RFR: 8312428: PKCS11 tests fail with NSS 3.91 [v2]

Rajan Halade rhalade at openjdk.org
Thu Aug 10 20:06:28 UTC 2023 

On Thu, 10 Aug 2023 18:42:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java line 67:
>> 
>>> 65:             } catch (CloneNotSupportedException cnse) {
>>> 66:                 // skip test if clone isn't supported
>>> 67:                 System.out.println("=> Clone not supported; skip!");
>> 
>> Can you please update the test to throw SkippedException if no digest algorithms are found to not support clone? This would help us with coverage analysis.
>
> Do you mean throw SkippedException if no digest algorithms are actually tested with Clone functionality testing? Existing NSS impl seems to support clone for non-SHA-3 digest impls.

Yes, test should throw SkippedException when nothing is tested.

>> test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java line 66:
>> 
>>> 64:     public void main(Provider p) throws Exception {
>>> 65:         if (!PSSUtil.isSignatureSupported(p)) {
>>> 66:             System.out.println("Skip testing RSASSA-PSS" +
>> 
>> throw SkippedException here.
>
> Ok. I initially thought that the SkippedException only applies to library not found and/or un-configured OS. With this extension of the meaning of SkippedException, many of the existing tests have to be updated to match.

Yes, I did #1 update with [JDK-8313206](https://bugs.openjdk.org/browse/JDK-8313206) and plan to do update more scenarios with [JDK-8313575](https://bugs.openjdk.org/browse/JDK-8313575)

>> test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java line 83:
>> 
>>> 81:                             PSSUtil.isHashSupported(p, hash, mgfHash);
>>> 82:                     if (s == PSSUtil.AlgoSupport.NO) {
>>> 83:                         System.out.println("    => Skip; no support");
>> 
>> Similar request here to mark test as skipped if all algorithms are not supported.
>
> This is just one digest algorithm. To mark the test skipped if none of the algorithms are supported will require different handling.

Yes est should only throw `SkippedEXception` when all algos are skipped.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290597857
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290609160
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290613005

More information about the security-dev mailing list