diff --git a/gnu/local.mk b/gnu/local.mk
index 6455e9feb3..1b24c27c80 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2439,7 +2439,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/snappy-add-inline-for-GCC.patch		\
   %D%/packages/patches/source-highlight-gcc-compat.patch	\
   %D%/packages/patches/sourcetrail-fix-cmakelists-and-paths.patch		\
-  %D%/packages/patches/softhsm-fix-openssl3-tests.patch		\
   %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
   %D%/packages/patches/sphinxbase-fix-doxygen.patch		\
   %D%/packages/patches/spice-vdagent-monitor-size-calculation.patch     \
diff --git a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch b/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
deleted file mode 100644
index f2d9ce3f5d..0000000000
--- a/gnu/packages/patches/softhsm-fix-openssl3-tests.patch
+++ /dev/null
@@ -1,1107 +0,0 @@
-Copied from Debian:
-
-https://sources.debian.org/patches/softhsm2/2.6.1-2.1/0003-fix-ftbfs-with-opensslv3.patch/
-
-From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 26 May 2021 20:03:25 +0300
-Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
-
-OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
-explicitly. By default, it will not be loaded and DES methods in tests
-will fail. Nest test blocks under successful initialization.
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
----
- src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
- 1 file changed, 182 insertions(+), 168 deletions(-)
-
-Index: softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/crypto/test/DESTests.cpp
-+++ softhsm2-2.6.1/src/lib/crypto/test/DESTests.cpp
-@@ -259,54 +259,58 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
-+			if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+
-+			}
- 
- 			// Test 112-bit key
- 			cipherText = ByteString(testResult[i][j][1]);
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
-+			if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
-+
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
- #endif
- 
- 			// Test 168-bit key
-@@ -314,27 +318,28 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
-+			if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 		}
- 	}
- }
-@@ -534,54 +539,56 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
-+			if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 
- 			// Test 112-bit key
- 			cipherText = ByteString(testResult[i][j][1]);
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
-+			if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- #endif
- 
- 			// Test 168-bit key
-@@ -589,27 +596,28 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
-+			if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 		}
- 	}
- }
-@@ -809,54 +817,56 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
-+			if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 
- 			// Test 112-bit key
- 			cipherText = ByteString(testResult[i][j][1]);
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
-+			if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- #endif
- 
- 			// Test 168-bit key
-@@ -864,27 +874,28 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
-+			if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 		}
- 	}
- }
-@@ -1083,54 +1094,56 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
-+			if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 
- 			// Test 112-bit key
- 			cipherText = ByteString(testResult[i][j][1]);
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
-+			if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- #endif
- 
- 			// Test 168-bit key
-@@ -1138,27 +1151,28 @@
- 
- 			// Now, do the same thing using our DES implementation
- 			shsmCipherText.wipe();
--			CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
-+			if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
- 
--			CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(des->encryptFinal(OB));
--			shsmCipherText += OB;
-+				CPPUNIT_ASSERT(des->encryptFinal(OB));
-+				shsmCipherText += OB;
- 
--			CPPUNIT_ASSERT(shsmCipherText == cipherText);
-+				CPPUNIT_ASSERT(shsmCipherText == cipherText);
- 
--			// Check that we can get the plain text
--			shsmPlainText.wipe();
--			CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
-+				// Check that we can get the plain text
-+				shsmPlainText.wipe();
-+				CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
- 
--			CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(des->decryptFinal(OB));
--			shsmPlainText += OB;
-+				CPPUNIT_ASSERT(des->decryptFinal(OB));
-+				shsmPlainText += OB;
- 
--			CPPUNIT_ASSERT(shsmPlainText == plainText);
-+				CPPUNIT_ASSERT(shsmPlainText == plainText);
-+			}
- 		}
- 	}
- }
-Index: softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/crypto/test/RSATests.cpp
-+++ softhsm2-2.6.1/src/lib/crypto/test/RSATests.cpp
-@@ -78,7 +78,6 @@
- 
- 	// Key sizes to test
- 	std::vector<size_t> keySizes;
--	keySizes.push_back(1024);
- #ifndef WITH_FIPS
- 	keySizes.push_back(1025);
- #endif
-@@ -93,30 +92,31 @@
- 			p.setE(*e);
- 			p.setBitLength(*k);
- 
--			// Generate key-pair
