Hi Matthias,
generally I agree that it's a good idea to have more diagnostic output in case
of failures in this test.
But, given that there's an upgrade path even on our old Linux SLES 11.3 system
to a newer libnss that has a fix for the bug that we observe, I suggest that
the test should still fail with libnss 3.14. So I suggest you only add the line
System.out.println("Exception occured using " + p.getName() + " version " +
ver);
and maybe a comment stating that libnss 3.14 on Linux isn't good for this test.
BTW, if you want to clean up the testcase a bit, you might remove line 36,
import java.math.*; because it's not needed. Or replace all the imports with:
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
Thanks
Christoph
From: Baesken, Matthias <matthias.baes...@sap.com>
Sent: Montag, 23. September 2019 15:16
To: security-dev@openjdk.java.net
Cc: Langer, Christoph <christoph.lan...@sap.com>; Zeller, Arno
<arno.zel...@sap.com>
Subject: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails
on SLES11 using mozilla-nss-3.14
Hello, please review this small test related change .
We noticed that on our SLES (SuSE Linux) 11 test machines, the test
sun/security/pkcs11/Cipher/TestKATForGCM.java
fails when older nss versions are used on the system , especially nss 3.14 .
The used package is named mozilla-nss-3.14 .
Upgrading to newer versions (e.g. 3.20) makes the test succeed , so it might
be helpful
to add a check in the test like it is done already for old nss versions on
Solaris.
(nss 3.15 contains a couple of AES cipher with GCM related fixes, those
might be the ones needed to run the test successfully ).
Bug/webrev :
https://bugs.openjdk.java.net/browse/JDK-8231357
http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.0/
Thanks, Matthias
