| author | ascarpino |
| Mon, 29 Jul 2013 13:43:24 -0700 | |
| changeset 19067 | 5271291b7121 |
| permissions | -rw-r--r-- |
|
19067
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
1 |
This README is to keep a list facts and known workaround for the pkcs11 java tests |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
2 |
perform as a result of bugs or features in NSS or other pkcs11 libraries. |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
3 |
|
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
4 |
- NSS ECC None/Basic/Extended |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
5 |
The tests detect the NSS library support for Elliptic Curves as to not |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
6 |
report incorrect failures. PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
7 |
when the curve is not supported. |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
8 |
|
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
9 |
- Default libsoftokn3.so |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
10 |
By default PKCS11Test.java will look for libsoftokn3.so. There are a number of |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
11 |
tests, particularly in Secmod, that need libnss3.so. The method useNSS() in |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
12 |
PKCS11test.java is to change the search and version checking to libnss3. |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
13 |
|
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
14 |
ECC Basic supports is secp256r1, secp384r1, and secp521r1. |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
15 |
|
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
16 |
- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
17 |
read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
18 |
knows to avoid it. |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
19 |
|
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
20 |
- A number of EC tests fail because of a DER bug in NSS 3.11. The best guess |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
21 |
is Mozilla bug 480280. Those tests that abort execution with a PASS result |
|
5271291b7121
8020424: The NSS version should be detected before running crypto tests
ascarpino
parents:
diff
changeset
|
22 |
are: TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec. |