From ed8d60b1a63abb59301982438871e38403643e83 Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Tue, 26 Nov 2024 19:20:09 +0300
Subject: [PATCH] import softhsm-2.6.1-14.el10

---
 .gitignore                                    |    2 +
 .softhsm.metadata                             |    2 +
 SOURCES/softhsm-2.6.1-rh1831086-exit.patch    |   72 ++
 SOURCES/softhsm-2.6.1-uninitialized.patch     |   12 +
 ...hsm-disable-usage-of-openssl-engines.patch |   93 ++
 SOURCES/softhsm-openssl3-tests.patch          | 1011 +++++++++++++++++
 ...revent-global-deleted-objects-access.patch |  667 +++++++++++
 SPECS/softhsm.spec                            |  379 ++++++
 8 files changed, 2238 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .softhsm.metadata
 create mode 100644 SOURCES/softhsm-2.6.1-rh1831086-exit.patch
 create mode 100644 SOURCES/softhsm-2.6.1-uninitialized.patch
 create mode 100644 SOURCES/softhsm-disable-usage-of-openssl-engines.patch
 create mode 100644 SOURCES/softhsm-openssl3-tests.patch
 create mode 100644 SOURCES/softhsm-prevent-global-deleted-objects-access.patch
 create mode 100644 SPECS/softhsm.spec

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6e8a826
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/softhsm-2.6.1.tar.gz
+SOURCES/softhsm-2.6.1.tar.gz.sig
diff --git a/.softhsm.metadata b/.softhsm.metadata
new file mode 100644
index 0000000..462180a
--- /dev/null
+++ b/.softhsm.metadata
@@ -0,0 +1,2 @@
+c6fd316df6366960b8c8cda92408d7e02c3fb434 SOURCES/softhsm-2.6.1.tar.gz
+4713414ddb9fde918ff329f192a42a6d81505680 SOURCES/softhsm-2.6.1.tar.gz.sig
diff --git a/SOURCES/softhsm-2.6.1-rh1831086-exit.patch b/SOURCES/softhsm-2.6.1-rh1831086-exit.patch
new file mode 100644
index 0000000..9ce241c
--- /dev/null
+++ b/SOURCES/softhsm-2.6.1-rh1831086-exit.patch
@@ -0,0 +1,72 @@
+diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
+index 32daca2..ace4bcb 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.cpp
++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
+@@ -226,31 +226,49 @@ err:
+ // Destructor
+ OSSLCryptoFactory::~OSSLCryptoFactory()
+ {
+-#ifdef WITH_GOST
+-	// Finish the GOST engine
+-	if (eg != NULL)
++	bool ossl_shutdown = false;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++	// OpenSSL 1.1.0+ will register an atexit() handler to run
++	// OPENSSL_cleanup(). If that has already happened we must
++	// not attempt to free any ENGINEs because they'll already
++	// have been destroyed and the use-after-free would cause
++	// a deadlock or crash.
++	//
++	// Detect that situation because reinitialisation will fail
++	// after OPENSSL_cleanup() has run.
++	(void)ERR_set_mark();
++	ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
++	(void)ERR_pop_to_mark();
++#endif
++	if (!ossl_shutdown)
+ 	{
+-		ENGINE_finish(eg);
+-		ENGINE_free(eg);
+-		eg = NULL;
+-	}
++#ifdef WITH_GOST
++		// Finish the GOST engine
++		if (eg != NULL)
++		{
++			ENGINE_finish(eg);
++			ENGINE_free(eg);
++			eg = NULL;
++		}
+ #endif
+ 
+-	// Finish the rd_rand engine
+-	ENGINE_finish(rdrand_engine);
+-	ENGINE_free(rdrand_engine);
+-	rdrand_engine = NULL;
++		// Finish the rd_rand engine
++		ENGINE_finish(rdrand_engine);
++		ENGINE_free(rdrand_engine);
++		rdrand_engine = NULL;
+ 
++		// Recycle locks
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++		if (setLockingCallback)
++		{
++			CRYPTO_set_locking_callback(NULL);
++		}
++#endif
++	}
+ 	// Destroy the one-and-only RNG
+ 	delete rng;
+ 
+-	// Recycle locks
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-	if (setLockingCallback)
+-	{
+-		CRYPTO_set_locking_callback(NULL);
+-	}
+-#endif
+ 	for (unsigned i = 0; i < nlocks; i++)
+ 	{
+ 		MutexFactory::i()->recycleMutex(locks[i]);
diff --git a/SOURCES/softhsm-2.6.1-uninitialized.patch b/SOURCES/softhsm-2.6.1-uninitialized.patch
new file mode 100644
index 0000000..bcdb4ee
--- /dev/null
+++ b/SOURCES/softhsm-2.6.1-uninitialized.patch
@@ -0,0 +1,12 @@
+diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
+index d2bf4037a..6eeac6103 100644
+--- a/src/lib/SoftHSM.cpp
++++ b/src/lib/SoftHSM.cpp
+@@ -972,6 +972,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
+ 	}
+ 	CryptoFactory::i()->recycleAsymmetricAlgorithm(eddsa);
+ #endif
++	pInfo->flags = 0;	// initialize flags
+ 	switch (type)
+ 	{
+ #ifndef WITH_FIPS
diff --git a/SOURCES/softhsm-disable-usage-of-openssl-engines.patch b/SOURCES/softhsm-disable-usage-of-openssl-engines.patch
new file mode 100644
index 0000000..e0f1aa1
--- /dev/null
+++ b/SOURCES/softhsm-disable-usage-of-openssl-engines.patch
@@ -0,0 +1,93 @@
+From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001
+From: Francisco Trivino <ftrivino@redhat.com>
+Date: Fri, 2 Aug 2024 11:53:44 +0200
+Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3
+
+---
+diff --git a/cmake/modules/tests/test_openssl_gost.c b/cmake/modules/tests/test_openssl_gost.c
+index 33487e1..b2df4df 100644
+--- a/modules/tests/test_openssl_gost.c
++++ b/modules/tests/test_openssl_gost.c
+@@ -1,3 +1,4 @@
++#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+ #include <openssl/crypto.h>
+ #include <openssl/opensslv.h>
+@@ -39,3 +40,4 @@ int main()
+ 
+         return 0;
+ }
++#endif
+diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h
+index d718b69..18028c4 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.h
++++ b/src/lib/crypto/OSSLCryptoFactory.h
+@@ -42,7 +42,16 @@
+ #include "RNG.h"
+ #include <memory>
+ #include <openssl/conf.h>
+-#include <openssl/engine.h>
++#if OPENSSL_VERSION_MAJOR >= 3
++# define USE_PKCS11_PROVIDER
++# include <openssl/provider.h>
++# include <openssl/store.h>
++#else
++# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
++#  define USE_PKCS11_ENGINE
++#  include <openssl/engine.h>
++# endif
++#endif
+ 
+ class OSSLCryptoFactory : public CryptoFactory
+ {
+diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
+index 32f8dc8..a719778 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.cpp
++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
+@@ -141,6 +141,11 @@ OSSLCryptoFactory::OSSLCryptoFactory()
+ 	// Initialise OpenSSL
+ 	OpenSSL_add_all_algorithms();
+ 
++	// Initialise the one-and-only RNG
++	rng = new OSSLRNG();
++
++#ifndef OPENSSL_NO_ENGINE
++
+ #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+ 	// Make sure RDRAND is loaded first
+ 	ENGINE_load_rdrand();
+@@ -221,13 +223,13 @@ err:
+ 	eg = NULL;
+ 	return;
+ #endif
++#endif // OPENSSL_NO_ENGINE
+ }
+ 
+ // Destructor
+ OSSLCryptoFactory::~OSSLCryptoFactory()
+ {
+ 	bool ossl_shutdown = false;
+-
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	// OpenSSL 1.1.0+ will register an atexit() handler to run
