RFR: 8312428: PKCS11 tests fail with NSS 3.91
Rajan Halade
rhalade at openjdk.org
Thu Aug 10 18:41:34 UTC 2023
On Thu, 10 Aug 2023 00:56:56 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Starting NSS v3.91, SHA-3 support is added for MessageDigest but not for PSS Signature. This breaks existing test assumptions made by PSS regression tests. In addition, the NSS SHA-3 message digests do not support cloning which causes the failure of TestCloning.java.
>
> This PR adds a PSSUtil.java class which provides utility method for detecting/guessing whether a digest algorithm is valid for PSS signature or not.
>
> The changes are verified with NSS v3.46, v3.57 and v3.91 (on local Linux machine).
>
> Thanks in advance for review~
Can you please also update https://github.com/openjdk/jdk/blob/master/test/jdk/sun/security/pkcs11/PKCS11Test.java#L1002 to use 3.91?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15217#issuecomment-1673690234
More information about the security-dev
mailing list