--			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+			// Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
-+			if (rsa->generateKeyPair(&kp, &p)) {
- 
--			RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
--			RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
-+				RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
-+				RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
- 
--			CPPUNIT_ASSERT(pub->getBitLength() == *k);
--			CPPUNIT_ASSERT(priv->getBitLength() == *k);
--			CPPUNIT_ASSERT(pub->getE() == *e);
--			CPPUNIT_ASSERT(priv->getE() == *e);
-+				CPPUNIT_ASSERT(pub->getBitLength() == *k);
-+				CPPUNIT_ASSERT(priv->getBitLength() == *k);
-+				CPPUNIT_ASSERT(pub->getE() == *e);
-+				CPPUNIT_ASSERT(priv->getE() == *e);
- 
--			rsa->recycleKeyPair(kp);
-+				rsa->recycleKeyPair(kp);
-+			}
- 		}
- 	}
- }
- 
- void RSATests::testSerialisation()
- {
--	// Generate a 1024-bit key-pair for testing
-+	// Generate a 2048-bit key-pair for testing
- 	AsymmetricKeyPair* kp;
- 	RSAParameters p;
- 
- 	p.setE("010001");
--	p.setBitLength(1024);
-+	p.setBitLength(2048);
- 
- 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
- 	CPPUNIT_ASSERT(kp != NULL);
-@@ -204,12 +204,12 @@
- 
- void RSATests::testPKCS8()
- {
--	// Generate a 1024-bit key-pair for testing
-+	// Generate a 2048-bit key-pair for testing
- 	AsymmetricKeyPair* kp;
- 	RSAParameters p;
- 
- 	p.setE("010001");
--	p.setBitLength(1024);
-+	p.setBitLength(2048);
- 
- 	CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
- 	CPPUNIT_ASSERT(kp != NULL);
-@@ -253,7 +253,6 @@
- 
- 	// Key sizes to test
- 	std::vector<size_t> keySizes;
--	keySizes.push_back(1024);
- 	keySizes.push_back(1280);
- 	keySizes.push_back(2048);
- 	//keySizes.push_back(4096);
-@@ -293,8 +292,10 @@
- 			p.setE(*e);
- 			p.setBitLength(*k);
- 
--			// Generate key-pair
--			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
-+			if (!rsa->generateKeyPair(&kp, &p)) {
-+				continue;
-+			}
- 
- 			// Generate some data to sign
- 			ByteString dataToSign;
-@@ -611,7 +612,6 @@
- 
- 	// Key sizes to test
- 	std::vector<size_t> keySizes;
--	keySizes.push_back(1024);
- 	keySizes.push_back(1280);
- 	keySizes.push_back(2048);
- 	//keySizes.push_back(4096);
-@@ -629,8 +629,10 @@
- 			p.setE(*e);
- 			p.setBitLength(*k);
- 
--			// Generate key-pair
--			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
-+			// Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
-+			if (!rsa->generateKeyPair(&kp, &p)) {
-+				continue;
-+			}
- 
- 			RNG* rng = CryptoFactory::i()->getRNG();
- 
-Index: softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/DeriveTests.cpp
-+++ softhsm2-2.6.1/src/lib/test/DeriveTests.cpp
-@@ -642,11 +642,14 @@
- 		0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
- 	};
- 	CK_ULONG secLen = 0;
-+	CK_BBOOL oldMechs = CK_FALSE;
- 
- 	switch (mechType)
- 	{
- 		case CKM_DES_ECB_ENCRYPT_DATA:
- 		case CKM_DES3_ECB_ENCRYPT_DATA:
-+			oldMechs = CK_TRUE;
-+			/* fall-through */
- 		case CKM_AES_ECB_ENCRYPT_DATA:
- 			param1.pData = &data[0];
- 			param1.ulLen = sizeof(data);
-@@ -655,6 +658,7 @@
- 			break;
- 		case CKM_DES_CBC_ENCRYPT_DATA:
- 		case CKM_DES3_CBC_ENCRYPT_DATA:
-+			oldMechs = CK_TRUE;
- 			memcpy(param2.iv, "12345678", 8);
- 			param2.pData = &data[0];
- 			param2.length = sizeof(data);
-@@ -679,10 +683,12 @@
- 			break;
- 		case CKK_DES:
- 			mechEncrypt.mechanism = CKM_DES_ECB;
-+			oldMechs = CK_TRUE;
- 			break;
- 		case CKK_DES2:
- 		case CKK_DES3:
- 			mechEncrypt.mechanism = CKM_DES3_ECB;
-+			oldMechs = CK_TRUE;
- 			break;
- 		case CKK_AES:
- 			mechEncrypt.mechanism = CKM_AES_ECB;
-@@ -719,7 +725,11 @@
- 				 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
- 				 &hDerive) );
- 	}
--	CPPUNIT_ASSERT(rv == CKR_OK);
-+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
-+		// Skip old mechanisms, they don't work under this crypto library
-+		return;
-+	}
-+	CPPUNIT_ASSERT(rv==CKR_OK);
- 
- 	// Check that KCV has been set
- 	CK_ATTRIBUTE checkAttribs[] = {
-@@ -740,6 +750,10 @@
- 	CK_ULONG ulRecoveredTextLen;
- 
- 	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
-+	if (rv != CKR_OK && oldMechs == CK_TRUE) {
-+		// Skip old mechanisms, they don't work under this crypto library
-+		return;
-+	}
- 	CPPUNIT_ASSERT(rv==CKR_OK);
- 
- 	ulCipherTextLen = sizeof(cipherText);
-Index: softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.cpp
-+++ softhsm2-2.6.1/src/lib/test/ObjectTests.cpp
-@@ -2370,8 +2370,10 @@
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
--	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
--	CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
-+	// If DES key is not supported, skip it
-+	if (attribKCV[0].ulValueLen == 3) {
-+		CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
-+	}
- 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- 
-@@ -2381,9 +2383,12 @@
- 	rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
--	CPPUNIT_ASSERT(rv == CKR_OK);
--	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
--	CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
-+	// If DES2 key is not supported, skip it
-+	if (rv == CKR_OK) {
-+		if (attribKCV[0].ulValueLen == 3) {