+ 	// OPENSSL_cleanup(). If that has already happened we must
+@@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
+ #endif
+ 	if (!ossl_shutdown)
+ 	{
++#ifndef OPENSSL_NO_ENGINE
+ #ifdef WITH_GOST
+ 		// Finish the GOST engine
+ 		if (eg != NULL)
+@@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
+ 		ENGINE_finish(rdrand_engine);
+ 		ENGINE_free(rdrand_engine);
+ 		rdrand_engine = NULL;
+-
++#endif //OPENSSL_NO_ENGINE
+ 		// Recycle locks
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		if (setLockingCallback)
+-- 
+2.45.2
+
diff --git a/SOURCES/softhsm-openssl3-tests.patch b/SOURCES/softhsm-openssl3-tests.patch
new file mode 100644
index 0000000..8245f4b
--- /dev/null
+++ b/SOURCES/softhsm-openssl3-tests.patch
@@ -0,0 +1,1011 @@
+From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:03:25 +0300
+Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
+
+OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
+explicitly. By default, it will not be loaded and DES methods in tests
+will fail. Nest test blocks under successful initialization.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
+ 1 file changed, 182 insertions(+), 168 deletions(-)
+
+diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
+index bcb1c6b..aa68746 100644
+--- a/src/lib/crypto/test/DESTests.cpp
++++ b/src/lib/crypto/test/DESTests.cpp
+@@ -259,54 +259,58 @@ void DESTests::testCBC()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
++			if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++
++			}
+ 
+ 			// Test 112-bit key
+ 			cipherText = ByteString(testResult[i][j][1]);
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
++			if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
++
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
+ #endif
+ 
+ 			// Test 168-bit key
+@@ -314,27 +318,28 @@ void DESTests::testCBC()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
++			if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 		}
+ 	}
+ }
+@@ -534,54 +539,56 @@ void DESTests::testECB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
++			if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 
+ 			// Test 112-bit key
+ 			cipherText = ByteString(testResult[i][j][1]);
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
++			if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ #endif
+ 
+ 			// Test 168-bit key
+@@ -589,27 +596,28 @@ void DESTests::testECB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
++			if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 		}
+ 	}
+ }
+@@ -809,54 +817,56 @@ void DESTests::testOFB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
++			if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 
+ 			// Test 112-bit key
+ 			cipherText = ByteString(testResult[i][j][1]);
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
++			if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ #endif
+ 
+ 			// Test 168-bit key
+@@ -864,27 +874,28 @@ void DESTests::testOFB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
++			if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 		}
+ 	}
+ }
+@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
++			if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 
+ 			// Test 112-bit key
+ 			cipherText = ByteString(testResult[i][j][1]);
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
++			if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ #endif
+ 
+ 			// Test 168-bit key
+@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
+ 
+ 			// Now, do the same thing using our DES implementation
+ 			shsmCipherText.wipe();
+-			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
++			if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
+ 
+-			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(des->encryptFinal(OB));
+-			shsmCipherText += OB;
++				CPPUNIT_ASSERT(des->encryptFinal(OB));
++				shsmCipherText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmCipherText == cipherText);
++				CPPUNIT_ASSERT(shsmCipherText == cipherText);
+ 
+-			// Check that we can get the plain text
+-			shsmPlainText.wipe();
+-			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
++				// Check that we can get the plain text
++				shsmPlainText.wipe();
++				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
+ 
+-			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(des->decryptFinal(OB));
+-			shsmPlainText += OB;
++				CPPUNIT_ASSERT(des->decryptFinal(OB));
++				shsmPlainText += OB;
+ 
+-			CPPUNIT_ASSERT(shsmPlainText == plainText);
++				CPPUNIT_ASSERT(shsmPlainText == plainText);
++			}
+ 		}
+ 	}
+ }
+-- 
+2.31.1
+
+
+From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 20:09:31 +0300
+Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/RSATests.cpp | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
+index 6af1e19..e583b8b 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
+ 
+ 	// Key sizes to test
+ 	std::vector<size_t> keySizes;
+-	keySizes.push_back(1024);
+ #ifndef WITH_FIPS
+ 	keySizes.push_back(1025);
+ #endif
+@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
+ 
+ void RSATests::testSerialisation()
+ {
+-	// Generate a 1024-bit key-pair for testing
++	// Generate a 2048-bit key-pair for testing
+ 	AsymmetricKeyPair* kp;
+ 	RSAParameters p;
+ 
+ 	p.setE("010001");
+-	p.setBitLength(1024);
++	p.setBitLength(2048);
+ 
+ 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ 	CPPUNIT_ASSERT(kp != NULL);
+@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
+ 
+ void RSATests::testPKCS8()
+ {
+-	// Generate a 1024-bit key-pair for testing
++	// Generate a 2048-bit key-pair for testing
+ 	AsymmetricKeyPair* kp;
+ 	RSAParameters p;
+ 
+ 	p.setE("010001");
+-	p.setBitLength(1024);
++	p.setBitLength(2048);
+ 
+ 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
+ 	CPPUNIT_ASSERT(kp != NULL);
+@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
+ 
+ 	// Key sizes to test
+ 	std::vector<size_t> keySizes;
+-	keySizes.push_back(1024);
+ 	keySizes.push_back(1280);
+ 	keySizes.push_back(2048);
+ 	//keySizes.push_back(4096);
+@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
+ 
+ 	// Key sizes to test
+ 	std::vector<size_t> keySizes;
+-	keySizes.push_back(1024);
+ 	keySizes.push_back(1280);
+ 	keySizes.push_back(2048);
+ 	//keySizes.push_back(4096);
+-- 
+2.31.1
+
+
+From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 26 May 2021 22:29:22 +0300
+Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
+
+OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
+CentOS 9 Stream) might block certain key sizes which causes the tests to
+fail. Skip these tests because we are not going to get the results
+anyway.
