On Fri, 1 Oct 2021 00:51:27 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes >> support to SunPKCS11 provider? >> >> The main changes are in only one new class, i.e. P11KeyWrapCipher.java, >> which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When >> testing against NSS library, it seems that they only support the single part >> enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class >> relies on the multi part enc/dec PKCS11 APIs and do not support key >> wrapping/unwrapping. >> >> The rest are minor code refactoring and updates for the PKCS11 Exception >> class. >> The new regression tests are adapted from existing key wrap regression tests >> for SunJCE provider. >> >> Thanks, >> Valerie > > test/jdk/sun/security/pkcs11/Cipher/KeyWrap/TestGeneral.java line 30: > >> 28: * AES/KW/PKCS5Padding, and AES/KWP/NoPadding impls of SunPKCS11 >> provider. >> 29: * @library /test/lib ../.. >> 30: * @run main/othervm TestGeneral > > General question about all the tests. They use othervm, did they not work > with agentvm? Hmm, good question. There are system provider manipulation code in PKCS11Test class, i.e. Security.addProvider(), Security.removeProvider() calls as well as setting/getting system properties. I suppose if we can be sure that things are back to a clean state after each test, then should be ok to use agentvm instead of othervm. ------------- PR: https://git.openjdk.java.net/jdk/pull/5569
