<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">New webrev :<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.1/">http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.1/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">I adjusted the imports and now output a warning .<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Best regards, Matthias<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:DE">From:</span></b><span lang="EN-US" style="mso-fareast-language:DE"> Baesken, Matthias
<br>
<b>Sent:</b> Montag, 23. September 2019 16:07<br>
<b>To:</b> Langer, Christoph <christoph.langer@sap.com>; security-dev@openjdk.java.net<br>
<b>Cc:</b> Zeller, Arno <arno.zeller@sap.com><br>
<b>Subject:</b> RE: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">Hi Christoph, I am okay with your suggestion to just print a message in case that an older nss lib < 3.15 is found ; however let’s see what others think .<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">(but for Solaris we let the test pass when noticing old nss versions , so I thought it might make some sense to behave on Linux in the same way )
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Best regards, Matthias<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:DE">From:</span></b><span lang="EN-US" style="mso-fareast-language:DE"> Langer, Christoph <<a href="mailto:christoph.langer@sap.com">christoph.langer@sap.com</a>>
<br>
<b>Sent:</b> Montag, 23. September 2019 15:53<br>
<b>To:</b> Baesken, Matthias <<a href="mailto:matthias.baesken@sap.com">matthias.baesken@sap.com</a>>;
<a href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br>
<b>Cc:</b> Zeller, Arno <<a href="mailto:arno.zeller@sap.com">arno.zeller@sap.com</a>><br>
<b>Subject:</b> RE: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Matthias,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">generally I agree that it’s a good idea to have more diagnostic output in case of failures in this test.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">But, given that there’s an upgrade path even on our old Linux SLES 11.3 system to a newer libnss that has a fix for the bug that we observe, I suggest that the test should still fail with libnss 3.14. So I suggest you
only add the line<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">System.out.println("Exception occured using " + p.getName() + " version " + ver);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">and maybe a comment stating that libnss 3.14 on Linux isn’t good for this test.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">BTW, if you want to clean up the testcase a bit, you might remove line 36, import java.math.*; because it’s not needed. Or replace all the imports with:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import java.security.GeneralSecurityException;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import java.security.Provider;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import java.util.Arrays;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import javax.crypto.Cipher;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import javax.crypto.SecretKey;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import javax.crypto.spec.GCMParameterSpec;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">import javax.crypto.spec.SecretKeySpec;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Christoph<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:DE">From:</span></b><span lang="EN-US" style="mso-fareast-language:DE"> Baesken, Matthias <<a href="mailto:matthias.baesken@sap.com">matthias.baesken@sap.com</a>>
<br>
<b>Sent:</b> Montag, 23. September 2019 15:16<br>
<b>To:</b> <a href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br>
<b>Cc:</b> Langer, Christoph <<a href="mailto:christoph.langer@sap.com">christoph.langer@sap.com</a>>; Zeller, Arno <<a href="mailto:arno.zeller@sap.com">arno.zeller@sap.com</a>><br>
<b>Subject:</b> RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">Hello, please review this small test related change .<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We noticed that on our SLES (SuSE Linux) 11 test machines, the test<br>
<br>
sun/security/pkcs11/Cipher/TestKATForGCM.java<br>
<br>
fails when older nss versions are used on the system , especially nss 3.14 .<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><br>
The used package is named mozilla-nss-3.14 .<br>
Upgrading to newer versions (e.g. 3.20) makes the test succeed , so it might be helpful<br>
to add a check in the test like it is done already for old nss versions on Solaris.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">(nss 3.15 contains a couple of AES cipher with GCM related fixes, those might be the ones needed to run the test successfully ).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Bug/webrev :<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="https://bugs.openjdk.java.net/browse/JDK-8231357">https://bugs.openjdk.java.net/browse/JDK-8231357</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.0/">http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.0/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks, Matthias<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>