--- a/ChangeLog	Thu Jul 28 03:46:39 2016 +0100
+++ b/ChangeLog	Thu Jul 28 03:55:52 2016 +0100
@@ -1,3 +1,19 @@
+2016-04-23  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2900: Don't use WithSeed versions of NSS
+	functions as they don't fully process the seed
+	* Makefile.am:
+	(ECC_CHECK_SRCS): Add TestECDSA.java
+	(ecccheck): Only compile tests if SunEC is enabled.
+	(clean-ecccheck): Only remove build directory if
+	SunEC is enabled.
+	(check-ecc): Only run tests if SunEC is enabled.
+	Add running of TestECDSA. Call set -e so rule
+	fails if any test fails.
+	* test/standalone/TestECDSA.java:
+	New test to make sure SunEC can produce ECDSA
+	signatures.
+
 2015-05-20  Andrew John Hughes  <gnu_andrew@member.fsf.org>
 
 	PR3115: Add check for elliptic curve

--- a/Makefile.am	Thu Jul 28 03:46:39 2016 +0100
+++ b/Makefile.am	Thu Jul 28 03:55:52 2016 +0100
@@ -368,7 +368,8 @@
 
 REWRITER_SRCS = $(top_srcdir)/rewriter/com/redhat/rewriter/ClassRewriter.java
 CRYPTO_CHECK_SRCS = $(top_srcdir)/test/standalone/TestCryptoLevel.java
-ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java
+ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java \
+	$(top_srcdir)/test/standalone/TestECDSA.java
 MIME_TYPE_CHECK_SRCS = $(top_srcdir)/test/standalone/RH1195203.java
 
 # Patch list
@@ -3059,20 +3060,28 @@
 # ECC Availability Check
 
 stamps/ecccheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP)
+if ENABLE_SUNEC
 	mkdir -p $(ECC_CHECK_BUILD_DIR)
 	$(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
 	  -d $(ECC_CHECK_BUILD_DIR) $(ECC_CHECK_SRCS)
+endif
 	mkdir -p stamps
 	touch $@
 
 clean-ecccheck:
+if ENABLE_SUNEC
 	rm -rf $(ECC_CHECK_BUILD_DIR)
+endif
 	rm -f stamps/ecccheck.stamp
 
 stamps/check-ecc.stamp: stamps/ecccheck.stamp stamps/icedtea.stamp
+if ENABLE_SUNEC
+	set -e ; \
 	if [ -e $(BUILD_SDK_DIR)/bin/java ] ; then \
 	  $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport yes ; \
+	  $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestECDSA ; \
 	fi
+endif
 	mkdir -p stamps
 	touch $@
 

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/standalone/TestECDSA.java	Thu Jul 28 03:55:52 2016 +0100
@@ -0,0 +1,49 @@
+/* TestECDSA -- Ensure ECDSA signatures are working.
+   Copyright (C) 2016 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+
+/**
+ * @test
+ */
+public class TestECDSA {
+
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+        KeyPair key = keyGen.generateKeyPair();
+        
+        byte[] data = "This is a string to sign".getBytes("UTF-8");
+        
+        Signature dsa = Signature.getInstance("NONEwithECDSA");
+        dsa.initSign(key.getPrivate());
+        dsa.update(data);
+        byte[] sig = dsa.sign();
+        System.out.println("Signature: " + new BigInteger(1, sig).toString(16));
+        
+        Signature dsaCheck = Signature.getInstance("NONEwithECDSA");
+        dsaCheck.initVerify(key.getPublic());
+        dsaCheck.update(data);
+        boolean success = dsaCheck.verify(sig);
+        if (!success) {
+            throw new RuntimeException("Test failed. Signature verification error");
+        }
+        System.out.println("Test passed.");
+    }
+}