| This README is to keep a list facts and known workaround for the pkcs11 java tests |
| perform as a result of bugs or features in NSS or other pkcs11 libraries. |
| |
| - NSS ECC None/Basic/Extended |
| The tests detect the NSS library support for Elliptic Curves as to not |
| report incorrect failures. PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID |
| when the curve is not supported. |
| |
| - Default libsoftokn3.so |
| By default PKCS11Test.java will look for libsoftokn3.so. There are a number of |
| tests, particularly in Secmod, that need libnss3.so. The method useNSS() in |
| PKCS11test.java is to change the search and version checking to libnss3. |
| |
| ECC Basic supports is secp256r1, secp384r1, and secp521r1. |
| |
| - A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be |
| read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and |
| knows to avoid it. |
| |
| - A number of EC tests fail because of a DER bug in NSS 3.11. The best guess |
| is Mozilla bug 480280. Those tests that abort execution with a PASS result |
| are: TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec. |
