From f72a8752b4e6c2d1d5113602dcf65b17fb2aa413 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 27 May 2021 16:45:45 +0300
Subject: [PATCH] Fix tests against OpenSSL 3.0

Update tests to skip DES-like and RSA keys with lengths not supported by
OpenSSL 3.0

- Resolves: rhbz#1964838

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 softhsm-openssl3-tests.patch | 334 ++++++++++++++++++++++++++++++++++-
 1 file changed, 328 insertions(+), 6 deletions(-)

diff --git a/softhsm-openssl3-tests.patch b/softhsm-openssl3-tests.patch
index 2a0770e..eea308b 100644
--- a/softhsm-openssl3-tests.patch
+++ b/softhsm-openssl3-tests.patch
@@ -1,7 +1,7 @@
-From dac3ac92ade67612657120335934d784edf49dbb Mon Sep 17 00:00:00 2001
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abokovoy@redhat.com>
 Date: Wed, 26 May 2021 20:03:25 +0300
-Subject: [PATCH 1/3] openssl 3.0: Run DES tests only if OpenSSL allows it
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
 
 OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
 explicitly. By default, it will not be loaded and DES methods in tests
@@ -534,10 +534,10 @@ index bcb1c6b..aa68746 100644
 2.31.1
 
 
-From d8d38bd2e9b24f200c96682d1bd0967444f064ed Mon Sep 17 00:00:00 2001
+From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abokovoy@redhat.com>
 Date: Wed, 26 May 2021 20:09:31 +0300
-Subject: [PATCH 2/3] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
+Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
 
 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 ---
@@ -606,10 +606,10 @@ index 6af1e19..e583b8b 100644
 2.31.1
 
 
-From 6a35c45aeae805b238cb18652a78419b1e43ad5c Mon Sep 17 00:00:00 2001
+From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abokovoy@redhat.com>
 Date: Wed, 26 May 2021 22:29:22 +0300
-Subject: [PATCH 3/3] openssl 3.0: Skip tests with unsupported key sizes
+Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
 
 OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
 CentOS 9 Stream) might block certain key sizes which causes the tests to
@@ -686,3 +686,325 @@ index e583b8b..3b397d2 100644
 -- 
 2.31.1
 
