8367994: test/jdk/sun/security/pkcs11/Signature/ tests pass when they should skip

[myankelev]

• test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
• test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
• test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
• test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
• test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
• test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
• test/jdk/sun/security/pkcs11/Signature/TestDSA.java

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8367994: test/jdk/sun/security/pkcs11/Signature/ tests pass when they should skip (Bug - P4)

Reviewers

• Rajan Halade (@rhalade - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27367/head:pull/27367
$ git checkout pull/27367

Update a local copy of the PR:
$ git checkout pull/27367
$ git pull https://git.openjdk.org/jdk.git pull/27367/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27367

View PR using the GUI difftool:
$ git pr show -t 27367

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27367.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back myankelevich! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@myankelev This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8367994: test/jdk/sun/security/pkcs11/Signature/ tests pass when they should skip

Reviewed-by: rhalade

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 107 new commits pushed to the master branch:

• c55287d: 8370890: Start of release updates for JDK 27
• 45dcc0e: 8371914: PNG defines in CFLAGS can cause compilation errors with external libpng
• 2735140: 8370939: C2: SIGSEGV in SafePointNode::verify_input when processing MH call from Compile::process_late_inline_calls_no_inline()
• ... and 104 more: https://git.openjdk.org/jdk/compare/f5eecc454eb78fc1a3714dfe3cb94113238dd3ac...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@myankelev The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 05: Full - Incremental (415fc1fd)
• 04: Full - Incremental (ed52c835)
• 03: Full - Incremental (234aa5d0)
• 02: Full - Incremental (e4f20a3e)
• 01: Full - Incremental (e390ba72)
• 00: Full (2370b672)

[sendaoYan]

Should we need comments why this test was splited to two tests.

[myankelev]

There is no support for sha3 in nss for now it seems, so this is why it's split. I'm not sure if this makes any difference if highlighted in the comment, but I can add in the next commit.

[wangweij]

Honestly, I don't quite understand why there are 2 tests initializing skipTest as true and then assign it false. Usually it's the other way round. If you know why it has to be coded this way, please add some comments there. Thanks.

[mpdonova]

For id's, "old_alg" and "new_alg" aren't very descriptive/useful. Maybe change them to "sha" and "sha3"?

[myankelev]

Done in the next commit

[mpdonova]

use more descriptive id names

[myankelev]

Done in the next commit

[mpdonova]

It looks like this field is still being and we might test some algorithms but the still throw a SkippedException. Can you get rid of this uncertainty somehow?

[myankelev]

I'm not sure what you mean here. I think the best way would be to split the @test and test each algorithm separately. However this approach will take forever to execute, which is a dealbreaker.

I can add all the skips into one list and only then print out the skipped parameters, if this helps. However, given that the test is split into sha and sha3, all sha3 will be skipped for now. I'm not sure it would bring much more clarity in this case. What do you think?

[mpdonova]

In my opinion, tests shouldn't have logic that runs some test cases and skips others. It creates uncertainty when trying to analyze test coverage. In this case, if a SkippedException is thrown, we don't know what -- if any -- algorithms were successfully tested unless we review the logs and that's an unnecessary burden. If NSS doesn't support the SHA3 algorithms, then we shouldn't try to test them. When we update the NSS library, we need to look at what's newly supported (or removed) and update tests accordingly.

[mpdonova]

should this test also be split into separate @test blocks? There are about 18 test cases and 17 of them could pass and the last one skipped and the test gets marked as skipped.

[myankelev]

There should be no skips in this test with nss, so I don't think this should be an issue here. Splitting this into different @test would be though, as it will increase the execution time significantly.

[rhalade]

This test should also be updated to maintain a list of skipped tests. Right now the skipTest logic is flawed and it won't be marked as skipped if last runTest resets it to false.

[myankelev]

@rhalade yes, I agree. Didn't notice this. Thanks for noticing

[myankelev]

Honestly, I don't quite understand why there are 2 tests initializing skipTest as true and then assign it false. Usually it's the other way round. If you know why it has to be coded this way, please add some comments there. Thanks.

I was just keeping the previous logic that was present before and could be seen in the other files.
I personally don't think flipping the logic will bring any benefits. Especially as it may bring accidental confusion if several tests with flipped and not flipped logic are involved in some fix/enhancement in the future.
But overall I'm fine with doing this, so if you think I should - I will.

[mpdonova]

In my opinion, tests shouldn't have logic that runs some test cases and skips others. It creates uncertainty when trying to analyze test coverage. In this case, if a SkippedException is thrown, we don't know what -- if any -- algorithms were successfully tested unless we review the logs and that's an unnecessary burden. If NSS doesn't support the SHA3 algorithms, then we shouldn't try to test them. When we update the NSS library, we need to look at what's newly supported (or removed) and update tests accordingly.

[bridgekeeper]

@myankelev This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[myankelev]

/touch

[openjdk]

@myankelev The pull request is being re-evaluated and the inactivity timeout has been reset.

[rhalade]

I think skipTest logic in this test needs further updates. It starts with true as default value, should be false and only set skipTest to true when we encounter a test scenario that is not supported. I think there is also a case where skipTest value is overwritten at line 153 when called in a loop at line 95.

[myankelev]

Done in the next commit. I have reworked it to be a list for easier debug in the future.

[rhalade]

This test should also be updated to maintain a list of skipped tests. Right now the skipTest logic is flawed and it won't be marked as skipped if last runTest resets it to false.

[myankelev]

/integrate

[openjdk]

Going to push as commit ef7532e.
Since your change was applied there have been 109 commits pushed to the master branch:

• b19163b: 8356544: Implement additional tests for ciphersuites disabled with wildcards
• c7aa103: 8372844: Improve usage of test/jdk/java/text/testlib/TestUtils.java locale methods
• c55287d: 8370890: Start of release updates for JDK 27
• ... and 106 more: https://git.openjdk.org/jdk/compare/f5eecc454eb78fc1a3714dfe3cb94113238dd3ac...master

Your commit was automatically rebased without conflicts.

[openjdk]

@myankelev Pushed as commit ef7532e.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.