-+			CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
-+		}
-+	}
- 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- 
-@@ -2394,8 +2399,10 @@
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- 	rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
--	CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
--	CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
-+	// If DES3 key is not supported, skip it
-+	if (attribKCV[0].ulValueLen == 3) {
-+		CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
-+	}
- 	rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
- 	CPPUNIT_ASSERT(rv == CKR_OK);
- }
-Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.cpp
-+++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.cpp
-@@ -195,6 +195,8 @@
- 	std::vector<CK_BYTE> vEncryptedData;
- 	std::vector<CK_BYTE> vEncryptedDataParted;
- 	PartSize partSize(blockSize, &vData);
-+	CK_BBOOL oldMechs = CK_FALSE;
-+	CK_RV rv = CKR_OK;
- 
- 	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
- 
-@@ -233,6 +235,8 @@
- 		case CKM_DES_CBC_PAD:
- 		case CKM_DES3_CBC:
- 		case CKM_DES3_CBC_PAD:
-+			oldMechs = CK_TRUE;
-+			/* fall-through */
- 		case CKM_AES_CBC:
- 		case CKM_AES_CBC_PAD:
- 			pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
-@@ -246,12 +250,18 @@
- 			pMechanism->pParameter = &gcmParams;
- 			pMechanism->ulParameterLen = sizeof(gcmParams);
- 			break;
-+		case CKM_DES_ECB:
-+		case CKM_DES3_ECB:
-+			oldMechs = CK_TRUE;
-+			break;
- 		default:
- 			break;
- 	}
- 
- 	// Single-part encryption
--	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
-+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
-+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
-+	if (oldMechs == CK_FALSE)
- 	{
- 		CK_ULONG ulEncryptedDataLen;
- 		const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
-@@ -267,40 +277,42 @@
- 	}
- 
- 	// Multi-part encryption
--	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
--
--	for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
--		const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
--		CK_ULONG ulEncryptedPartLen;
--		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
--		const size_t oldSize( vEncryptedDataParted.size() );
--		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
--		CK_BYTE dummy;
--		const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
--		CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
--		vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
--	}
--	{
--		CK_ULONG ulLastEncryptedPartLen;
--		const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
--		if ( isSizeOK ) {
--			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
-+	rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
-+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
-+	if (oldMechs == CK_FALSE) {
-+		for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
-+			const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
-+			CK_ULONG ulEncryptedPartLen;
-+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
- 			const size_t oldSize( vEncryptedDataParted.size() );
-+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
- 			CK_BYTE dummy;
--			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
--			const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
--			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
--			vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
--		} else {
--			CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
--			vEncryptedDataParted = vData;
-+			const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-+			CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
-+			vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
-+		}
-+		{
-+			CK_ULONG ulLastEncryptedPartLen;
-+			const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
-+			if ( isSizeOK ) {
-+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
-+				const size_t oldSize( vEncryptedDataParted.size() );
-+				CK_BYTE dummy;
-+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-+				const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
-+				CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
-+				vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
-+			} else {
-+				CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
-+				vEncryptedDataParted = vData;
-+			}
- 		}
- 	}
- 
- 	// Single-part decryption
--	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
--
--	{
-+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
-+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
-+	if (oldMechs == CK_FALSE) {
- 		CK_ULONG ulDataLen;
- 		const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
- 		if ( isSizeOK ) {
-@@ -315,8 +327,9 @@
- 	}
- 
- 	// Multi-part decryption
--	CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
--	{
-+	rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
-+	CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
-+	if (oldMechs == CK_FALSE) {
- 		std::vector<CK_BYTE> vDecryptedData;
- 		CK_BYTE dummy;
- 		for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
-@@ -836,44 +849,44 @@
- 
- 	// Generate all combinations of session/token keys.
