Mercurial > hg > release > icedtea7-2.6

--- a/ChangeLog	Thu Apr 17 02:57:23 2014 +0100
+++ b/ChangeLog	Fri Apr 18 17:11:05 2014 +0100
@@ -1,3 +1,28 @@
+2014-04-18  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* Makefile.am:
+	(ICEDTEA_ENV): Only add DISABLE_INTREE_EC if
+	ENABLE_SUNEC is not set. Set SYSTEM_NSS in both
+	cases and NSS_LIBS, NSS_CFLAGS and ECC_JUST_SUITE_B
+	when ENABLE_SUNEC is set.
+	* acinclude.m4:
+	(IT_LOCATE_NSS): Fix wording to make it clear that
+	this is the PKCS11 provider, using NSS as the
+	implementation.
+	(IT_ENABLE_SUNEC): Allow the Sun elliptic curve
+	crypto provider to be enabled.
+	* configure.ac:
+	Replace IT_LOCATE_NSS with IT_ENABLE_SUNEC (which
+	depends on the former).
+	* fsg.sh:
+	Only delete the SunEC implementation code at this
+	level. This is the part that is legally dubious,
+	due to the use of many more elliptic curves than
+	those provided by the NSS version.
+	* remove-intree-libraries.sh.in:
+	Include the remaining SunEC deletion from fsg.sh
+	here and make it optional.
+
 2014-04-16  Andrew John Hughes  <gnu.andrew@member.fsf.org>

 	* NEWS:
--- a/Makefile.am	Thu Apr 17 02:57:23 2014 +0100
+++ b/Makefile.am	Fri Apr 18 17:11:05 2014 +0100
@@ -473,7 +473,6 @@
 	ALT_JIBX_LIBS_PATH="$(JIBX_DEPS_DIR)" \
 	DEBUG_CLASSFILES="true" \
 	DEBUG_BINARIES="true" \
-	DISABLE_INTREE_EC="true" \
 	ALT_OUTPUTDIR="$(BUILD_OUTPUT_DIR)" \
 	VERBOSE="$(VERBOSE)" \
 	STATIC_CXX="false" \
@@ -561,6 +560,18 @@
 	PAX_COMMAND="${PAX_COMMAND}"
 endif

