Mercurial > hg > icedtea9

view patches/rh1022017.patch @ 2676:fef0a957b4af default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR3679: Use the internal copy of the SunEC library rather than statically linking against NSS 2019-01-08 Andrew John Hughes <gnu_andrew@member.fsf.org> PR3679: Use the internal copy of the SunEC library rather than statically linking against NSS * patches/disable-intree-ec.patch: Removed. * patches/nss-config.patch: Removed. * patches/nss-not-enabled-config.patch: Removed. * patches/nss-not-enabled-config-with-sunec.patch: Renamed to patches/pkcs11-nss-not-enabled-config.patch. * patches/nss-config-with-sunec.patch: Renamed to patches/pkcs11-nss-config.patch. * INSTALL: Remove --enable-sunec option. Update documentation to match current situation with SunEC. * Makefile.am: (ICEDTEA_PATCHES): Remove disable-intree-ec.patch. Remove PKCS11 config patches without the SunEC provider. Rename remaining two to make it clear they are for the PKCS11 provider. (ICEDTEA_CONFIGURE): Remove use of system-nss option which no longer exists, following PR3679. (ICEDTEA_ENV): Remove NSS_LIBS and NSS_CFLAGS. (check-ecc): Argument passed to the test should now be "yes". * NEWS: Updated. * acinclude.m4: (IT_ENABLE_SUNEC): Removed. * configure.ac: Replace IT_ENABLE_SUNEC call with IT_LOCATE_NSS. * fsg.sh.in: Remove unused source code and use new PR3679 patch instead of old PR2126 patch which only alters Java code. * patches/pr3679.patch: Renamed from patches/pr2126.patch, updated to OpenJDK 9 paths and extended to patch native code. * patches/rh1022017.patch: Updated to OpenJDK 9 paths. * remove-intree-libraries.sh.in: Drop conditional removal of SunEC code.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Fri, 11 Jan 2019 03:04:42 +0000
parents 04327567ef0a
children
line wrap: on
line source

diff --git openjdk.orig/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java openjdk/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java
--- openjdk.orig/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java
+++ openjdk/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java
@@ -37,25 +37,11 @@
     // the extension value to send in the ClientHello message
     static final SupportedEllipticCurvesExtension DEFAULT;
 
-    private static final boolean fips;
-
     static {
-        int[] ids;
-        fips = SunJSSE.isFIPS();
-        if (fips == false) {
-            ids = new int[] {
-                // NIST curves first
-                // prefer NIST P-256, rest in order of increasing key length
-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
-                // non-NIST curves
-                15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
-            };
-        } else {
-            ids = new int[] {
-                // same as above, but allow only NIST curves in FIPS mode
-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
-            };
-        }
+	int[] ids = new int[] {
+	    // NSS currently only supports these three NIST curves
+	    23, 24, 25
+	};
         DEFAULT = new SupportedEllipticCurvesExtension(ids);
     }
 
@@ -150,10 +136,6 @@
         if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
             return false;
         }
-        if (fips == false) {
-            // in non-FIPS mode, we support all valid indices
-            return true;
-        }
         return DEFAULT.contains(index);
     }