+
+There is no way with CPPUNIT to produce a warning only, so we have to
+skip the whole test result.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
+index e583b8b..3b397d2 100644
+--- a/src/lib/crypto/test/RSATests.cpp
++++ b/src/lib/crypto/test/RSATests.cpp
+@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
+ 			p.setE(*e);
+ 			p.setBitLength(*k);
+ 
+-			// Generate key-pair
+-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++			// Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
++			if (rsa->generateKeyPair(&kp, &p)) {
+ 
+-			RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
+-			RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
++				RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
++				RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
+ 
+-			CPPUNIT_ASSERT(pub->getBitLength() == *k);
+-			CPPUNIT_ASSERT(priv->getBitLength() == *k);
+-			CPPUNIT_ASSERT(pub->getE() == *e);
+-			CPPUNIT_ASSERT(priv->getE() == *e);
++				CPPUNIT_ASSERT(pub->getBitLength() == *k);
++				CPPUNIT_ASSERT(priv->getBitLength() == *k);
++				CPPUNIT_ASSERT(pub->getE() == *e);
++				CPPUNIT_ASSERT(priv->getE() == *e);
+ 
+-			rsa->recycleKeyPair(kp);
++				rsa->recycleKeyPair(kp);
++			}
+ 		}
+ 	}
+ }
+@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
+ 			p.setE(*e);
+ 			p.setBitLength(*k);
+ 
+-			// Generate key-pair
+-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++			if (!rsa->generateKeyPair(&kp, &p)) {
++				continue;
++			}
+ 
+ 			// Generate some data to sign
+ 			ByteString dataToSign;
+@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
+ 			p.setE(*e);
+ 			p.setBitLength(*k);
+ 
+-			// Generate key-pair
+-			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
++			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
++			if (!rsa->generateKeyPair(&kp, &p)) {
++				continue;
++			}
+ 
+ 			RNG* rng = CryptoFactory::i()->getRNG();
+ 
+-- 
+2.31.1
+
+
+From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 27 May 2021 15:08:02 +0300
+Subject: [PATCH 4/4] openssl3: skip DES* tests
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/test/DeriveTests.cpp             |  16 ++-
+ src/lib/test/ObjectTests.cpp             |  21 ++--
+ src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
+ 3 files changed, 100 insertions(+), 66 deletions(-)
+
+diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
+index 9438ac2..275c399 100644
+--- a/src/lib/test/DeriveTests.cpp
++++ b/src/lib/test/DeriveTests.cpp
+@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 		0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
+ 	};
+ 	CK_ULONG secLen = 0;
++	CK_BBOOL oldMechs = CK_FALSE;
+ 
+ 	switch (mechType)
+ 	{
+ 		case CKM_DES_ECB_ENCRYPT_DATA:
+ 		case CKM_DES3_ECB_ENCRYPT_DATA:
++			oldMechs = CK_TRUE;
++			/* fall-through */
+ 		case CKM_AES_ECB_ENCRYPT_DATA:
+ 			param1.pData = &data[0];
+ 			param1.ulLen = sizeof(data);
+@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 			break;
+ 		case CKM_DES_CBC_ENCRYPT_DATA:
+ 		case CKM_DES3_CBC_ENCRYPT_DATA:
++			oldMechs = CK_TRUE;
+ 			memcpy(param2.iv, "12345678", 8);
+ 			param2.pData = &data[0];
+ 			param2.length = sizeof(data);
+@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 			break;
+ 		case CKK_DES:
+ 			mechEncrypt.mechanism = CKM_DES_ECB;
++			oldMechs = CK_TRUE;
+ 			break;
+ 		case CKK_DES2:
+ 		case CKK_DES3:
+ 			mechEncrypt.mechanism = CKM_DES3_ECB;
++			oldMechs = CK_TRUE;
+ 			break;
+ 		case CKK_AES:
+ 			mechEncrypt.mechanism = CKM_AES_ECB;
+@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 				 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
+ 				 &hDerive) );
+ 	}
+-	CPPUNIT_ASSERT(rv == CKR_OK);
++	if (rv != CKR_OK && oldMechs == CK_TRUE) {
++		// Skip old mechanisms, they don't work under this crypto library
++		return;
++	}
++	CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+ 	// Check that KCV has been set
+ 	CK_ATTRIBUTE checkAttribs[] = {
+@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
+ 	CK_ULONG ulRecoveredTextLen;
+ 
+ 	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
++	if (rv != CKR_OK && oldMechs == CK_TRUE) {
++		// Skip old mechanisms, they don't work under this crypto library
++		return;
++	}
+ 	CPPUNIT_ASSERT(rv==CKR_OK);
+ 
+ 	ulCipherTextLen = sizeof(cipherText);
+diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
+index 9491ce1..4ffc1c8 100644
+--- a/src/lib/test/ObjectTests.cpp
++++ b/src/lib/test/ObjectTests.cpp
+@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++	// If DES key is not supported, skip it
++	if (attribKCV[0].ulValueLen == 3) {
++		CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
+ 	rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++	// If DES2 key is not supported, skip it
++	if (rv == CKR_OK) {
++		if (attribKCV[0].ulValueLen == 3) {
++			CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
++		}
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 
+@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+-	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
+-	CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++	// If DES3 key is not supported, skip it
++	if (attribKCV[0].ulValueLen == 3) {
++		CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
++	}
+ 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
+ 	CPPUNIT_ASSERT(rv == CKR_OK);
+ }
+diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
+index b24caaf..1994563 100644
+--- a/src/lib/test/SymmetricAlgorithmTests.cpp
++++ b/src/lib/test/SymmetricAlgorithmTests.cpp
+@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	std::vector<CK_BYTE> vEncryptedData;
+ 	std::vector<CK_BYTE> vEncryptedDataParted;
+ 	PartSize partSize(blockSize, &vData);
++	CK_BBOOL oldMechs = CK_FALSE;
++	CK_RV rv = CKR_OK;
+ 
+ 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
+ 
+@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 		case CKM_DES_CBC_PAD:
+ 		case CKM_DES3_CBC:
+ 		case CKM_DES3_CBC_PAD:
++			oldMechs = CK_TRUE;
++			/* fall-through */
+ 		case CKM_AES_CBC:
+ 		case CKM_AES_CBC_PAD:
+ 			pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
+@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 			pMechanism->pParameter = &gcmParams;
+ 			pMechanism->ulParameterLen = sizeof(gcmParams);
+ 			break;
++		case CKM_DES_ECB:
++		case CKM_DES3_ECB:
++			oldMechs = CK_TRUE;
++			break;
+ 		default:
+ 			break;
+ 	}
+ 
+ 	// Single-part encryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
++	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE)
+ 	{
+ 		CK_ULONG ulEncryptedDataLen;
+ 		const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
+@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	}
+ 
+ 	// Multi-part encryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+-
+-	for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+-		const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+-		CK_ULONG ulEncryptedPartLen;
+-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+-		const size_t oldSize( vEncryptedDataParted.size() );
+-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-		CK_BYTE dummy;
+-		const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+-		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+-		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+-	}
+-	{
+-		CK_ULONG ulLastEncryptedPartLen;
+-		const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+-		if ( isSizeOK ) {
+-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
++		for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
++			const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
++			CK_ULONG ulEncryptedPartLen;
++			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
+ 			const size_t oldSize( vEncryptedDataParted.size() );
++			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ 			CK_BYTE dummy;
+-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-			const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+-			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+-			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+-		} else {
+-			CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+-			vEncryptedDataParted = vData;
++			const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
++			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
++		}
++		{
++			CK_ULONG ulLastEncryptedPartLen;
++			const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
++			if ( isSizeOK ) {
++				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
++				const size_t oldSize( vEncryptedDataParted.size() );
++				CK_BYTE dummy;
++				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++				const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
++				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
++				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
++			} else {
++				CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
++				vEncryptedDataParted = vData;
++			}
+ 		}
+ 	}
+ 
+ 	// Single-part decryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-
+-	{
++	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
+ 		CK_ULONG ulDataLen;
+ 		const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
+ 		if ( isSizeOK ) {
+@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
+ 	}
+ 
+ 	// Multi-part decryption
+-	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
+-	{
++	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
++	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
++	if (oldMechs == CK_FALSE) {
+ 		std::vector<CK_BYTE> vDecryptedData;
+ 		CK_BYTE dummy;
+ 		for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
+@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ 
+ 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ #endif
+ 
+ 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
+ 
+ 	// Generate all combinations of session/token keys.
+ 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
+-	CPPUNIT_ASSERT(rv == CKR_OK);
+-
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+-	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+-	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	if (rv == CKR_OK) {
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
++		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
++		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
++	}
+ }
+ 
+ void SymmetricAlgorithmTests::testNullTemplate()
+-- 
+2.31.1
+
diff --git a/SOURCES/softhsm-prevent-global-deleted-objects-access.patch b/SOURCES/softhsm-prevent-global-deleted-objects-access.patch
new file mode 100644
index 0000000..81d658d
--- /dev/null
+++ b/SOURCES/softhsm-prevent-global-deleted-objects-access.patch
@@ -0,0 +1,667 @@
+From 41968e7b742ad59046523a7eeb63514237fb63af Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@openssl.org>
+Date: Fri, 27 Oct 2023 14:57:37 -0400
+Subject: [PATCH] Prevent accessing of global c++ objects once they are deleted
+
+Fixes (Maybe) #729.
+Reset objects_deleted after reset is called.
+---
+ src/lib/SoftHSM.cpp |   5 ++
+ src/lib/main.cpp    | 138 ++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 143 insertions(+)
+
+diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
+index 02c0f95ec..95bf208da 100644
+--- a/src/lib/SoftHSM.cpp
++++ b/src/lib/SoftHSM.cpp
+@@ -89,6 +89,8 @@
+ 
+ // Initialise the one-and-only instance
+ 
++int objects_deleted = 0;
++
+ #ifdef HAVE_CXX11
+ 
+ std::unique_ptr<MutexFactory> MutexFactory::instance(nullptr);
+@@ -406,6 +408,8 @@ void SoftHSM::reset()
+ {
+ 	if (instance.get())
+ 		instance.reset();
++
++	objects_deleted = 0;
+ }
+ 
+ // Constructor
+@@ -445,6 +449,7 @@ SoftHSM::~SoftHSM()
+ 
+ 	isInitialised = false;
+ 
++	objects_deleted = 1;
+ 	resetMutexFactoryCallbacks();
+ }
+ 
+diff --git a/src/lib/main.cpp b/src/lib/main.cpp
+index 2dfd0eb87..e89f18c10 100644
+--- a/src/lib/main.cpp
++++ b/src/lib/main.cpp
+@@ -49,6 +49,8 @@
+ #define PKCS_API
+ #endif
+ 
++extern int objects_deleted;
++
+ // PKCS #11 function list
+ static CK_FUNCTION_LIST functionList =
+ {
+@@ -130,6 +132,8 @@ PKCS_API CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Initialize(pInitArgs);
+ 	}
+ 	catch (...)
