New webrev : http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.1/
I adjusted the imports and now output a warning . Best regards, Matthias From: Baesken, Matthias Sent: Montag, 23. September 2019 16:07 To: Langer, Christoph <christoph.lan...@sap.com>; security-dev@openjdk.java.net Cc: Zeller, Arno <arno.zel...@sap.com> Subject: RE: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 Hi Christoph, I am okay with your suggestion to just print a message in case that an older nss lib < 3.15 is found ; however let's see what others think . (but for Solaris we let the test pass when noticing old nss versions , so I thought it might make some sense to behave on Linux in the same way ) Best regards, Matthias From: Langer, Christoph <christoph.lan...@sap.com<mailto:christoph.lan...@sap.com>> Sent: Montag, 23. September 2019 15:53 To: Baesken, Matthias <matthias.baes...@sap.com<mailto:matthias.baes...@sap.com>>; security-dev@openjdk.java.net<mailto:security-dev@openjdk.java.net> Cc: Zeller, Arno <arno.zel...@sap.com<mailto:arno.zel...@sap.com>> Subject: RE: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 Hi Matthias, generally I agree that it's a good idea to have more diagnostic output in case of failures in this test. But, given that there's an upgrade path even on our old Linux SLES 11.3 system to a newer libnss that has a fix for the bug that we observe, I suggest that the test should still fail with libnss 3.14. So I suggest you only add the line System.out.println("Exception occured using " + p.getName() + " version " + ver); and maybe a comment stating that libnss 3.14 on Linux isn't good for this test. BTW, if you want to clean up the testcase a bit, you might remove line 36, import java.math.*; because it's not needed. Or replace all the imports with: import java.security.GeneralSecurityException; import java.security.Provider; import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; Thanks Christoph From: Baesken, Matthias <matthias.baes...@sap.com<mailto:matthias.baes...@sap.com>> Sent: Montag, 23. September 2019 15:16 To: security-dev@openjdk.java.net<mailto:security-dev@openjdk.java.net> Cc: Langer, Christoph <christoph.lan...@sap.com<mailto:christoph.lan...@sap.com>>; Zeller, Arno <arno.zel...@sap.com<mailto:arno.zel...@sap.com>> Subject: RFR [XS] 8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 Hello, please review this small test related change . We noticed that on our SLES (SuSE Linux) 11 test machines, the test sun/security/pkcs11/Cipher/TestKATForGCM.java fails when older nss versions are used on the system , especially nss 3.14 . The used package is named mozilla-nss-3.14 . Upgrading to newer versions (e.g. 3.20) makes the test succeed , so it might be helpful to add a check in the test like it is done already for old nss versions on Solaris. (nss 3.15 contains a couple of AES cipher with GCM related fixes, those might be the ones needed to run the test successfully ). Bug/webrev : https://bugs.openjdk.java.net/browse/JDK-8231357 http://cr.openjdk.java.net/~mbaesken/webrevs/8231357.0/ Thanks, Matthias
