From d1553412e61bdf73281f0a8d36f5df2406bfaf79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= <saper@saper.info>
Date: Sat, 1 Jan 2022 22:54:09 +0000
Subject: [PATCH 1/5] test: encryptDecrypt mechanism details should come from
 the caller

Refactor encryptDecrypt to use mechanism details supplied from the caller.
This way it can be used to try various variable parameters for AES modes.
---
 src/lib/test/SymmetricAlgorithmTests.cpp | 150 ++++++++++-------------
 src/lib/test/SymmetricAlgorithmTests.h   |   2 +-
 2 files changed, 67 insertions(+), 85 deletions(-)

diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
index f6353f607..3da7d10a0 100644
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -802,7 +802,7 @@ CK_RV SymmetricAlgorithmTests::generateDes3Key(CK_SESSION_HANDLE hSession, CK_BB
 }
 
 void SymmetricAlgorithmTests::encryptDecrypt(
-		const CK_MECHANISM_TYPE mechanismType,
+		const CK_MECHANISM mechanism,
 		const size_t blockSize,
 		const CK_SESSION_HANDLE hSession,
 		const CK_OBJECT_HANDLE hKey,
@@ -850,56 +850,10 @@ void SymmetricAlgorithmTests::encryptDecrypt(
 
 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
 
-	const CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
 	CK_MECHANISM_PTR pMechanism((CK_MECHANISM_PTR)&mechanism);
-	CK_AES_CTR_PARAMS ctrParams =
-	{
-		32,
-		{
-			0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-		}
-	};
-	CK_BYTE gcmIV[] = {
-		0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
-		0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88
-	};
-	CK_BYTE gcmAAD[] = {
-		0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
-		0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
-		0xAB, 0xAD, 0xDA, 0xD2
-	};
-	CK_GCM_PARAMS gcmParams =
-	{
-		&gcmIV[0],
-		sizeof(gcmIV),
-		sizeof(gcmIV)*8,
-		&gcmAAD[0],
-		sizeof(gcmAAD),
-		16*8
-	};
-
-	switch (mechanismType)
-	{
-		case CKM_DES_CBC:
-		case CKM_DES_CBC_PAD:
-		case CKM_DES3_CBC:
-		case CKM_DES3_CBC_PAD:
-		case CKM_AES_CBC:
-		case CKM_AES_CBC_PAD:
-			pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
-			pMechanism->ulParameterLen = blockSize;
-			break;
-		case CKM_AES_CTR:
-			pMechanism->pParameter = &ctrParams;
-			pMechanism->ulParameterLen = sizeof(ctrParams);
-			break;
-		case CKM_AES_GCM:
-			pMechanism->pParameter = &gcmParams;
-			pMechanism->ulParameterLen = sizeof(gcmParams);
-			break;
-		default:
-			break;
+	if (pMechanism->pParameter == NULL_PTR) {
+		pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+		pMechanism->ulParameterLen = blockSize;
 	}
 
 	// Single-part encryption
@@ -1568,6 +1522,34 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt()
 	CK_SESSION_HANDLE hSessionRO;
 	CK_SESSION_HANDLE hSessionRW;
 
+	CK_AES_CTR_PARAMS ctrParams =
+	{
+		32,
+		{
+			0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+		}
+	};
+	CK_BYTE gcmIV[] = {
+		0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE,
+		0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88
+	};
+	CK_BYTE gcmAAD[] = {
+		0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
+		0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
+		0xAB, 0xAD, 0xDA, 0xD2
+	};
+	CK_GCM_PARAMS gcmParams =
+	{
+		&gcmIV[0],
+		sizeof(gcmIV),
+		sizeof(gcmIV)*8,
+		&gcmAAD[0],
+		sizeof(gcmAAD),
+		16*8
+	};
+
+
 	// Just make sure that we finalize any previous tests
 	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
 
@@ -1601,19 +1583,19 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt()
 	// with padding all message sizes could be encrypted-decrypted.
 	// without padding the message size must be a multiple of the block size.
 	const int blockSize(0x10);
-	encryptDecrypt(CKM_AES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_AES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_AES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_AES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_AES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_AES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_AES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_AES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_AES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_AES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
 }
 
 
@@ -1713,13 +1695,13 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
 
 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
 
@@ -1727,13 +1709,13 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
 #endif
 