- 	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
--	CPPUNIT_ASSERT(rv == CKR_OK);
--
--	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--	encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
--	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	if (rv == CKR_OK) {
-+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+		encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	}
- 
- 	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
- 
- 	// Generate all combinations of session/token keys.
- 	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
--	CPPUNIT_ASSERT(rv == CKR_OK);
--
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
--	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	if (rv == CKR_OK) {
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	}
- #endif
- 
- 	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
- 
- 	// Generate all combinations of session/token keys.
- 	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
--	CPPUNIT_ASSERT(rv == CKR_OK);
--
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
--	encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
--	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
--	encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	if (rv == CKR_OK) {
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
-+		encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
-+		encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
-+	}
- }
- 
- void SymmetricAlgorithmTests::testNullTemplate()
-Index: softhsm2-2.6.1/src/lib/test/InfoTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/InfoTests.h
-+++ softhsm2-2.6.1/src/lib/test/InfoTests.h
-@@ -42,13 +42,13 @@
- 	CPPUNIT_TEST_SUITE(InfoTests);
- 	CPPUNIT_TEST(testGetInfo);
- 	CPPUNIT_TEST(testGetFunctionList);
--	CPPUNIT_TEST(testGetSlotList);
--	CPPUNIT_TEST(testGetSlotInfo);
--	CPPUNIT_TEST(testGetTokenInfo);
--	CPPUNIT_TEST(testGetMechanismList);
--	CPPUNIT_TEST(testGetMechanismInfo);
--	CPPUNIT_TEST(testGetSlotInfoAlt);
--	CPPUNIT_TEST(testGetMechanismListConfig);
-+	//CPPUNIT_TEST(testGetSlotList);
-+	//CPPUNIT_TEST(testGetSlotInfo);
-+	//CPPUNIT_TEST(testGetTokenInfo);
-+	//CPPUNIT_TEST(testGetMechanismList);
-+	//CPPUNIT_TEST(testGetMechanismInfo);
-+	//CPPUNIT_TEST(testGetSlotInfoAlt);
-+	//CPPUNIT_TEST(testGetMechanismListConfig);
- 	CPPUNIT_TEST(testWaitForSlotEvent);
- 	CPPUNIT_TEST_SUITE_END();
- 
-Index: softhsm2-2.6.1/src/lib/test/ObjectTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/ObjectTests.h
-+++ softhsm2-2.6.1/src/lib/test/ObjectTests.h
-@@ -41,7 +41,7 @@
- class ObjectTests : public TestsBase
- {
- 	CPPUNIT_TEST_SUITE(ObjectTests);
--	CPPUNIT_TEST(testCreateObject);
-+	/*CPPUNIT_TEST(testCreateObject);
- 	CPPUNIT_TEST(testCopyObject);
- 	CPPUNIT_TEST(testDestroyObject);
- 	CPPUNIT_TEST(testGetObjectSize);
-@@ -60,7 +60,7 @@
- 	CPPUNIT_TEST(testAllowedMechanisms);
- 	CPPUNIT_TEST(testReAuthentication);
- 	CPPUNIT_TEST(testTemplateAttribute);
--	CPPUNIT_TEST(testCreateSecretKey);
-+	CPPUNIT_TEST(testCreateSecretKey);*/
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/UserTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/UserTests.h
-+++ softhsm2-2.6.1/src/lib/test/UserTests.h
-@@ -39,10 +39,10 @@
- class UserTests : public TestsNoPINInitBase
- {
- 	CPPUNIT_TEST_SUITE(UserTests);
--	CPPUNIT_TEST(testInitPIN);
-+	/*CPPUNIT_TEST(testInitPIN);
- 	CPPUNIT_TEST(testLogin);
- 	CPPUNIT_TEST(testLogout);
--	CPPUNIT_TEST(testSetPIN);
-+	CPPUNIT_TEST(testSetPIN);*/
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/SignVerifyTests.h
-+++ softhsm2-2.6.1/src/lib/test/SignVerifyTests.h
-@@ -41,14 +41,14 @@
- class SignVerifyTests : public TestsBase
- {
- 	CPPUNIT_TEST_SUITE(SignVerifyTests);
--	CPPUNIT_TEST(testRsaSignVerify);
-+	/*CPPUNIT_TEST(testRsaSignVerify);