+
+From 496fe2c8f5d4e7bdb99bd7f61bbcae0cd1f4a93b Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 27 May 2021 15:08:02 +0300
+Subject: [PATCH 4/4] openssl3: skip DES* tests
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/test/DeriveTests.cpp             |  16 ++-
+ src/lib/test/ObjectTests.cpp             |  21 ++--
+ src/lib/test/SymmetricAlgorithmTests.cpp | 128 +++++++++++++----------
+ 3 files changed, 99 insertions(+), 66 deletions(-)
+
+diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
+index 9438ac2..275c399 100644
+--- a/src/lib/test/DeriveTests.cpp
++++ b/src/lib/test/DeriveTests.cpp
+@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 		0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ 	};
+ 	CK_ULONG secLen = 0;
++	CK_BBOOL oldMechs = CK_FALSE;
+ 
+ 	switch (mechType)
+ 	{
+ 		case CKM_DES_ECB_ENCRYPT_DATA:
+ 		case CKM_DES3_ECB_ENCRYPT_DATA:
++			oldMechs = CK_TRUE;
++			/* fall-through */
+ 		case CKM_AES_ECB_ENCRYPT_DATA:
+ 			param1.pData = &data[0];
+ 			param1.ulLen = sizeof(data);
+@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 			break;
+ 		case CKM_DES_CBC_ENCRYPT_DATA:
+ 		case CKM_DES3_CBC_ENCRYPT_DATA:
++			oldMechs = CK_TRUE;
+ 			memcpy(param2.iv, "12345678", 8);
+ 			param2.pData = &data[0];
+ 			param2.length = sizeof(data);
+@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 			break;
+ 		case CKK_DES:
+ 			mechEncrypt.mechanism = CKM_DES_ECB;
++			oldMechs = CK_TRUE;
+ 			break;
+ 		case CKK_DES2:
+ 		case CKK_DES3:
+ 			mechEncrypt.mechanism = CKM_DES3_ECB;
++			oldMechs = CK_TRUE;
+ 			break;
+ 		case CKK_AES:
+ 			mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 				 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ 				 &hDerive) );
+ 	}
+-	CPPUNIT_ASSERT(rv == CKR_OK);
++	if (rv != CKR_OK && oldMechs == CK_TRUE) {
++		// Skip old mechanisms, they don't work under this crypto library
++		return;
++	}
++	CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+ 	// Check that KCV has been set
+ 	CK_ATTRIBUTE checkAttribs[] = {
+@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 	CK_ULONG ulRecoveredTextLen;
+ 
+ 	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++	if (rv != CKR_OK && oldMechs == CK_TRUE) {
++		// Skip old mechanisms, they don't work under this crypto library
++		return;
++	}
+ 	CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+ 	ulCipherTextLen = sizeof(cipherText);
+diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
+index 9491ce1..4ffc1c8 100644
+--- a/src/lib/test/ObjectTests.cpp
++++ b/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++	// If DES key is not supported, skip it
++	if (attribKCV[0].ulValueLen == 3) {
++		CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
+ 	rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++	// If DES2 key is not supported, skip it
++	if (rv == CKR_OK) {
++		if (attribKCV[0].ulValueLen == 3) {
++			CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++		}
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++	// If DES3 key is not supported, skip it
++	if (attribKCV[0].ulValueLen == 3) {
++		CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
+index b24caaf..850b732 100644
+--- a/src/lib/test/SymmetricAlgorithmTests.cpp
++++ b/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	std::vector<CK_BYTE> vEncryptedData;
+ 	std::vector<CK_BYTE> vEncryptedDataParted;
+ 	PartSize partSize(blockSize, &vData);
++	CK_BBOOL oldMechs = CK_FALSE;
++	CK_RV rv = CKR_OK;
+ 
+ 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+ 
+@@ -231,6 +233,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	{
+ 		case CKM_DES_CBC:
+ 		case CKM_DES_CBC_PAD:
++			oldMechs = CK_TRUE;
++			/* fall-through */
+ 		case CKM_DES3_CBC:
+ 		case CKM_DES3_CBC_PAD:
+ 		case CKM_AES_CBC:
+@@ -246,12 +250,17 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 			pMechanism->pParameter = &gcmParams;
+ 			pMechanism->ulParameterLen = sizeof(gcmParams);
+ 			break;
++		case CKM_DES_ECB:
++			oldMechs = CK_TRUE;
++			break;
+ 		default:
+ 			break;
+ 	}
+ 
+ 	// Single-part encryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
++	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE)
+ 	{
+ 		CK_ULONG ulEncryptedDataLen;
+ 		const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
+@@ -267,40 +276,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	}
+ 
+ 	// Multi-part encryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+-	for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+-		const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+-		CK_ULONG ulEncryptedPartLen;
+-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+-		const size_t oldSize( vEncryptedDataParted.size() );
+-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-		CK_BYTE dummy;
+-		const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-	}
+-	{
+-		CK_ULONG ulLastEncryptedPartLen;
+-		const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+-		if ( isSizeOK ) {
+-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
++		for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
++			const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++			CK_ULONG ulEncryptedPartLen;
++			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+ 			const size_t oldSize( vEncryptedDataParted.size() );
++			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ 			CK_BYTE dummy;
+-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-			const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-		} else {
+-			CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+-			vEncryptedDataParted = vData;
++			const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
++			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++		}
++		{
++			CK_ULONG ulLastEncryptedPartLen;
++			const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++			if ( isSizeOK ) {
++				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++				const size_t oldSize( vEncryptedDataParted.size() );
++				CK_BYTE dummy;
++				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++				const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++			} else {
++				CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++				vEncryptedDataParted = vData;
++			}
+ 		}
+ 	}
+ 
+ 	// Single-part decryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+-	{
++	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
+ 		CK_ULONG ulDataLen;
+ 		const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
+ 		if ( isSizeOK ) {
+@@ -315,8 +326,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	}
+ 
+ 	// Multi-part decryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-	{
++	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
+ 		std::vector<CK_BYTE> vDecryptedData;
+ 		CK_BYTE dummy;
+ 		for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
+@@ -977,44 +989,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ 
+ 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ #endif
+ 
+ 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ }
+ 
+ void SymmetricAlgorithmTests::testNullTemplate()
+-- 
+2.31.1
+