 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
@@ -1742,13 +1724,13 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+	encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
 }
 
 void SymmetricAlgorithmTests::testDesWrapUnwrap()
diff --git a/src/lib/test/SymmetricAlgorithmTests.h b/src/lib/test/SymmetricAlgorithmTests.h
index 642be31fa..7b7b1c7bd 100644
--- a/src/lib/test/SymmetricAlgorithmTests.h
+++ b/src/lib/test/SymmetricAlgorithmTests.h
@@ -78,7 +78,7 @@ class SymmetricAlgorithmTests : public TestsBase
 #endif
 	CK_RV generateDes3Key(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey);
 	void encryptDecrypt(
-			CK_MECHANISM_TYPE mechanismType,
+			CK_MECHANISM mechanism,
 			size_t sizeOfIV,
 			CK_SESSION_HANDLE hSession,
 			CK_OBJECT_HANDLE hKey,

From 8e74a16494b8aa5a56dcc55d1513949128c9c4a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= <saper@saper.info>
Date: Sat, 1 Jan 2022 23:31:48 +0000
Subject: [PATCH 2/5] Enable C++ library assertions for testing

---
 .travis.yml              | 1 +
 testing/travis/travis.sh | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index c8de5b13e..cad669876 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@ before_install:
   - sudo apt-get install build-essential autoconf automake libtool libcppunit-dev libsqlite3-dev sqlite3 libbotan-2-dev libssl-dev p11-kit
 script: sh testing/travis/travis.sh
 env:
+  - CPP_LIBRARY_ASSERTIONS=yes CRYPTO=openssl OBJSTORE=file
   - CRYPTO=openssl OBJSTORE=file
   - CRYPTO=openssl OBJSTORE=sqlite
   - CRYPTO=botan   OBJSTORE=file
diff --git a/testing/travis/travis.sh b/testing/travis/travis.sh
index 826fbc42f..3cb2089c7 100644
--- a/testing/travis/travis.sh
+++ b/testing/travis/travis.sh
@@ -1,8 +1,14 @@
 #!/bin/sh
 
+CONF_CPP_LIBRARY_ASSERTIONS=""
 CONF_CRYPTO=""
 CONF_OBJSTORE=""
 
+case $CPP_LIBRARY_ASSERTIONS in
+yes)
+	CONF_CPP_LIBRARY_ASSERTIONS="$CONF_CPP_LIBRARY_ASSERTIONS -D_LIBCPP_DEBUG_LEVEL=1 -D_GLIBCXX_ASSERTIONS=1"
+esac
+
 case $CRYPTO in
 botan)
 	CONF_CRYPTO="$CONF_CRYPTO --with-crypto-backend=botan --with-botan=/usr"
@@ -31,5 +37,5 @@ sqlite)
 esac
 
 sh autogen.sh && \
-./configure $CONF_CRYPTO $CONF_OBJSTORE && \
+env CXXFLAGS="${CXXFLAGS} ${CONF_CPP_LIBRARY_ASSERTIONS}" ./configure $CONF_CRYPTO $CONF_OBJSTORE && \
 make all check

From 9d11539aca9d98a8cfceb8444cd1ebd16de8ad98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= <saper@saper.info>
Date: Sat, 1 Jan 2022 23:40:14 +0000
Subject: [PATCH 3/5] CKM_AES_GCM: Additional authenticated data are optional

With C++ library assertions enabled, this crashes the p11test:

* thread #1, name = 'p11test', stop reason = signal SIGABRT
  * frame #0: 0x0000000800aa569a libc.so.7`__sys_thr_kill + 10
    frame #1: 0x0000000800aa3af4 libc.so.7`__raise + 52
    frame #2: 0x0000000800a19719 libc.so.7`abort + 73
    frame #3: 0x00000008007df9a2 libc++.so.1`std::__1::__libcpp_abort_debug_function(std::__1::__libcpp_debug_info const&) + 82
    frame #4: 0x00000000003beb6a p11test`std::__1::vector<unsigned char, SecureAllocator<unsigned char> >::operator[](unsigned long) + 122
    frame #5: 0x00000000003be096 p11test`ByteString::operator[](unsigned long) + 38
    frame #6: 0x00000000003412a6 p11test`SoftHSM::SymEncryptInit(unsigned long, _CK_MECHANISM*, unsigned long) + 3190
    frame #7: 0x000000000034267b p11test`SoftHSM::C_EncryptInit(unsigned long, _CK_MECHANISM*, unsigned long) + 75
    frame #8: 0x00000000003363b7 p11test`C_EncryptInit + 55
    frame #9: 0x0000000000283cfb p11test`SymmetricAlgorithmTests::encryptDecrypt(_CK_MECHANISM, unsigned long, unsigned long, unsigned long, unsigned long, bool) + 555
    frame #10: 0x000000000028c682 p11test`SymmetricAlgorithmTests::testAesEncryptDecrypt() + 3378
---
 src/lib/test/SymmetricAlgorithmTests.cpp | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
index 3da7d10a0..7247169fd 100644
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -1539,7 +1539,7 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt()
 		0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
 		0xAB, 0xAD, 0xDA, 0xD2
 	};
-	CK_GCM_PARAMS gcmParams =
+	CK_GCM_PARAMS gcmParamsWithAAD =
 	{
 		&gcmIV[0],
 		sizeof(gcmIV),
@@ -1548,6 +1548,15 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt()
 		sizeof(gcmAAD),
 		16*8
 	};
+	CK_GCM_PARAMS gcmParamsWithoutAAD =
+	{
+		&gcmIV[0],
+		sizeof(gcmIV),
+		sizeof(gcmIV)*8,
+		NULL_PTR,
+		0,
+		16*8
+	};
 