+if ENABLE_SUNEC
+ICEDTEA_ENV += \
+	SYSTEM_NSS="true" \
+	NSS_LIBS="${NSS_LIBS}" \
+	NSS_CFLAGS="${NSS_CFLAGS}" \
+	ECC_JUST_SUITE_B="true"
+else
+ICEDTEA_ENV += \
+	SYSTEM_NSS="false" \
+	DISABLE_INTREE_EC="true"
+endif
+
 # OpenJDK boot build environment.
 ICEDTEA_ENV_BOOT = $(ICEDTEA_ENV) \
 	BOOTCLASSPATH_CLS_RT="-bootclasspath $(CLS_DIR_BOOT):$(RUNTIME)" \
--- a/acinclude.m4	Thu Apr 17 02:57:23 2014 +0100
+++ b/acinclude.m4	Fri Apr 18 17:11:05 2014 +0100
@@ -1761,10 +1761,10 @@
 AC_DEFUN_ONCE([IT_LOCATE_NSS],
 [
 AC_REQUIRE([IT_OBTAIN_DEFAULT_LIBDIR])
-AC_MSG_CHECKING([whether to enable the NSS-based security provider])
+AC_MSG_CHECKING([whether to enable the PKCS11 crypto provider using NSS])
 AC_ARG_ENABLE([nss],
 	      [AS_HELP_STRING([--enable-nss],
-	      		      [Enable inclusion of NSS security provider])],
+	      		      [Enable inclusion of PKCS11 crypto provider using NSS])],
 	      [ENABLE_NSS="${enableval}"], [ENABLE_NSS='no'])
 AM_CONDITIONAL([ENABLE_NSS], [test x$ENABLE_NSS = xyes])
 if test "x${ENABLE_NSS}" = "xyes"
@@ -2692,3 +2692,41 @@
   AC_MSG_RESULT([$enable_arm32jit])
   AM_CONDITIONAL([ENABLE_ARM32JIT], test x"${enable_arm32jit}" = "xyes")
 ])
+
+AC_DEFUN_ONCE([IT_ENABLE_SUNEC],
+[
+  AC_REQUIRE([IT_LOCATE_NSS])
+  AC_MSG_CHECKING([whether to enable the Sun elliptic curve crypto provider])
+  AC_ARG_ENABLE([sunec],
+                [AS_HELP_STRING(--enable-sunec,build the Sun elliptic curve crypto provider [[default=no]])],
+  [
+    case "${enableval}" in
+      yes)
+        enable_sunec=yes
+        ;;
+      *)
+        enable_sunec=no
+        ;;
+    esac
+  ],
+  [
+    enable_sunec=no
+  ])
+  AC_MSG_RESULT([$enable_sunec])
+  AM_CONDITIONAL([ENABLE_SUNEC], test x"${enable_sunec}" = "xyes")
+  if test x"${enable_sunec}" = "xyes"; then
+    PKG_CHECK_MODULES(NSS_SOFTOKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+    PKG_CHECK_MODULES(NSS_JAVA, nss-java, [NSS_JAVA_FOUND=yes], [NSS_JAVA_FOUND=no])
+    if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then
+      NSS_CFLAGS=$NSS_SOFTOKN_CFLAGS;
+      NSS_LIBS=$NSS_SOFTOKN_LIBS;
+    elif test "x${NSS_JAVA_FOUND}" = "xyes"; then
+      NSS_CFLAGS=$NSS_JAVA_CFLAGS;
+      NSS_LIBS=$NSS_JAVA_LIBS;
+    else
+      AC_MSG_ERROR([Could not find a suitable NSS installation to use for the SunEC provider.])
+    fi
+    AC_SUBST(NSS_CFLAGS)
+    AC_SUBST(NSS_LIBS)
+  fi
+])
--- a/configure.ac	Thu Apr 17 02:57:23 2014 +0100
+++ b/configure.ac	Fri Apr 18 17:11:05 2014 +0100
@@ -50,6 +50,7 @@
 IT_DISABLE_HOTSPOT_TESTS
 IT_DISABLE_LANGTOOLS_TESTS
 IT_DISABLE_JDK_TESTS
+IT_ENABLE_SUNEC

 # Use xvfb-run if found to run gui tests (check-jdk).
 AC_CHECK_PROG(XVFB_RUN_CMD, xvfb-run, [xvfb-run -a -e xvfb-errors], [])
@@ -71,7 +72,6 @@
 AM_CONDITIONAL([ENABLE_DOCS], [test x$ENABLE_DOCS = xyes])
 AC_MSG_RESULT(${ENABLE_DOCS})

-IT_LOCATE_NSS
 IT_GET_PKGVERSION
 IT_GET_LSB_DATA
--- a/fsg.sh	Thu Apr 17 02:57:23 2014 +0100
+++ b/fsg.sh	Fri Apr 18 17:11:05 2014 +0100
@@ -106,10 +106,4 @@
 rm -rvf openjdk/jdk/test/com/sun/servicetag

 echo "Removing EC source code we don't build"
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java
-rm -rvf openjdk/jdk/src/share/native/sun/security/ec
-rm -rvf openjdk/jdk/make/sun/security/ec
+rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
--- a/remove-intree-libraries.sh.in	Thu Apr 17 02:57:23 2014 +0100
+++ b/remove-intree-libraries.sh.in	Fri Apr 18 17:11:05 2014 +0100
@@ -63,3 +63,13 @@
   echo "Removing libpcsc headers"
   rm -rvf ${PCSC_SRC}
 fi
+
+if test "x@ENABLE_SUNEC@" = "xno"; then
+rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java
+rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
+rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
+rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
+rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java
+rm -rvf openjdk/jdk/src/share/native/sun/security/ec
+rm -rvf openjdk/jdk/make/sun/security/ec
+fi