Hi Martin,
I still observe the TestTLS12 regression test failure with your
webrev.07. Judging from the test failure log, it seems that the test
fails when run on a machine whose NSS library does not support the TLS
v1.2 mechanisms. Generally, the test should check and skip if the
to-be-tested algorithms aren't supported.
There are some lines in TestTLS12.java which exceeds the 80-chars
length. Can you please fix them?
That's it.
Thanks,
Valerie
On 8/14/2018 7:43 AM, Martin Balao wrote:
Hi Valerie,
Here it is Webrev.07:
*
http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.07/
<http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.07/>
*
http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.07.zip
<http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.07.zip>
* p11_convert.c:
* L530 and 834: masterKeyDeriveParamToCKMasterKeyDeriveParam and
keyMatParamToCKKeyMatParam functions used to accept "null" value for
class parameter -and, in fact, immediately return in such case-.
Null-checking was in these functions to avoid checking on each call
site (i.e.: jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam and
jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam call sites for
masterKeyDeriveParamToCKMasterKeyDeriveParam). But I reverted this
change now, so we check on call sites. I couldn't find any not-checked
FindClass call.
* L1262: well spotted! Fixed.
* Author tags removed
* Updated copyright on every modified file
* TestTLS12.java improvements:
* initSecmod is now called when starting the test
* Better integration with existing NSSDB + FIPS infrastructure
* RSA+SHA256 certificate (that expires in 2042) was added to FIPS
keystore and NSSDB.
* Putback comment on webrev
* jdk/sun/security/pkcs11 test suite pass-rate experienced no regression
Thanks,
Martin.-