 
 	// Just make sure that we finalize any previous tests
@@ -1593,9 +1602,12 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt()
 	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
 	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
 	encryptDecrypt({CKM_AES_CTR,&ctrParams,sizeof(ctrParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-	encryptDecrypt({CKM_AES_GCM,&gcmParams,sizeof(gcmParams)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithAAD,sizeof(gcmParamsWithAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithAAD,sizeof(gcmParamsWithAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithAAD,sizeof(gcmParamsWithAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithoutAAD,sizeof(gcmParamsWithoutAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithoutAAD,sizeof(gcmParamsWithoutAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+	encryptDecrypt({CKM_AES_GCM,&gcmParamsWithoutAAD,sizeof(gcmParamsWithoutAAD)},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
 }
 
 

From bf71ad7ed7864d7a6400309e729dd6b6dfa4107c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Cie=C5=9Blak?= <saper@saper.info>
Date: Tue, 4 Jan 2022 12:28:17 +0000
Subject: [PATCH 4/5] Fix: accept zero-length additional authenticated data for
 AES GCM

---
 src/lib/SoftHSM.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index dac68a3c6..e4208561a 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -2346,7 +2346,8 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
 			memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
 			aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
-			memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			if (CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0)
+				memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
 			tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
 			if (tagBytes > 128 || tagBytes % 8 != 0)
 			{
@@ -3066,7 +3067,8 @@ CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			iv.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
 			memcpy(&iv[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pIv, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulIvLen);
 			aad.resize(CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
-			memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			if (CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0)
+				memcpy(&aad[0], CK_GCM_PARAMS_PTR(pMechanism->pParameter)->pAAD, CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
 			tagBytes = CK_GCM_PARAMS_PTR(pMechanism->pParameter)->ulTagBits;
 			if (tagBytes > 128 || tagBytes % 8 != 0)
 			{

From e5d930a308a4c745ddde6f414aa612fca300edd2 Mon Sep 17 00:00:00 2001
From: Ubuntu <rijswijk@rpki.donderwolk.org>
Date: Wed, 6 Apr 2022 18:15:09 +0000
Subject: [PATCH 5/5] Fix broken if statement

---
 src/lib/SoftHSM.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index e4208561a..e80300e37 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2022 NLnet Labs
  * Copyright (c) 2010 SURFnet bv
  * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
  * All rights reserved.
@@ -7122,8 +7123,10 @@ CK_RV SoftHSM::C_UnwrapKey
 	{
 		OSObject* osobject = (OSObject*)handleManager->getObject(*hKey);
 		if (osobject == NULL_PTR || !osobject->isValid())
+        {
 			rv = CKR_FUNCTION_FAILED;
-		if (osobject->startTransaction())
+        }
+		else if (osobject->startTransaction())
 		{
 			bool bOK = true;
 
@@ -7781,9 +7784,12 @@ CK_RV SoftHSM::generateAES
 	if (rv == CKR_OK)
 	{
 		OSObject* osobject = (OSObject*)handleManager->getObject(*phKey);
-		if (osobject == NULL_PTR || !osobject->isValid()) {
+		if (osobject == NULL_PTR || !osobject->isValid()) 
+        {
 			rv = CKR_FUNCTION_FAILED;
-		} else if (osobject->startTransaction()) {
+		} 
+        else if (osobject->startTransaction()) 
+        {
 			bool bOK = true;
 
 			// Common Attributes