NameDateSize

..12-Dec-201720

Cipher/H12-Dec-201710

ec/H12-Dec-201715

fips/H12-Dec-201716

KeyAgreement/H12-Dec-20177

KeyGenerator/H12-Dec-20174

KeyPairGenerator/H12-Dec-20173

KeyStore/H12-Dec-201713

Mac/H12-Dec-20175

MessageDigest/H12-Dec-20176

nss/H12-Dec-20177

PKCS11Test.javaH A D12-Dec-201726.1 KiB

policyH A D12-Dec-201775

Provider/H12-Dec-201717

READMEH A D12-Dec-20171 KiB

rsa/H12-Dec-201712

SampleTest.javaH A D12-Dec-20171.4 KiB

Secmod/H12-Dec-201718

SecmodTest.javaH A D12-Dec-20172.7 KiB

SecureRandom/H12-Dec-20174

Serialize/H12-Dec-20173

Signature/H12-Dec-20177

sslecc/H12-Dec-20179

tls/H12-Dec-201712

README

1This README is to keep a list facts and known workaround for the pkcs11 java tests
2perform as a result of bugs or features in NSS or other pkcs11 libraries.
3
4- NSS ECC None/Basic/Extended
5The tests detect the NSS library support for Elliptic Curves as to not
6report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
7when the curve is not supported.
8
9- Default libsoftokn3.so
10By default PKCS11Test.java will look for libsoftokn3.so.  There are a number of
11tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in
12PKCS11test.java is to change the search and version checking to libnss3.
13
14ECC Basic supports is secp256r1, secp384r1, and secp521r1.
15
16- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
17read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
18knows to avoid it.
19
20- A number of EC tests fail because of a DER bug in NSS 3.11.  The best guess
21is Mozilla bug 480280.  Those tests that abort execution with a PASS result
22are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.
23