Hi Valerie and Tomas, thanks for the hint about SoftHSM. I just found the time to test it. I was able to run TestECDH using it with a SoftHSM2 based SunPKCS11 provider.
I did not hear anything about my last response - so I hope, this it might be helpful. I wonder if there is anything left to do for me or whether the proposed patch is acceptable as it is right now. There is a patch attached to show the test setup - but this is nothing to be used in production. There is also the jtreg output for TestECDH with SoftHSM2 To run this, I had to do some things before * Build SoftHSM2 myself. I've used this version: https://github.com/opendnssec/SoftHSMv2/releases/tag/2.4.0 . The versions available via package managers did not work for me * Generate a new token 'softhsm2-util --init-token --slot 0 --label "Token 0"' with PIN '123456' for the Token an the SO as well NOTE: The PIN is hard coded into the example patch. This worked on Linux and MacOS. Regards, Tobias Am 09.02.2018 um 10:22 schrieb Tomas Gustavsson: > > Just FYI. SoftHSM2 from the OpenDNSSec project is a good P11 to test > with, and I believe it supports brainpool in recent versions. > https://github.com/opendnssec/SoftHSMv2 > > It works really good) > > Regards, > Tomas > > On 2018-02-09 02:03, Valerie Peng wrote: >> Hi Tobias, >> >> Just curious, which PKCS11 library did you use to test your patch? After >> I applied your patch and ran the regression tests, I noticed that both >> the Solaris PKCS11 library and NSS skipped testing Brainpool curves with >> different error codes which may be due to lack of support... >> >> Regards, >> Valerie
TestECDH.jtr
Description: Binary data
openjdk_jdk_49130.patch
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature