23 lines
1.0 KiB
Plaintext
23 lines
1.0 KiB
Plaintext
|
This README is to keep a list facts and known workaround for the pkcs11 java tests
|
||
|
perform as a result of bugs or features in NSS or other pkcs11 libraries.
|
||
|
|
||
|
- NSS ECC None/Basic/Extended
|
||
|
The tests detect the NSS library support for Elliptic Curves as to not
|
||
|
report incorrect failures. PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
|
||
|
when the curve is not supported.
|
||
|
|
||
|
- Default libsoftokn3.so
|
||
|
By default PKCS11Test.java will look for libsoftokn3.so. There are a number of
|
||
|
tests, particularly in Secmod, that need libnss3.so. The method useNSS() in
|
||
|
PKCS11test.java is to change the search and version checking to libnss3.
|
||
|
|
||
|
ECC Basic supports is secp256r1, secp384r1, and secp521r1.
|
||
|
|
||
|
- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
|
||
|
read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
|
||
|
knows to avoid it.
|
||
|
|
||
|
- A number of EC tests fail because of a DER bug in NSS 3.11. The best guess
|
||
|
is Mozilla bug 480280. Those tests that abort execution with a PASS result
|
||
|
are: TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.
|