+@@ -145,6 +149,8 @@ PKCS_API CK_RV C_Finalize(CK_VOID_PTR pReserved)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Finalize(pReserved);
+ 	}
+ 	catch (...)
+@@ -160,6 +166,8 @@ PKCS_API CK_RV C_GetInfo(CK_INFO_PTR pInfo)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetInfo(pInfo);
+ 	}
+ 	catch (...)
+@@ -175,6 +183,8 @@ PKCS_API CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		if (ppFunctionList == NULL_PTR) return CKR_ARGUMENTS_BAD;
+ 
+ 		*ppFunctionList = &functionList;
+@@ -194,6 +204,8 @@ PKCS_API CK_RV C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetSlotList(tokenPresent, pSlotList, pulCount);
+ 	}
+ 	catch (...)
+@@ -209,6 +221,8 @@ PKCS_API CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetSlotInfo(slotID, pInfo);
+ 	}
+ 	catch (...)
+@@ -224,6 +238,8 @@ PKCS_API CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetTokenInfo(slotID, pInfo);
+ 	}
+ 	catch (...)
+@@ -239,6 +255,8 @@ PKCS_API CK_RV C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMech
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetMechanismList(slotID, pMechanismList, pulCount);
+ 	}
+ 	catch (...)
+@@ -254,6 +272,8 @@ PKCS_API CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetMechanismInfo(slotID, type, pInfo);
+ 	}
+ 	catch (...)
+@@ -269,6 +289,8 @@ PKCS_API CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulP
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_InitToken(slotID, pPin, ulPinLen, pLabel);
+ 	}
+ 	catch (...)
+@@ -284,6 +306,8 @@ PKCS_API CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_UL
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_InitPIN(hSession, pPin, ulPinLen);
+ 	}
+ 	catch (...)
+@@ -299,6 +323,8 @@ PKCS_API CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SetPIN(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen);
+ 	}
+ 	catch (...)
+@@ -314,6 +340,8 @@ PKCS_API CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApp
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_OpenSession(slotID, flags, pApplication, notify, phSession);
+ 	}
+ 	catch (...)
+@@ -329,6 +357,8 @@ PKCS_API CK_RV C_CloseSession(CK_SESSION_HANDLE hSession)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_CloseSession(hSession);
+ 	}
+ 	catch (...)
+@@ -344,6 +374,8 @@ PKCS_API CK_RV C_CloseAllSessions(CK_SLOT_ID slotID)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_CloseAllSessions(slotID);
+ 	}
+ 	catch (...)
+@@ -359,6 +391,8 @@ PKCS_API CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetSessionInfo(hSession, pInfo);
+ 	}
+ 	catch (...)
+@@ -374,6 +408,8 @@ PKCS_API CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetOperationState(hSession, pOperationState, pulOperationStateLen);
+ 	}
+ 	catch (...)
+@@ -389,6 +425,8 @@ PKCS_API CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOper
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SetOperationState(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
+ 	}
+ 	catch (...)
+@@ -404,6 +442,8 @@ PKCS_API CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Login(hSession, userType, pPin, ulPinLen);
+ 	}
+ 	catch (...)
+@@ -419,6 +459,8 @@ PKCS_API CK_RV C_Logout(CK_SESSION_HANDLE hSession)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Logout(hSession);
+ 	}
+ 	catch (...)
+@@ -434,6 +476,8 @@ PKCS_API CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemp
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_CreateObject(hSession, pTemplate, ulCount, phObject);
+ 	}
+ 	catch (...)
+@@ -449,6 +493,8 @@ PKCS_API CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject);
+ 	}
+ 	catch (...)
+@@ -464,6 +510,8 @@ PKCS_API CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DestroyObject(hSession, hObject);
+ 	}
+ 	catch (...)
+@@ -479,6 +527,8 @@ PKCS_API CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObj
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetObjectSize(hSession, hObject, pulSize);
+ 	}
+ 	catch (...)
+@@ -494,6 +544,8 @@ PKCS_API CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
+ 	}
+ 	catch (...)
+@@ -509,6 +561,8 @@ PKCS_API CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
+ 	}
+ 	catch (...)
+@@ -524,6 +578,8 @@ PKCS_API CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pT
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_FindObjectsInit(hSession, pTemplate, ulCount);
+ 	}
+ 	catch (...)
+@@ -539,6 +595,8 @@ PKCS_API CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR ph
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount);
+ 	}
+ 	catch (...)
+@@ -554,6 +612,8 @@ PKCS_API CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_FindObjectsFinal(hSession);
+ 	}
+ 	catch (...)
+@@ -569,6 +629,8 @@ PKCS_API CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_EncryptInit(hSession, pMechanism, hObject);
+ 	}
+ 	catch (...)
+@@ -584,6 +646,8 @@ PKCS_API CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+ 	}
+ 	catch (...)
+@@ -599,6 +663,8 @@ PKCS_API CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+ 	}
+ 	catch (...)
+@@ -614,6 +680,8 @@ PKCS_API CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypted
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_EncryptFinal(hSession, pEncryptedData, pulEncryptedDataLen);
+ 	}
+ 	catch (...)
+@@ -629,6 +697,8 @@ PKCS_API CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DecryptInit(hSession, pMechanism, hObject);
+ 	}
+ 	catch (...)
+@@ -644,6 +714,8 @@ PKCS_API CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
+ 	}
+ 	catch (...)
+@@ -659,6 +731,8 @@ PKCS_API CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncrypte
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen, pData, pDataLen);
+ 	}
+ 	catch (...)
