From 0722e9884e784d414bf71d4426ee93c2f232517d Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Fri, 8 May 2026 11:39:02 +0100 Subject: [PATCH] Fix attributes in tests Out-of-order merges caused some attribute issues. --- .github/workflows/storage-upgrade-test-tpm.yml | 3 +++ .github/workflows/storage-upgrade-test.yml | 3 +++ tests/pkcs11mtt.c | 2 ++ tests/pkcs11test.c | 14 +++++++------- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/storage-upgrade-test-tpm.yml b/.github/workflows/storage-upgrade-test-tpm.yml index 59444708..dd5e8324 100644 --- a/.github/workflows/storage-upgrade-test-tpm.yml +++ b/.github/workflows/storage-upgrade-test-tpm.yml @@ -99,6 +99,9 @@ jobs: else echo "WOLFPKCS11_NO_STORE not found, assuming WOLFPKCS11_TOKEN_PATH is already set" fi + # Patch test_verify_recover_op_not_supported on older bases that + # still set CKA_VERIFY=FALSE (the op check now uses CKA_VERIFY_RECOVER). + sed -i '/CK_ATTRIBUTE rsaPubNoVerify/,/};/{s/CKA_VERIFY,/CKA_VERIFY_RECOVER,/;}' tests/pkcs11test.c echo "=== pkcs11test.c modification completed ===" - name: Build wolfPKCS11 ${{ matrix.base-ref.name }} with TPM diff --git a/.github/workflows/storage-upgrade-test.yml b/.github/workflows/storage-upgrade-test.yml index 615a5d4e..d5d483aa 100644 --- a/.github/workflows/storage-upgrade-test.yml +++ b/.github/workflows/storage-upgrade-test.yml @@ -80,6 +80,9 @@ jobs: else echo "WOLFPKCS11_NO_STORE not found, assuming WOLFPKCS11_TOKEN_PATH is already set" fi + # Patch test_verify_recover_op_not_supported on older bases that + # still set CKA_VERIFY=FALSE (the op check now uses CKA_VERIFY_RECOVER). + sed -i '/CK_ATTRIBUTE rsaPubNoVerify/,/};/{s/CKA_VERIFY,/CKA_VERIFY_RECOVER,/;}' tests/pkcs11test.c echo "=== pkcs11test.c modification completed ===" - name: Build wolfPKCS11 ${{ matrix.base-ref.name }} diff --git a/tests/pkcs11mtt.c b/tests/pkcs11mtt.c index 94b0d308..31dbadf2 100644 --- a/tests/pkcs11mtt.c +++ b/tests/pkcs11mtt.c @@ -6681,10 +6681,12 @@ static CK_RV mlkem_encap_decap(CK_SESSION_HANDLE session, funcListExt = (CK_FUNCTION_LIST_3_2*)interface->pFunctionList; CK_OBJECT_CLASS secClass = CKO_SECRET_KEY; CK_BBOOL extr = CK_TRUE; + CK_BBOOL sensitive = CK_FALSE; CK_ATTRIBUTE secretTmpl[] = { { CKA_CLASS, &secClass, sizeof(secClass) }, { CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType) }, { CKA_EXTRACTABLE, &extr, sizeof(extr) }, + { CKA_SENSITIVE, &sensitive, sizeof(sensitive) }, }; CK_ULONG secretTmplCnt = sizeof(secretTmpl) / sizeof(*secretTmpl); CK_OBJECT_HANDLE encapKey = CK_INVALID_HANDLE; diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c index 8b47f11b..2faff094 100644 --- a/tests/pkcs11test.c +++ b/tests/pkcs11test.c @@ -5777,23 +5777,23 @@ static CK_RV test_verify_recover_op_not_supported(void* args) CK_BBOOL trueVal = CK_TRUE; CK_MECHANISM mech = { CKM_RSA_PKCS, NULL_PTR, 0 }; - CK_ATTRIBUTE rsaPubNoVerify[] = { + CK_ATTRIBUTE rsaPubNoVerifyRecover[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, { CKA_ENCRYPT, &trueVal, sizeof(trueVal) }, - { CKA_VERIFY, &falseVal, sizeof(falseVal) }, + { CKA_VERIFY_RECOVER, &falseVal, sizeof(falseVal) }, { CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) }, { CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) }, }; - ret = funcList->C_CreateObject(session, rsaPubNoVerify, - sizeof(rsaPubNoVerify)/sizeof(*rsaPubNoVerify), - &pubKey); - CHECK_CKR(ret, "Create RSA pub key with CKA_VERIFY=FALSE"); + ret = funcList->C_CreateObject(session, rsaPubNoVerifyRecover, + sizeof(rsaPubNoVerifyRecover)/sizeof(*rsaPubNoVerifyRecover), + &pubKey); + CHECK_CKR(ret, "Create RSA pub key with CKA_VERIFY_RECOVER=FALSE"); if (ret == CKR_OK) { ret = funcList->C_VerifyRecoverInit(session, &mech, pubKey); CHECK_CKR_FAIL(ret, CKR_KEY_TYPE_INCONSISTENT, - "VerifyRecoverInit should fail with CKA_VERIFY=FALSE"); + "VerifyRecoverInit should fail with CKA_VERIFY_RECOVER=FALSE"); } return ret;