- #ifdef WITH_ECC
- 	CPPUNIT_TEST(testEcSignVerify);
- #endif
- #ifdef WITH_EDDSA
- 	CPPUNIT_TEST_PARAMETERIZED(testEdSignVerify, {"Ed25519", "Ed448"});
- #endif
--	CPPUNIT_TEST(testMacSignVerify);
-+	CPPUNIT_TEST(testMacSignVerify);*/
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/SymmetricAlgorithmTests.h
-+++ softhsm2-2.6.1/src/lib/test/SymmetricAlgorithmTests.h
-@@ -39,7 +39,7 @@
- class SymmetricAlgorithmTests : public TestsBase
- {
- 	CPPUNIT_TEST_SUITE(SymmetricAlgorithmTests);
--	CPPUNIT_TEST(testAesEncryptDecrypt);
-+	/*CPPUNIT_TEST(testAesEncryptDecrypt);
- 	CPPUNIT_TEST(testDesEncryptDecrypt);
- #ifdef HAVE_AES_KEY_WRAP
- 	CPPUNIT_TEST(testAesWrapUnwrap);
-@@ -49,7 +49,7 @@
- 	CPPUNIT_TEST(testCheckValue);
- 	CPPUNIT_TEST(testAesCtrOverflow);
- 	CPPUNIT_TEST(testGenericKey);
--	CPPUNIT_TEST(testEncDecFinalNULLValidation);
-+	CPPUNIT_TEST(testEncDecFinalNULLValidation);*/
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/RandomTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/RandomTests.h
-+++ softhsm2-2.6.1/src/lib/test/RandomTests.h
-@@ -39,8 +39,8 @@
- class RandomTests : public TestsNoPINInitBase
- {
- 	CPPUNIT_TEST_SUITE(RandomTests);
--	CPPUNIT_TEST(testSeedRandom);
--	CPPUNIT_TEST(testGenerateRandom);
-+	//CPPUNIT_TEST(testSeedRandom);
-+	//CPPUNIT_TEST(testGenerateRandom);
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/SessionTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/SessionTests.h
-+++ softhsm2-2.6.1/src/lib/test/SessionTests.h
-@@ -40,10 +40,10 @@
- class SessionTests : public TestsNoPINInitBase
- {
- 	CPPUNIT_TEST_SUITE(SessionTests);
--	CPPUNIT_TEST(testOpenSession);
-+	/*CPPUNIT_TEST(testOpenSession);
- 	CPPUNIT_TEST(testCloseSession);
- 	CPPUNIT_TEST(testCloseAllSessions);
--	CPPUNIT_TEST(testGetSessionInfo);
-+	CPPUNIT_TEST(testGetSessionInfo);*/
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
-Index: softhsm2-2.6.1/src/lib/test/TokenTests.h
-===================================================================
---- softhsm2-2.6.1.orig/src/lib/test/TokenTests.h
-+++ softhsm2-2.6.1/src/lib/test/TokenTests.h
-@@ -39,7 +39,7 @@
- class TokenTests : public TestsNoPINInitBase
- {
- 	CPPUNIT_TEST_SUITE(TokenTests);
--	CPPUNIT_TEST(testInitToken);
-+	//CPPUNIT_TEST(testInitToken);
- 	CPPUNIT_TEST_SUITE_END();
- 
- public:
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 8dc5c4b18d..5aa7d80034 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -223,16 +223,16 @@ the low-level development kit for the Yubico YubiKey authentication device.")
 (define-public softhsm
   (package
     (name "softhsm")
-    (version "2.6.1")
+    (version "2.7.0")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://dist.opendnssec.org/source/"
-                    "softhsm-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/softhsm/SoftHSMv2.git")
+                     (commit version)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))
-              (patches (search-patches "softhsm-fix-openssl3-tests.patch"))))
+                "0km7pnwp1ny7k317srpagwp3mnb5f5b1d82fj07hqgcmc209s2l3"))))
     (build-system gnu-build-system)
     (arguments
      (list #:configure-flags
@@ -240,7 +240,12 @@ the low-level development kit for the Yubico YubiKey authentication device.")
                    (string-append "--with-p11-kit="
                                   #$output "/share/p11-kit/modules"))))
     (inputs (list openssl))
-    (native-inputs (list pkg-config cppunit))
+    (native-inputs
+     (list autoconf
+           automake
+           cppunit
+           libtool
+           pkg-config))
     (synopsis "Software implementation of a generic cryptographic device")
     (description
      "SoftHSM 2 is a software implementation of a generic cryptographic device