RFR: 8312428: PKCS11 tests fail with NSS 3.91 [v3]
Rajan Halade
rhalade at openjdk.org
Thu Aug 24 20:05:14 UTC 2023
On Thu, 10 Aug 2023 20:29:29 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Starting NSS v3.91, SHA-3 support is added for MessageDigest but not for PSS Signature. This breaks existing test assumptions made by PSS regression tests. In addition, the NSS SHA-3 message digests do not support cloning which causes the failure of TestCloning.java.
>>
>> This PR adds a PSSUtil.java class which provides utility method for detecting/guessing whether a digest algorithm is valid for PSS signature or not.
>>
>> The changes are verified with NSS v3.46, v3.57 and v3.91 (on local Linux machine).
>>
>> Thanks in advance for review~
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> More review feedbacks
Changes requested by rhalade (Reviewer).
test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java line 117:
> 115: System.out.println("=> Skip; no PSS support");
> 116: return;
> 117: }
else...Should the test be marked as failed?
test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java line 117:
> 115: System.out.println(" => Skip; no PSS support");
> 116: return;
> 117: }
Same here, should test fail here?
-------------
PR Review: https://git.openjdk.org/jdk/pull/15217#pullrequestreview-1592168686
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1303387953
PR Review Comment: https://git.openjdk.org/jdk/pull/15217#discussion_r1303393216
More information about the security-dev
mailing list