# HG changeset patch # User Andrew John Hughes # Date 1459458883 -3600 # Node ID e67ce0e5065829366d79b1e5c06a0c98534f8d31 # Parent b2c3cacbd0fdbf53d1a45382e32c94b88ccbf56a PR2392: Make elliptic curve removal optional 2015-07-13 Andrew John Hughes PR2392: Make elliptic curve removal optional * INSTALL: Document --enable-non-nss-curves. * Makefile.am: (ICEDTEA_PATCHES): Only apply the RH1022017 patch when non-NSS curves are not enabled. * NEWS: Updated. * acinclude.m4: (IT_ENABLE_NON_NSS_CURVES): New macro to allow non-NSS curves to be turned on. * configure.ac: Invoke IT_ENABLE_NON_NSS_CURVES. * fsg.sh.in: Don't alter the curve list when non-NSS curves are enabled. diff -r b2c3cacbd0fd -r e67ce0e50658 ChangeLog --- a/ChangeLog Wed Mar 30 04:45:59 2016 +0100 +++ b/ChangeLog Thu Mar 31 22:14:43 2016 +0100 @@ -1,3 +1,24 @@ +2015-07-13 Andrew John Hughes + + PR2392: Make elliptic curve removal + optional + * INSTALL: + Document --enable-non-nss-curves. + * Makefile.am: + (ICEDTEA_PATCHES): Only apply + the RH1022017 patch when non-NSS + curves are not enabled. + * NEWS: Updated. + * acinclude.m4: + (IT_ENABLE_NON_NSS_CURVES): New + macro to allow non-NSS curves to + be turned on. + * configure.ac: + Invoke IT_ENABLE_NON_NSS_CURVES. + * fsg.sh.in: + Don't alter the curve list when + non-NSS curves are enabled. + 2016-03-29 Andrew John Hughes Bump to icedtea-3.0.0pre10. diff -r b2c3cacbd0fd -r e67ce0e50658 INSTALL --- a/INSTALL Wed Mar 30 04:45:59 2016 +0100 +++ b/INSTALL Thu Mar 31 22:14:43 2016 +0100 @@ -189,6 +189,7 @@ * --with-additional-vms=vm-list: Additional VMs to build using the system described below. * --enable-sunec: Build the SunEC crypto provider against system NSS. +* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521}) Testing ======= diff -r b2c3cacbd0fd -r e67ce0e50658 Makefile.am --- a/Makefile.am Wed Mar 30 04:45:59 2016 +0100 +++ b/Makefile.am Thu Mar 31 22:14:43 2016 +0100 @@ -286,8 +286,7 @@ ICEDTEA_PATCHES = \ patches/memory-limits.patch \ - patches/override-redirect-metacity.patch \ - patches/rh1022017.patch + patches/override-redirect-metacity.patch # Conditional patches @@ -318,6 +317,10 @@ patches/disable-intree-ec.patch endif +if !USE_NON_NSS_CURVES +ICEDTEA_PATCHES += patches/rh1022017.patch +endif + if ENABLE_NSS if ENABLE_SUNEC ICEDTEA_PATCHES += patches/nss-config-with-sunec.patch diff -r b2c3cacbd0fd -r e67ce0e50658 NEWS --- a/NEWS Wed Mar 30 04:45:59 2016 +0100 +++ b/NEWS Thu Mar 31 22:14:43 2016 +0100 @@ -104,6 +104,7 @@ - PR2369: SunEC provider is partially installed - PR2377: PaX mark the installed JDK so it runs on hardened systems - PR2383: Location of docs directory in install-data-local is incorrect + - PR2392: Make elliptic curve removal optional - PR2400, RH1206656: Zero JVM crashes on startup when built with GCC 5 - PR2407: Fix automatic enabling of the Zero build on non-JIT architectures which don't use CACAO or JamVM - PR2408: Enable Zero when Shark is enabled diff -r b2c3cacbd0fd -r e67ce0e50658 acinclude.m4 --- a/acinclude.m4 Wed Mar 30 04:45:59 2016 +0100 +++ b/acinclude.m4 Thu Mar 31 22:14:43 2016 +0100 @@ -2289,3 +2289,19 @@ AM_CONDITIONAL(DISABLE_NASHORN_CHECKSUM, test x"${ENABLE_NASHORN_CHECKSUM}" = "xno") AC_SUBST(ENABLE_NASHORN_CHECKSUM) ]) + +AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES], +[ + AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS]) + AC_ARG_ENABLE([non-nss-curves], + [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])], + [ + ENABLE_NON_NSS_CURVES="${enableval}" + ], + [ + ENABLE_NON_NSS_CURVES="no" + ]) + AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES}) + AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes") + AC_SUBST(ENABLE_NON_NSS_CURVES) +]) diff -r b2c3cacbd0fd -r e67ce0e50658 configure.ac --- a/configure.ac Wed Mar 30 04:45:59 2016 +0100 +++ b/configure.ac Thu Mar 31 22:14:43 2016 +0100 @@ -125,6 +125,7 @@ IT_ENABLE_JAR_COMPRESSION IT_ENABLE_ZERO_BUILD IT_CHECK_ADDITIONAL_VMS +IT_ENABLE_NON_NSS_CURVES IT_WITH_VERSION_SUFFIX IT_ENABLE_HG diff -r b2c3cacbd0fd -r e67ce0e50658 fsg.sh.in --- a/fsg.sh.in Wed Mar 30 04:45:59 2016 +0100 +++ b/fsg.sh.in Thu Mar 31 22:14:43 2016 +0100 @@ -13,5 +13,7 @@ echo "Removing EC source code we don't build" rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl -echo "Syncing EC list with NSS" -patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch +if test "x@ENABLE_NON_NSS_CURVES@" = "xno"; then + echo "Syncing EC list with NSS" + patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch +fi