+@@ -674,6 +748,8 @@ PKCS_API CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DecryptFinal(hSession, pData, pDataLen);
+ 	}
+ 	catch (...)
+@@ -689,6 +765,8 @@ PKCS_API CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DigestInit(hSession, pMechanism);
+ 	}
+ 	catch (...)
+@@ -704,6 +782,8 @@ PKCS_API CK_RV C_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Digest(hSession, pData, ulDataLen, pDigest, pulDigestLen);
+ 	}
+ 	catch (...)
+@@ -719,6 +799,8 @@ PKCS_API CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DigestUpdate(hSession, pPart, ulPartLen);
+ 	}
+ 	catch (...)
+@@ -734,6 +816,8 @@ PKCS_API CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DigestKey(hSession, hObject);
+ 	}
+ 	catch (...)
+@@ -749,6 +833,8 @@ PKCS_API CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DigestFinal(hSession, pDigest, pulDigestLen);
+ 	}
+ 	catch (...)
+@@ -764,6 +850,8 @@ PKCS_API CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanis
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignInit(hSession, pMechanism, hKey);
+ 	}
+ 	catch (...)
+@@ -779,6 +867,8 @@ PKCS_API CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ul
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+ 	}
+ 	catch (...)
+@@ -794,6 +884,8 @@ PKCS_API CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_UL
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignUpdate(hSession, pPart, ulPartLen);
+ 	}
+ 	catch (...)
+@@ -809,6 +901,8 @@ PKCS_API CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, C
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignFinal(hSession, pSignature, pulSignatureLen);
+ 	}
+ 	catch (...)
+@@ -824,6 +918,8 @@ PKCS_API CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pM
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignRecoverInit(hSession, pMechanism, hKey);
+ 	}
+ 	catch (...)
+@@ -839,6 +935,8 @@ PKCS_API CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_U
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignRecover(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+ 	}
+ 	catch (...)
+@@ -854,6 +952,8 @@ PKCS_API CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_VerifyInit(hSession, pMechanism, hKey);
+ 	}
+ 	catch (...)
+@@ -869,6 +969,8 @@ PKCS_API CK_RV C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen);
+ 	}
+ 	catch (...)
+@@ -884,6 +986,8 @@ PKCS_API CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_VerifyUpdate(hSession, pPart, ulPartLen);
+ 	}
+ 	catch (...)
+@@ -899,6 +1003,8 @@ PKCS_API CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_VerifyFinal(hSession, pSignature, ulSignatureLen);
+ 	}
+ 	catch (...)
+@@ -914,6 +1020,8 @@ PKCS_API CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_VerifyRecoverInit(hSession, pMechanism, hKey);
+ 	}
+ 	catch (...)
+@@ -929,6 +1037,8 @@ PKCS_API CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignatur
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_VerifyRecover(hSession, pSignature, ulSignatureLen, pData, pulDataLen);
+ 	}
+ 	catch (...)
+@@ -944,6 +1054,8 @@ PKCS_API CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+ 	}
+ 	catch (...)
+@@ -959,6 +1071,8 @@ PKCS_API CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPa
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DecryptDigestUpdate(hSession, pPart, ulPartLen, pDecryptedPart, pulDecryptedPartLen);
+ 	}
+ 	catch (...)
+@@ -974,6 +1088,8 @@ PKCS_API CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+ 	}
+ 	catch (...)
+@@ -989,6 +1105,8 @@ PKCS_API CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEn
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DecryptVerifyUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+ 	}
+ 	catch (...)
+@@ -1004,6 +1122,8 @@ PKCS_API CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey);
+ 	}
+ 	catch (...)
+@@ -1029,6 +1149,8 @@ PKCS_API CK_RV C_GenerateKeyPair
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
+ 	}
+ 	catch (...)
+@@ -1052,6 +1174,8 @@ PKCS_API CK_RV C_WrapKey
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
+ 	}
+ 	catch (...)
+@@ -1077,6 +1201,8 @@ PKCS_API CK_RV C_UnwrapKey
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulCount, phKey);
+ 	}
+ 	catch (...)
+@@ -1100,6 +1226,8 @@ PKCS_API CK_RV C_DeriveKey
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulCount, phKey);
+ 	}
+ 	catch (...)
+@@ -1115,6 +1243,8 @@ PKCS_API CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_UL
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_SeedRandom(hSession, pSeed, ulSeedLen);
+ 	}
+ 	catch (...)
+@@ -1130,6 +1260,8 @@ PKCS_API CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomD
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GenerateRandom(hSession, pRandomData, ulRandomLen);
+ 	}
+ 	catch (...)
+@@ -1145,6 +1277,8 @@ PKCS_API CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_GetFunctionStatus(hSession);
+ 	}
+ 	catch (...)
+@@ -1160,6 +1294,8 @@ PKCS_API CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession)
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_CancelFunction(hSession);
+ 	}
+ 	catch (...)
+@@ -1175,6 +1311,8 @@ PKCS_API CK_RV C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_
+ {
+ 	try
+ 	{
++		if (objects_deleted == 1)
++			return CKR_FUNCTION_FAILED;
+ 		return SoftHSM::i()->C_WaitForSlotEvent(flags, pSlot, pReserved);
+ 	}
+ 	catch (...)
diff --git a/SPECS/softhsm.spec b/SPECS/softhsm.spec
new file mode 100644
index 0000000..e3ce135
--- /dev/null
+++ b/SPECS/softhsm.spec
@@ -0,0 +1,379 @@
+#global prever rc1
+#global prerelease yes
+
+Summary: Software version of a PKCS#11 Hardware Security Module
+Name: softhsm
+Version: 2.6.1
+Release: %{?prever:0.}14%{?prever:.%{prever}}%{?dist}
+License: BSD
+Url: http://www.opendnssec.org/
+Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
+Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig
+
+Patch1: softhsm-2.6.1-rh1831086-exit.patch
+Patch2: softhsm-openssl3-tests.patch
+# based on https://github.com/opendnssec/SoftHSMv2/commit/f94aaffc879ade97a51b8e1308af42f86be1885f
+Patch3: softhsm-2.6.1-uninitialized.patch
+# from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3
+# as discussed at https://github.com/opendnssec/SoftHSMv2/issues/729
+Patch4: softhsm-prevent-global-deleted-objects-access.patch
+Patch5: softhsm-disable-usage-of-openssl-engines.patch
+
+BuildRequires: make
+BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel
+BuildRequires: gcc-c++, pkgconfig, p11-kit-devel
+
+Requires(pre): shadow-utils
+Requires: p11-kit
+Requires: openssl-libs >= 1.0.1k-6
+
+%global _hardened_build 1
+
+%global softhsm_module "SoftHSM PKCS #11 Module"
+
+%description
+OpenDNSSEC is providing a software implementation of a generic
+cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is
+designed to meet the requirements of OpenDNSSEC, but can also work together
+with other cryptographic products because of the PKCS#11 interface.
