jdk-24/test/jdk/sun/security/pkcs11
Weijun Wang f834557ae0 8258915: Temporary buffer cleanup
Reviewed-by: valeriep
2021-04-22 18:11:43 +00:00
..
Cipher 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding 2021-04-12 20:58:08 +00:00
Config 8244224: Implementation of JEP 381: Remove the Solaris and SPARC Ports 2020-05-20 17:33:37 -07:00
ec 8235710: Remove the legacy elliptic curves 2020-09-25 02:40:36 +00:00
KeyAgreement 8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined 2021-02-12 20:58:22 +00:00
KeyGenerator 8242332: Add SHA3 support to SunPKCS11 provider 2020-12-05 23:47:35 +00:00
KeyPairGenerator 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
KeyStore 8244224: Implementation of JEP 381: Remove the Solaris and SPARC Ports 2020-05-20 17:33:37 -07:00
Mac 8242332: Add SHA3 support to SunPKCS11 provider 2020-12-05 23:47:35 +00:00
MessageDigest 8242332: Add SHA3 support to SunPKCS11 provider 2020-12-05 23:47:35 +00:00
nss 8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec 2021-03-29 20:14:47 +00:00
Provider 8258851: Mismatch in SunPKCS11 provider registration properties and actual implementation 2020-12-23 22:36:45 +00:00
rsa 8258915: Temporary buffer cleanup 2021-04-22 18:11:43 +00:00
Secmod 8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID 2019-09-21 08:06:00 +08:00
SecureRandom 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
Serialize 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
Signature 8242332: Add SHA3 support to SunPKCS11 provider 2020-12-05 23:47:35 +00:00
sslecc 8235710: Remove the legacy elliptic curves 2020-09-25 02:40:36 +00:00
tls 8258796: [test] Apply HexFormat to tests for java.security 2021-01-08 21:32:54 +00:00
PKCS11Test.java 8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec 2021-03-29 20:14:47 +00:00
policy 8187443: Forest Consolidation: Move files to unified layout 2017-09-12 19:03:39 +02:00
README 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
SampleTest.java 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
SecmodTest.java 8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 2018-06-26 08:10:45 +08:00

This README is to keep a list facts and known workaround for the pkcs11 java tests
perform as a result of bugs or features in NSS or other pkcs11 libraries.

- How to get NSS libraries?
The libraries come from the following sources.

1. Specified by system property test.nss.lib.paths
System property test.nss.lib.paths can specify a set of absolute paths to
the local NSS library directories. The paths are separated by comma.

2. Pre-built NSS libraries from artifactory server
If the value of system property test.nss.lib.paths is not set, the tests will try
to download pre-built NSS libraries from artifactory server. Currently, the
tests only looks for libraries for Windows and MacOSX platforms on artifactory.
Please note that JIB jar MUST be present in classpath when downloading the
libraries.

3. System NSS libraries
If both of the above sources are not available, the tests will try to search
for the libraries in some system paths. The paths are platform-specific. Note
that, there is no such system path on Windows and MacOSX platforms. On these
platforms, it has to use source 1 or 2.

- NSS ECC None/Basic/Extended
The tests detect the NSS library support for Elliptic Curves as to not
report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
when the curve is not supported.

- Default libsoftokn3.so
By default PKCS11Test.java will look for libsoftokn3.so. There are a number of
tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in
PKCS11test.java is to change the search and version checking to libnss3.

ECC Basic supports is secp256r1, secp384r1, and secp521r1.

- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
knows to avoid it.

- A number of EC tests fail because of a DER bug in NSS 3.11. The best guess
is Mozilla bug 480280.  Those tests that abort execution with a PASS result
are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.