RFR: 8312428: PKCS11 tests fail with NSS 3.91 [v2]
Rajan Halade
rhalade at openjdk.org
Thu Aug 10 20:06:28 UTC 2023
On Thu, 10 Aug 2023 18:42:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java line 67:
>>
>>> 65: } catch (CloneNotSupportedException cnse) {
>>> 66: // skip test if clone isn't supported
>>> 67: System.out.println("=> Clone not supported; skip!");
>>
>> Can you please update the test to throw SkippedException if no digest algorithms are found to not support clone? This would help us with coverage analysis.
>
> Do you mean throw SkippedException if no digest algorithms are actually tested with Clone functionality testing? Existing NSS impl seems to support clone for non-SHA-3 digest impls.
Yes, test should throw SkippedException when nothing is tested.
>> test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java line 66:
>>
>>> 64: public void main(Provider p) throws Exception {
>>> 65: if (!PSSUtil.isSignatureSupported(p)) {
>>> 66: System.out.println("Skip testing RSASSA-PSS" +
>>
>> throw SkippedException here.
>
> Ok. I initially thought that the SkippedException only applies to library not found and/or un-configured OS. With this extension of the meaning of SkippedException, many of the existing tests have to be updated to match.
Yes, I did #1 update with [JDK-8313206](https://bugs.openjdk.org/browse/JDK-8313206) and plan to do update more scenarios with [JDK-8313575](https://bugs.openjdk.org/browse/JDK-8313575)
>> test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java line 83:
>>
>>> 81: PSSUtil.isHashSupported(p, hash, mgfHash);
>>> 82: if (s == PSSUtil.AlgoSupport.NO) {
>>> 83: System.out.println(" => Skip; no support");
>>
>> Similar request here to mark test as skipped if all algorithms are not supported.
>
> This is just one digest algorithm. To mark the test skipped if none of the algorithms are supported will require different handling.
Yes est should only throw `SkippedEXception` when all algos are skipped.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290597857
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290609160
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1290613005
More information about the security-dev
mailing list