+
+%package devel
+Summary: Development package of softhsm that includes the header files
+Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel
+%if 0%{?prever:1} || 0%{?prerelease:1}
+BuildRequires: autoconf, libtool, automake
+%endif
+
+%description devel
+The devel package contains the libsofthsm include files
+
+%prep
+%autosetup -p1 -n %{name}-%{version}%{?prever}
+
+%if 0%{?prever:1} || 0%{?prerelease:1}
+   # pre-release or post-release snapshots fixup
+   sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
+   sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
+autoreconf -fiv
+%else
+   # remove softhsm/ subdir auto-added to --libdir
+   sed -i 's:full_libdir/softhsm:full_libdir:g' configure
+%endif
+
+%build
+# This package fails its testsuite with LTO enabled and needs further
+# investigation
+%define _lto_cflags %{nil}
+
+%configure CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE" --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
+           --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/
+
+%make_build
+
+
+%install
+rm -rf %{buildroot}
+%make_install
+
+rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample
+rm -f %{buildroot}/%{_libdir}/pkcs11/*a
+mkdir -p %{buildroot}%{_includedir}/softhsm
+cp src/lib/*.h %{buildroot}%{_includedir}/softhsm
+mkdir -p %{buildroot}/%{_sharedstatedir}/softhsm/tokens
+
+# leave a softlink where softhsm-1 installed its library. Programs like
+# opendnssec have that filename in their configuration file.
+mkdir -p %{buildroot}/%{_libdir}/softhsm/
+ln -s ../pkcs11/libsofthsm2.so %{buildroot}/%{_libdir}/softhsm/libsofthsm.so
+# rhbz#1272423 NSS needs it to be in the search path too
+( cd  %{buildroot}/%{_libdir} ; ln -s pkcs11/libsofthsm2.so)
+
+%files
+%config(noreplace) %{_sysconfdir}/softhsm2.conf
+%{_bindir}/*
+%dir %{_libdir}/softhsm
+%{_libdir}/pkcs11/libsofthsm2.so
+%{_libdir}/libsofthsm2.so
+%{_libdir}/softhsm/libsofthsm.so
+%attr(0664,root,root) %{_datadir}/p11-kit/modules/softhsm2.module
+%attr(0750,ods,ods) %dir %{_sharedstatedir}/softhsm
+%attr(1770,ods,ods) %dir %{_sharedstatedir}/softhsm/tokens
+%doc LICENSE README.md NEWS
+%{_mandir}/*/*
+
+%files devel
+%attr(0755,root,root) %dir %{_includedir}/softhsm
+%{_includedir}/softhsm/*.h
+
+%pre
+getent group ods >/dev/null || groupadd -r ods
+getent passwd ods >/dev/null || \
+    useradd -r -g ods -d %{_sharedstatedir}/softhsm -s /sbin/nologin \
+    -c "softhsm private keys owner" ods
+exit 0
+
+%post
+
+%triggerpostun -- softhsm < 2.0.0
+if [ -f /var/softhsm/slot0.db ]; then
+      runuser -g ods ods -c 'softhsm2-migrate --db /var/softhsm/slot0.db --pin 1234 --slot 0' || :
+fi
+
+%changelog
+* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.6.1-14
+- Rebuilt for MSVSphere 10
+
+* Tue Sep 17 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-14
+- Bump release due to beta release build issues.
+  Resolves: RHEL-33748
+
+* Wed Sep 11 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-13
+- Bump release for exception phase.
+  Resolves: RHEL-33748
+
+* Thu Sep 05 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-12
+- Bump release for rebuild.
+  Related: RHEL-33748
+
+* Mon Sep 02 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-11
+- Fix initialization of random number generator.
+  Related: RHEL-33748
+
+* Wed Aug 28 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-10
+- Disable usage of OpenSSL engines when providers are available.
+  Resolves: RHEL-33748
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.6.1-9.1
+- Bump release for June 2024 mass rebuild
+
+* Fri Feb 09 2024 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-9
+- Prevent access to global C++ variables once they destroyed
+- Patch from Neil Horman (OpenSSL)
+
+* Thu Feb 08 2024 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-8
+- Run p11test tests individually
+- Resolves: rhbz#2261703
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-7.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Nov 09 2023 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-7
+- fix uninitialized variable
+- bump build release to avoid confusion in the changelog
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Nov 10 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-6
+- Resolves: rhbz#2021906 - softhsm: FTBFS with OpenSSL 3.0.0
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.6.1-5.3
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec  8 20:45:53 EST 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-5
+- rebuilt to fixup numbering clobbered by automatic bumps
+
+* Mon Aug 11 2020 Jeff Law <law@redhat.org> - 2.6.1-3.4
+- Disable LTO
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.6.1-3.1
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Wed May 13 2020 David Woodhouse <dwmw2@infradead.org> - 2.6.1-3
+- Resolves: rhbz#1831086 softhsm use-after-free on process exit
+  Fix crash introduced by initial patch
+
+* Tue May 12 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-2
+- Resolves: rhbz#1831086 softhsm use-after-free on process exit
+
+* Thu Apr 30 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-1
+- Resolves: rhbz#1814324 -softhsm-2.6.1 is available
+
+* Mon Mar 30 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
+- Resolves: rhbz#1814324 softhsm-2.6.0 is available
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Dec 14 2019 Jeff Law <law@redhat.com> - 2.5.0-4.2
+- Fix missing #includes for gcc-10
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 31 2019 Paul Wouters <pwouters@redhat.com> - 2.5.0-4
+- Pull in git master fixes to address assertion failure in make check
+- Re-enable testing
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-3.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Nov 14 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-3
+- Removed dependency on NSS; it was not necessary.
