Mercurial > hg > icedtea9
view patches/rh1022017.patch @ 2676:fef0a957b4af default tip
PR3679: Use the internal copy of the SunEC library rather than statically linking against NSS
2019-01-08 Andrew John Hughes <gnu_andrew@member.fsf.org>
PR3679: Use the internal copy of the SunEC library
rather than statically linking against NSS
* patches/disable-intree-ec.patch: Removed.
* patches/nss-config.patch: Removed.
* patches/nss-not-enabled-config.patch: Removed.
* patches/nss-not-enabled-config-with-sunec.patch:
Renamed to patches/pkcs11-nss-not-enabled-config.patch.
* patches/nss-config-with-sunec.patch:
Renamed to patches/pkcs11-nss-config.patch.
* INSTALL:
Remove --enable-sunec option. Update documentation
to match current situation with SunEC.
* Makefile.am:
(ICEDTEA_PATCHES): Remove disable-intree-ec.patch.
Remove PKCS11 config patches without the SunEC provider.
Rename remaining two to make it clear they are for
the PKCS11 provider.
(ICEDTEA_CONFIGURE): Remove use of system-nss
option which no longer exists, following PR3679.
(ICEDTEA_ENV): Remove NSS_LIBS and NSS_CFLAGS.
(check-ecc): Argument passed to the test should
now be "yes".
* NEWS: Updated.
* acinclude.m4:
(IT_ENABLE_SUNEC): Removed.
* configure.ac: Replace IT_ENABLE_SUNEC call with
IT_LOCATE_NSS.
* fsg.sh.in: Remove unused source code and use
new PR3679 patch instead of old PR2126 patch which
only alters Java code.
* patches/pr3679.patch: Renamed from patches/pr2126.patch,
updated to OpenJDK 9 paths and extended to patch native code.
* patches/rh1022017.patch: Updated to OpenJDK 9 paths.
* remove-intree-libraries.sh.in: Drop conditional removal
of SunEC code.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Fri, 11 Jan 2019 03:04:42 +0000 |
parents | 04327567ef0a |
children |
line wrap: on
line source
diff --git openjdk.orig/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java openjdk/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java --- openjdk.orig/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java +++ openjdk/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java @@ -37,25 +37,11 @@ // the extension value to send in the ClientHello message static final SupportedEllipticCurvesExtension DEFAULT; - private static final boolean fips; - static { - int[] ids; - fips = SunJSSE.isFIPS(); - if (fips == false) { - ids = new int[] { - // NIST curves first - // prefer NIST P-256, rest in order of increasing key length - 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, - // non-NIST curves - 15, 16, 17, 2, 18, 4, 5, 20, 8, 22, - }; - } else { - ids = new int[] { - // same as above, but allow only NIST curves in FIPS mode - 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, - }; - } + int[] ids = new int[] { + // NSS currently only supports these three NIST curves + 23, 24, 25 + }; DEFAULT = new SupportedEllipticCurvesExtension(ids); } @@ -150,10 +136,6 @@ if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) { return false; } - if (fips == false) { - // in non-FIPS mode, we support all valid indices - return true; - } return DEFAULT.contains(index); }