jdk-24/jdk/test/sun/security/pkcs11
Xue-Lei Andrew Fan 2f501cd8a5 8028192: Use of PKCS11-NSS provider in FIPS mode broken
Reviewed-by: ahgross, ascarpino, asmotrak
2014-04-09 12:49:51 +00:00
..
Cipher 8001284: Buffer problems with SunPKCS11-Solaris and CKM_AES_CTR 2013-05-07 14:13:53 -07:00
ec 8027218: TEST_BUG: sun/security/pkcs11/ec tests fail because of ever-changing key size restrictions 2013-12-04 10:59:17 -08:00
fips 8028192: Use of PKCS11-NSS provider in FIPS mode broken 2014-04-09 12:49:51 +00:00
KeyAgreement 7146728: Inconsistent length for the generated secret using DH key agreement impl from SunJCE and PKCS11 2012-03-20 15:06:13 -07:00
KeyGenerator 6962318: Update copyright year 2010-12-28 15:53:50 -08:00
KeyPairGenerator 7196382: PKCS11 provider should support 2048-bit DH 2013-10-08 11:07:31 -07:00
KeyStore 8029369: Shell tests in sun/security/pkcs11/ do not compile PKCS11Test 2013-12-02 14:19:25 +00:00
Mac 6943119: Rebrand source copyright notices 2010-05-25 15:58:33 -07:00
MessageDigest 4963723: Implement SHA-224 2012-05-08 17:57:48 -07:00
nss 6880559: Enable PKCS11 64-bit windows builds 2012-07-16 22:38:49 +01:00
Provider Merge 2014-01-22 14:17:32 -08:00
rsa 7198416: CertificateIssuerName and CertificateSubjectName are redundant 2012-11-08 12:51:25 -05:00
Secmod 7197491: update copyright year to match last edit in jdk8 jdk repository 2012-11-02 15:50:11 +00:00
SecureRandom 6943119: Rebrand source copyright notices 2010-05-25 15:58:33 -07:00
Serialize 6943119: Rebrand source copyright notices 2010-05-25 15:58:33 -07:00
Signature 8029158: sun/security/pkcs11/Signature/TestDSAKeyLength.java does not compile (or run) 2013-12-03 17:23:58 -08:00
sslecc 8030829: Add MD5 to jdk.certpath.disabledAlgorithms security property 2014-01-13 21:12:58 -08:00
tls 8028192: Use of PKCS11-NSS provider in FIPS mode broken 2014-04-09 12:49:51 +00:00
PKCS11Test.java 8027218: TEST_BUG: sun/security/pkcs11/ec tests fail because of ever-changing key size restrictions 2013-12-04 10:59:17 -08:00
README 8020424: The NSS version should be detected before running crypto tests 2013-07-29 13:43:24 -07:00
SampleTest.java 6943119: Rebrand source copyright notices 2010-05-25 15:58:33 -07:00
SecmodTest.java 8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013 2013-12-26 12:04:16 -08:00

This README is to keep a list facts and known workaround for the pkcs11 java tests
perform as a result of bugs or features in NSS or other pkcs11 libraries.

- NSS ECC None/Basic/Extended
The tests detect the NSS library support for Elliptic Curves as to not
report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
when the curve is not supported.

- Default libsoftokn3.so
By default PKCS11Test.java will look for libsoftokn3.so.  There are a number of
tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in
PKCS11test.java is to change the search and version checking to libnss3.

ECC Basic supports is secp256r1, secp384r1, and secp521r1.

- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
knows to avoid it.

- A number of EC tests fail because of a DER bug in NSS 3.11.  The best guess
is Mozilla bug 480280.  Those tests that abort execution with a PASS result
are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.