On Tue, 6 Jun 2023 00:24:21 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> > > test/jdk/sun/security/pkcs11/KeyStore/ImportKeyToP12.java line 83: > >> 81: // Make sure that SunPKCS11 implements the Cipher algorithm >> 82: Cipher.getInstance(pbeCipherAlg, sunPKCS11); >> 83: testWith(sunPKCS11, pbeCipherAlg, pbeMacAlgs[0]); > > Looks like an error handling is missing, i.e. catch and ignore/skip the > corresponding testing if the algorithm is not supported by the sunPKCS11 > provider under test. Same goes for the Mac loop below also. I'm not sure of this change because the test is NSS-based —in fact, we initialize the NSS software token with a specific configuration— and the PBE algorithms used in the test should be available. Have you found a platform/NSS version in which this is not true? I'm concerned about making the test (silently) pass when there is something that we should notice, such as the removal of something in a newer version that would affect our testing coverage or the change in one of the native mechanisms for a given algorithm. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1218841067
