stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID

Browse Source 
Reviewed-by: xuelei
This commit is contained in:
John Jiang 2019-09-21 08:06:00 +08:00
parent c77f6fdcb6
commit 0a0956bcda
4 changed files with 54 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/jdk/ProblemList.txt
View File

@ -652,8 +652,6 @@ com/sun/nio/sctp/SctpChannel/SocketOptionTests.java 8141694 linux-al
# jdk_security
sun/security/pkcs11/ec/TestKeyFactory.java 8026976 generic-all
sun/security/pkcs11/Secmod/AddTrustedCert.java 8180837 generic-all
sun/security/pkcs11/tls/TestKeyMaterial.java 8180837 generic-all
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8161536 generic-all
sun/security/tools/keytool/ListKeychainStore.sh 8156889 macosx-all

12
test/jdk/sun/security/pkcs11/PKCS11Test.java
View File

@ -39,6 +39,7 @@ import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.Policy;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
@ -879,6 +880,9 @@ public abstract class PKCS11Test {
case "MacOSX-x86_64-64":
return fetchNssLib(MACOSX_X64.class);
case "Linux-amd64-64":
return fetchNssLib(LINUX_X64.class);
default:
return null;
}
@ -900,6 +904,7 @@ public abstract class PKCS11Test {
+ "\nPlease make sure the artifact is available.");
}
}
Policy.setPolicy(null); // Clear the policy created by JIB if any
return path;
}
@ -923,4 +928,11 @@ public abstract class PKCS11Test {
revision = "3.46",
extension = "zip")
private static class MACOSX_X64 { }
@Artifact(
organization = "jpg.tests.jdk.nsslib",
name = "nsslib-linux_x64",
revision = "3.46",
extension = "zip")
private static class LINUX_X64 { }
}

18
test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -67,6 +67,13 @@ public class AddTrustedCert extends SecmodTest {
String configName = BASE + SEP + "nss.cfg";
Provider p = getSunPKCS11(configName);
if (improperNSSVersion(p)) {
System.out.println(
"Skip test due to improper NSS version in [3.28, 3.35). "
+ "See JDK-8180837 for more detatils.");
return;
}
System.out.println(p);
Security.addProvider(p);
@ -125,4 +132,13 @@ public class AddTrustedCert extends SecmodTest {
System.out.println("OK");
}
private static boolean improperNSSVersion(Provider p) {
double nssVersion = getNSSVersion();
if (p.getName().equalsIgnoreCase("SunPKCS11-NSSKeyStore")
&& nssVersion >= 3.28 && nssVersion < 3.35) {
return true;
}
return false;
}
}

30
test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,13 +36,16 @@
import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Provider;
import java.security.InvalidAlgorithmParameterException;
import java.security.Provider;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
@ -51,6 +54,7 @@ public class TestKeyMaterial extends PKCS11Test {
private static final int PREFIX_LENGTH = "km-master: ".length();
public static void main(String[] args) throws Exception {
System.out.println("NSS Version: " + getNSSVersion());
main(new TestKeyMaterial(), args);
}
@ -154,10 +158,26 @@ public class TestKeyMaterial extends PKCS11Test {
match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
} catch (InvalidAlgorithmParameterException iape) {
// SSLv3 support is removed in S12
if (major == 3 && minor == 0) {
System.out.println("Skip testing SSLv3");
continue;
if (provider.getName().indexOf("Solaris") != -1) {
if (major == 3 && minor == 0) {
System.out.println("Skip testing SSLv3 on Solaris");
continue;
}
}
throw iape;
} catch (ProviderException pe) {
if (provider.getName().indexOf("NSS") != -1) {
Throwable t = pe.getCause();
if (expandedKeyLength != 0
&& t.getMessage().indexOf(
"CKR_MECHANISM_PARAM_INVALID") != -1) {
// NSS removed support for export-grade cipher suites in 3.28,
// see https://bugzilla.mozilla.org/show_bug.cgi?id=1252849
System.out.println("Ignore known NSS failure on CKR_MECHANISM_PARAM_INVALID");
continue;
}
}
throw pe;
}
} else {
throw new Exception("Unknown line: " + line);