RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider

Martin Balao mbalao at redhat.com
Fri Jul 27 04:14:18 UTC 2018


Hi,

That's correct: TestTLS12.java was introduced by this patch and is checking
that the new feature (TLS 1.2 + SunPKCS11) is working correctly. If the
PKCS11 library does not support TLS 1.2 mechanisms, the test must fail.
This test should be skipped on those configurations.

Kind regards,
Martin.-

On Thu, Jul 26, 2018 at 7:44 PM, Valerie Peng <valerie.peng at oracle.com>
wrote:

>
> Update: I submitted your webrev.05 through Mach5, there are one test
> failure observed on 4 configurations, all are due to the regression test
> TestTLS12.java. It looks like the test fails when the underlying PKCS11
> library does not support the corresponding TLS 12 mechanisms (stacktrace
> included as below)
>
> jib > STDERR:
> jib > java.security.ProviderException: Could not generate key
> jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:181)
> jib > 	at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:563)
> jib > 	at TestTLS12.testTlsAuthenticationCodeGeneration(TestTLS12.java:181)
> jib > 	at TestTLS12.main(TestTLS12.java:104)
> jib > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> jib > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> jib > 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> jib > 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> jib > 	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
> jib > 	at java.base/java.lang.Thread.run(Thread.java:834)
> jib > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_INVALID
> jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DeriveKey(Native Method)
> jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:167)
> jib > 	... 9 more
> jib >
> jib > JavaTest Message: Test threw exception: java.security.ProviderException: Could not generate key
> jib > JavaTest Message: shutting down test
> jib >
> jib > STATUS:Failed.`main' threw exception: java.security.ProviderException: Could not generate key
>
> Thanks,
> Valerie
>
>
> On 7/23/2018 9:50 PM, Martin Balao wrote:
>
> Hi Valerie,
>
> Webrev 05:
>
>  * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.05/
>  * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
> 8029661.webrev.05.zip
>
> New in Webrev 05:
>
>  * Explicitly casted prfHashMechanism to CK_MECHANISM_TYPE type to avoid
> building warning on some compilers (it's a long -> unsigned long cast).
>
> Regression tests result for jdk/sun/security/pkcs11 category:
>
> Passed: sun/security/pkcs11/Cipher/JNICheck.java
> Passed: sun/security/pkcs11/Cipher/ReinitCipher.java
> Passed: sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java
> Passed: sun/security/pkcs11/Cipher/TestRawRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipherWrap.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphers.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java
> Passed: sun/security/pkcs11/Config/ReadConfInUTF16Env.sh
> Passed: sun/security/pkcs11/ec/ReadCertificates.java
> Passed: sun/security/pkcs11/ec/ReadPKCS12.java
> Passed: sun/security/pkcs11/ec/TestCurves.java
> Passed: sun/security/pkcs11/ec/TestECDH.java
> Passed: sun/security/pkcs11/ec/TestECDH2.java
> Passed: sun/security/pkcs11/ec/TestECDSA.java
> Passed: sun/security/pkcs11/ec/TestECDSA2.java
> Passed: sun/security/pkcs11/ec/TestECGenSpec.java
> FAILED: sun/security/pkcs11/ec/TestKeyFactory.java
> Passed: sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
> Passed: sun/security/pkcs11/fips/TrustManagerTest.java
> Passed: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyAgreement/TestDH.java
> Passed: sun/security/pkcs11/KeyAgreement/TestInterop.java
> Passed: sun/security/pkcs11/KeyAgreement/TestShort.java
> Passed: sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyGenerator/DESParity.java
> Passed: sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
> Passed: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
> Passed: sun/security/pkcs11/KeyStore/Basic.sh
> Passed: sun/security/pkcs11/KeyStore/ClientAuth.sh
> Passed: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
> Passed: sun/security/pkcs11/KeyStore/Solaris.sh
> Passed: sun/security/pkcs11/Mac/MacKAT.java
> Passed: sun/security/pkcs11/Mac/MacSameTest.java
> Passed: sun/security/pkcs11/Mac/ReinitMac.java
> Passed: sun/security/pkcs11/MessageDigest/ByteBuffers.java
> Passed: sun/security/pkcs11/MessageDigest/DigestKAT.java
> Passed: sun/security/pkcs11/MessageDigest/ReinitDigest.java
> Passed: sun/security/pkcs11/MessageDigest/TestCloning.java
> Passed: sun/security/pkcs11/Provider/Absolute.java
> Passed: sun/security/pkcs11/Provider/ConfigQuotedString.sh
> Passed: sun/security/pkcs11/Provider/ConfigShortPath.java
> Passed: sun/security/pkcs11/Provider/Login.sh
> Passed: sun/security/pkcs11/Provider/LoginISE.java
> Passed: sun/security/pkcs11/rsa/KeyWrap.java
> Passed: sun/security/pkcs11/rsa/TestCACerts.java
> Passed: sun/security/pkcs11/rsa/TestKeyFactory.java
> Passed: sun/security/pkcs11/rsa/TestKeyPairGenerator.java
> Passed: sun/security/pkcs11/rsa/TestSignatures.java
> Passed: sun/security/pkcs11/Secmod/AddPrivateKey.java
> FAILED: sun/security/pkcs11/Secmod/AddTrustedCert.java
> Passed: sun/security/pkcs11/Secmod/Crypto.java
> Passed: sun/security/pkcs11/Secmod/GetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/JksSetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/LoadKeystore.java
> Passed: sun/security/pkcs11/Secmod/TestNssDbSqlite.java
> Passed: sun/security/pkcs11/Secmod/TrustAnchors.java
> Passed: sun/security/pkcs11/SecureRandom/Basic.java
> Passed: sun/security/pkcs11/SecureRandom/TestDeserialization.java
> Passed: sun/security/pkcs11/Serialize/SerializeProvider.java
> Passed: sun/security/pkcs11/Signature/ByteBuffers.java
> Passed: sun/security/pkcs11/Signature/ReinitSignature.java
> Passed: sun/security/pkcs11/Signature/TestDSA.java
> Passed: sun/security/pkcs11/Signature/TestDSAKeyLength.java
> Passed: sun/security/pkcs11/Signature/TestRSAKeyLength.java
> Passed: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
> FAILED: sun/security/pkcs11/tls/TestKeyMaterial.java
> Passed: sun/security/pkcs11/tls/TestLeadingZeroesP11.java
> Passed: sun/security/pkcs11/tls/TestMasterSecret.java
> Passed: sun/security/pkcs11/tls/TestPremaster.java
> Passed: sun/security/pkcs11/tls/TestPRF.java
> Passed: sun/security/pkcs11/tls/TestTLS12.java
> Passed: sun/security/pkcs11/SampleTest.java
> Test results: passed: 70; failed: 3
>
> NOTE: failing testcases were already failing on an unpatched JDK.
>
> Look forward to your answer.
>
> Kind regards,
> Martin.-
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180727/aad6d037/attachment.html>


More information about the security-dev mailing list