB (F) line: 812 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::OFB, IV)
4) test: DESTests::testCFB (F) line: 1086 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::CFB, IV)
FAIL cryptotest (exit status: 1)
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
$ dpkg -l botan libcppunit-dev g++ openssl automake autoconf libtool pkg-config
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-====================-====================-============-=====================================================
ii autoconf 2.71-2 all automatic configure script builder
ii automake 1:1.16.5-1.3 all Tool for generating GNU Standards-compliant Makefiles
ii botan 2.19.1+dfsg-2ubuntu1 amd64 multiplatform crypto library (2.x version)
ii g++ 4:11.2.0-1ubuntu1 amd64 GNU C++ compiler
ii libcppunit-dev:amd64 1.15.1-4 amd64 Unit Testing Library for C++ - development library
ii libtool 2.4.6-15build2 all Generic library support script
ii openssl 3.0.2-0ubuntu1.15 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii pkg-config 0.29.2-1ubuntu3 amd64 manage compile and link flags for libraries
from softhsmv2.
The
make check
command gives me 4 unit test errors [same failures w/botan as with OpenSSL]:$ cat src/lib/crypto/test/test-suite.log o o o 1) test: DESTests::testCBC (F) line: 262 DESTests.cpp assertion failed - Expression: des->encryptInit(&desKey56, SymMode::CBC, IV) 2) test: DESTests::testECB (F) line: 537 DESTests.cpp assertion failed - Expression: des->encryptInit(&desKey56, SymMode::ECB, IV) 3) test: DESTests::testOFB (F) line: 812 DESTests.cpp assertion failed - Expression: des->encryptInit(&desKey56, SymMode::OFB, IV) 4) test: DESTests::testCFB (F) line: 1086 DESTests.cpp assertion failed - Expression: des->encryptInit(&desKey56, SymMode::CFB, IV) FAIL cryptotest (exit status: 1) $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.4 LTS Release: 22.04 Codename: jammy $ dpkg -l botan libcppunit-dev g++ openssl automake autoconf libtool pkg-config Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-====================-====================-============-===================================================== ii autoconf 2.71-2 all automatic configure script builder ii automake 1:1.16.5-1.3 all Tool for generating GNU Standards-compliant Makefiles ii botan 2.19.1+dfsg-2ubuntu1 amd64 multiplatform crypto library (2.x version) ii g++ 4:11.2.0-1ubuntu1 amd64 GNU C++ compiler ii libcppunit-dev:amd64 1.15.1-4 amd64 Unit Testing Library for C++ - development library ii libtool 2.4.6-15build2 all Generic library support script ii openssl 3.0.2-0ubuntu1.15 amd64 Secure Sockets Layer toolkit - cryptographic utility ii pkg-config 0.29.2-1ubuntu3 amd64 manage compile and link flags for libraries
DES is relatively out-dated and may not be provided (by default) in modern crypto libraries. And this causes related unitest failures.
If you run SoftHSMv2 w/ OSSL backend, you can modify OSSL config file to make legacy algorithms available (to SoftHSMv2).
Typical OSSL config file path: /etc/ssl/openssl.cnf
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
With the above change cryptotest
DESTests should pass
root@70cfde9dd1aa:/work/SoftHSMv2/src/lib/crypto/test# ./cryptotest
...
DESTests::testBlockSize : OK
DESTests::testCBC : OK
DESTests::testECB : OK
DESTests::testOFB : OK
DESTests::testCFB : OK
...
OK (66 tests)
from softhsmv2.
I also have same issue
!!!FAILURES!!!
Test Results:
Run: 66 Failures: 4 Errors: 0
- test: DESTests::testCBC (F) line: 262 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::CBC, IV)
- test: DESTests::testECB (F) line: 537 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::ECB, IV)
- test: DESTests::testOFB (F) line: 812 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::OFB, IV)
- test: DESTests::testCFB (F) line: 1086 DESTests.cpp
assertion failed
- Expression: des->encryptInit(&desKey56, SymMode::CFB, IV)
FAIL cryptotest (exit status: 1)
from softhsmv2.
Related Issues (20)
- Getting SIGSEGV in EVP_MD_CTX_free HOT 1
- Implements RFC5649 as CKM_AES_KEY_WRAP_PAD but should actually be CKM_AES_KEY_WRAP_KWP
- Per-slot configuration
- openssl operations involving pcks11 and softHSM result in segfault on exit HOT 9
- AES/GCM multi-part decryption fails with CKR_BUFFER_TOO_SMALL HOT 1
- Make check test fails on OS X HOT 2
- AES key file format for import HOT 1
- Possible problem with v2.6.1 with RHEL8 in FIPS mode and using Java 17 HOT 4
- Documentation for SoftHSM is inaccessible HOT 4
- Coredump / Alma/rhel 9 HOT 2
- decrypting scrambled ciphered text with RSA succeeded on RHEL9 unexpectedly
- SoftHSM on AIX
- Issues with configure option `--with-openssl=PATH`
- Any chance for SignRecover and VerifyRecover implementation? HOT 2
- softhsm2-util AES key import fails whenever a newline character is present in file HOT 2
- Using SoftHSMv2 Token for StrongSwan
- Security: release signing public key: missing and expires 1 August 2024
- Facing problem in Digital Certificate Generation (x.509) using keys stored in softHSM.
- wiki.opendnnsec.org certificate expired?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from softhsmv2.