+
+* Mon Nov 05 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-2
+- Rebuilt to match f29 version
+
+* Mon Oct 29 2018 Simo Sorce <simo@redhat.com> - 2.5.0-1
+- Updated to latest upstream release
+
+* Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1
+- Updated to latest upstream release
+
+* Tue Jul 31 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.3.0-4
+- Fix crash when used via p11-kit (#1607635)
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Feb 02 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.3.0-3
+- Remove softhsm2-pk11install. Software modules are to be registered with
+  p11-kit as in https://fedoraproject.org/wiki/PackagingDrafts/Pkcs11Support (#1541095).
+
+* Tue Dec 05 2017 Jakub Jelen <jjelen@redhat.com> - 2.3.0-2
+- Add support for RSA-PSS from upstrem PR#335
+
+* Tue Dec 05 2017 Jakub Jelen <jjelen@redhat.com> - 2.3.0-1
+- New upstream release (#1467329)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-2.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-2.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Jun 27 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.2.0-2
+- Increased the level of messages that go to syslog, thus softhsm
+  will no longer write on syslog when it cannot open the shared DB (#1425135)
+- Allow users in the 'ods' group to store their keys in /var/lib/softhsm/tokens/
+  while at the same time disallow deleting other users' keys (using the
+  sticky bit). Prevent users in the 'ods' group from writing in /var/lib/softhsm.
+
+* Thu Jun 22 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.2.0-1
+- Rebased to latest upstream release
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-2.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Sep 23 2016 Paul Wouters <pwouters@redhat.com> - 2.1.0-2
+- Resolves: rhbz#1378800 Module cleanup crash
+
+* Mon May 16 2016 Paul Wouters <pwouters@redhat.com> - 2.1.0-1
+- Resolves: rhbz#1244461 Updated to 2.1.0
+- Resolves: rhbz#1272423 Softhsm PKCS#11 module not visible to NSS becasue it is not in the search path
+- Resolves: rhbz#1177086 A marked as trusted certificate cannot be written in a softhsmv2 db
+- Resolves: rhbz#1272453 - A marked as CA certificate cannot be written in a softhsmv2 db
+- Removed merged in bug#162 patch
+- Temporarily disable make check because cppunit is broken
+
+* Thu Feb 25 2016 Paul Wouters <pwouters@redhat.com> - 2.0.0-2
+- Resolves: rhbz#1272453 A marked as CA certificate cannot be written in a softhsmv2 db
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Sep 02 2015 Paul Wouters <pwouters@redhat.com> - 2.0.0-1
+- Resolves: rhbz#1244461 Update to softhsm-2.0.0
+- Resolves: rhbz#1177086 A marked as trusted certificate cannot be written in a softhsmv2 db
+- Resolves: rhbz#1159827 Typo in homedir in /etc/passwd
+- Added global prever to toggle snapshot vs full release build changes
+
+* Fri Jun 26 2015 Petr Spacek <pspacek@redhat.com> - 2.0.0rc1-3
+- Add dependency on OpenSSL with fixed AES wrapping support
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.0rc1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Jun 01 2015 Petr Spacek <pspacek@redhat.com> - 2.0.0rc1-1
+- Rebase to latest upstream release
+
+* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 2.0.0b1-4
+- Rebuilt for GCC 5 C++11 ABI change
+
+* Tue Sep 30 2014 Paul Wouters <pwouters@redhat.com> - 2.0.0b1-3
+- Add support for CKM_RSA_PKCS_OAEP key un/wrapping [Petr Spacek]
+- Use OpenSSL EVP interface for AES key wrapping [Petr Spacek]
+- Fix softhsm2-pk11install buid and post call
+- Do not use --with-objectstore-backend-db (causes issues on i686)
+- Change install directory to /usr/lib*/pkcs11/
+- Install pkcs11 module file
+- Use official upstream tar ball
+- Create ods user to own softhsm/token files
+- Enable migration tools (for softhsm-v1 installs)
+- Add softlink for softhsm-v1 .so (needed for opendnssec's conf.xml)
+- Require p11-kit, nss-tools, for SoftHSM PKCS #11 Module file
+- Copy pk11install.c from coolkey package
+- Enable hardened build
+- Add upstream official source url
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri Apr 18 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-1
+- Updated to 1.3.6 (rhbz#1070196)
+- Provide a p11-kit module file (rhbz#1085327)
+
+* Sun Nov 03 2013 Paul Wouters <pwouters@redhat.com> - 1.3.5-1
+- Updated to 1.3.5 (rhbz#987721)
+
+* Tue Jul 30 2013 Paul Wouters <pwouters@redhat.com> - 1.3.3-4
+- Rebuilt for new botan - requires --with-botan argument
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jun 04 2012 Paul Wouters <pwouters@redhat.com> - 1.3.3-1
+- Updated to 1.3.3
+
+* Tue Apr 03 2012 Paul Wouters <pwouters@redhat.com> - 1.3.2-1
+- Updated to 1.3.2.
+- Changed user from opendnssec to ods, as used in the opendnssec package
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Oct 27 2011 Paul Wouters <paul@xelerance.com> - 1.3.0-3
+- Initial Fedora package
+- Do not install the .a file
+- Use a separate "opendnssec" user to own /var/sofhsm
+
+* Tue Oct 25 2011 Paul Wouters <paul@xelerance.com> - 1.3.0-2
+- Fix description texts w.r.t. include files
+
+* Wed Oct 05 2011 Paul Wouters <paul@xelerance.com> - 1.3.0-1
+- Upgraded to 1.3.0
+
+* Thu Mar  3 2011 Paul Wouters <paul@xelerance.com> - 1.2.0-1
+- Initial package for Fedora