Mercurial > hg > icedtea7

--- a/ChangeLog	Mon Jul 13 15:12:51 2015 +0100
+++ b/ChangeLog	Tue Jul 14 00:48:43 2015 +0100
@@ -1,3 +1,24 @@
+2015-07-13  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2390: Make elliptic curve removal
+	optional
+	* INSTALL:
+	Document --enable-non-nss-curves.
+	* Makefile.am:
+	(ICEDTEA_PATCHES): Only apply
+	the RH1022017 patch when non-NSS
+	curves are not enabled.
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_ENABLE_NON_NSS_CURVES): New
+	macro to allow non-NSS curves to
+	be turned on.
+	* configure.ac:
+	Invoke IT_ENABLE_NON_NSS_CURVES.
+	* fsg.sh.in:
+	Don't alter the curve list when
+	non-NSS curves are enabled.
+
 2015-07-13  Andrew John Hughes  <gnu_andrew@member.fsf.org>

 	PR2172: --enable-jamvm builds broken, missing
--- a/INSTALL	Mon Jul 13 15:12:51 2015 +0100
+++ b/INSTALL	Tue Jul 14 00:48:43 2015 +0100
@@ -201,6 +201,7 @@
 * --enable-native-debuginfo: Include debuginfo in native binaries.
 * --enable-java-debuginfo: Include debuginfo in Java class files.
 * --enable-infinality: Use fontconfig for better font rendering
+* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521})

 Testing
 =======
--- a/Makefile.am	Mon Jul 13 15:12:51 2015 +0100
+++ b/Makefile.am	Tue Jul 14 00:48:43 2015 +0100
@@ -276,15 +276,12 @@
 endif

 if ENABLE_NSS
-ICEDTEA_PATCHES += patches/nss-config.patch \
-	patches/rh1022017.patch
+ICEDTEA_PATCHES += patches/nss-config.patch
 endif

-if ENABLE_SUNEC
-if !ENABLE_NSS
+if !USE_NON_NSS_CURVES
 ICEDTEA_PATCHES += patches/rh1022017.patch
 endif
-endif

 ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
--- a/NEWS	Mon Jul 13 15:12:51 2015 +0100
+++ b/NEWS	Tue Jul 14 00:48:43 2015 +0100
@@ -315,6 +315,7 @@
   - PR2323: System GConf without system GIO configuration broken
   - PR2328: GCJ uses ppc64el named libarch directory on ppc64le
   - PR2341: Update README & INSTALL files
+  - PR2390: Make elliptic curve removal optional
   - PR2394: ppc64le does not support -Xshare:dump
   - PR2395: Path to jvm.cfg is wrong in add-systemtap-boot
   - PR2446: Support system libsctp
--- a/acinclude.m4	Mon Jul 13 15:12:51 2015 +0100
+++ b/acinclude.m4	Tue Jul 14 00:48:43 2015 +0100
@@ -3017,3 +3017,19 @@
   AM_CONDITIONAL(USE_SYSTEM_SCTP, test x"${ENABLE_SYSTEM_SCTP}" = "xtrue")
   AC_SUBST(ENABLE_SYSTEM_SCTP)
 ])
+
+AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES],
+[
+  AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS])
+  AC_ARG_ENABLE([non-nss-curves],
+	      [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])],
+  [
+    ENABLE_NON_NSS_CURVES="${enableval}"
+  ],
+  [
+    ENABLE_NON_NSS_CURVES="no"
+  ])
+  AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES})
+  AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes")
+  AC_SUBST(ENABLE_NON_NSS_CURVES)
+])
--- a/configure.ac	Mon Jul 13 15:12:51 2015 +0100
+++ b/configure.ac	Tue Jul 14 00:48:43 2015 +0100
@@ -181,6 +181,7 @@
 IT_ENABLE_JAR_COMPRESSION
 IT_CHECK_ADDITIONAL_VMS
 IT_ENABLE_ARM32JIT
+IT_ENABLE_NON_NSS_CURVES

 IT_WITH_VERSION_SUFFIX
 IT_ENABLE_HG
--- a/fsg.sh.in	Mon Jul 13 15:12:51 2015 +0100
+++ b/fsg.sh.in	Tue Jul 14 00:48:43 2015 +0100
@@ -108,6 +108,7 @@
 echo "Removing EC source code we don't build"
 rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl

-echo "Syncing EC list with NSS"
-patch -Np0 < @abs_top_srcdir@/patches/pr2124.patch
-
+if test "x@ENABLE_NON_NSS_CURVES@" = "xno"; then
+  echo "Syncing EC list with NSS"
+  patch -Np0 < @abs_top_srcdir@/patches/pr2124.patch
+fi