Well, I have not looked at the complete webrev.
But it looks to me that if the tests are generalized to cover more providers, then they should be moved to somewhere else instead of "com/oracle/security/ucrypto" directory which implies the regression tests for OracleUcrypto provider. Maybe somewhere under the /javax/crypto/ would be a better fit.

One more concern that I have is that some functionalities tested in the tests may be *optional*. When the tests are developed for a specific provider such as OracleUcrypto provider, we know what it supports and doesn't support. However, when the tests are generalized to apply to all security providers, it gets a bit fragile. Even it works w/ current list of providers, once a new provider is added, the tests may very likely fail. The tests may have to be relaxed when it comes to these optional functionalities, e.g. digest cloning, key wrapping, etc.

Personally, I feel this is a bit more than "regression tests"...
Valerie

On 03/29/12 07:43, Andrew Hughes wrote:
Hi all,

As discussed in:

http://mail.openjdk.java.net/pipermail/security-dev/2012-March/004615.html

this webrev:

http://cr.openjdk.java.net/~andrew/enc_tests/webrev.01/

updates the tests as follows:

1.  Tests all available providers, not just ucrypto which is unavailable on 
OpenJDK.
2.  No longer fails the whole test due to a single failure, but provides a 
cumulative result instead.
3.  All output goes to System.err so that stack traces correspond to other 
output for debugging.

The tests pass on all providers, with the exception of PKCS11 which has issues 
on AES that we're still looking onto.
There were issues with Digest too, but this should be resolved by the fix 
described in
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6414899

changeset:   4908:cdc128128044
parent:      4888:0194fe5ca404
user:        valeriep
date:        Thu Jan 05 18:18:04 2012 -0800
summary:     6414899: P11Digest  should support cloning

Does this look ok?  If so, can I have a bug ID to commit it and which tree 
should it go to?

Thanks,

Reply via email to