Mercurial > hg > release > icedtea7-2.6
changeset 2710:57b8fd8c92eb
PR1699: Support building the SunEC provider with system NSS
2014-04-18 Andrew John Hughes <gnu.andrew@member.fsf.org>
* Makefile.am:
(ICEDTEA_ENV): Only add DISABLE_INTREE_EC if
ENABLE_SUNEC is not set. Set SYSTEM_NSS in both
cases and NSS_LIBS, NSS_CFLAGS and ECC_JUST_SUITE_B
when ENABLE_SUNEC is set.
* acinclude.m4:
(IT_LOCATE_NSS): Fix wording to make it clear that
this is the PKCS11 provider, using NSS as the
implementation.
(IT_ENABLE_SUNEC): Allow the Sun elliptic curve
crypto provider to be enabled.
* configure.ac:
Replace IT_LOCATE_NSS with IT_ENABLE_SUNEC (which
depends on the former).
* fsg.sh:
Only delete the SunEC implementation code at this
level. This is the part that is legally dubious,
due to the use of many more elliptic curves than
those provided by the NSS version.
* remove-intree-libraries.sh.in:
Include the remaining SunEC deletion from fsg.sh
here and make it optional.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Fri, 18 Apr 2014 17:11:05 +0100 |
parents | a9e744ed1395 |
children | f182d37df5a4 |
files | ChangeLog Makefile.am acinclude.m4 configure.ac fsg.sh remove-intree-libraries.sh.in |
diffstat | 6 files changed, 89 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Apr 17 02:57:23 2014 +0100 +++ b/ChangeLog Fri Apr 18 17:11:05 2014 +0100 @@ -1,3 +1,28 @@ +2014-04-18 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * Makefile.am: + (ICEDTEA_ENV): Only add DISABLE_INTREE_EC if + ENABLE_SUNEC is not set. Set SYSTEM_NSS in both + cases and NSS_LIBS, NSS_CFLAGS and ECC_JUST_SUITE_B + when ENABLE_SUNEC is set. + * acinclude.m4: + (IT_LOCATE_NSS): Fix wording to make it clear that + this is the PKCS11 provider, using NSS as the + implementation. + (IT_ENABLE_SUNEC): Allow the Sun elliptic curve + crypto provider to be enabled. + * configure.ac: + Replace IT_LOCATE_NSS with IT_ENABLE_SUNEC (which + depends on the former). + * fsg.sh: + Only delete the SunEC implementation code at this + level. This is the part that is legally dubious, + due to the use of many more elliptic curves than + those provided by the NSS version. + * remove-intree-libraries.sh.in: + Include the remaining SunEC deletion from fsg.sh + here and make it optional. + 2014-04-16 Andrew John Hughes <gnu.andrew@member.fsf.org> * NEWS:
--- a/Makefile.am Thu Apr 17 02:57:23 2014 +0100 +++ b/Makefile.am Fri Apr 18 17:11:05 2014 +0100 @@ -473,7 +473,6 @@ ALT_JIBX_LIBS_PATH="$(JIBX_DEPS_DIR)" \ DEBUG_CLASSFILES="true" \ DEBUG_BINARIES="true" \ - DISABLE_INTREE_EC="true" \ ALT_OUTPUTDIR="$(BUILD_OUTPUT_DIR)" \ VERBOSE="$(VERBOSE)" \ STATIC_CXX="false" \ @@ -561,6 +560,18 @@ PAX_COMMAND="${PAX_COMMAND}" endif +if ENABLE_SUNEC +ICEDTEA_ENV += \ + SYSTEM_NSS="true" \ + NSS_LIBS="${NSS_LIBS}" \ + NSS_CFLAGS="${NSS_CFLAGS}" \ + ECC_JUST_SUITE_B="true" +else +ICEDTEA_ENV += \ + SYSTEM_NSS="false" \ + DISABLE_INTREE_EC="true" +endif + # OpenJDK boot build environment. ICEDTEA_ENV_BOOT = $(ICEDTEA_ENV) \ BOOTCLASSPATH_CLS_RT="-bootclasspath $(CLS_DIR_BOOT):$(RUNTIME)" \
--- a/acinclude.m4 Thu Apr 17 02:57:23 2014 +0100 +++ b/acinclude.m4 Fri Apr 18 17:11:05 2014 +0100 @@ -1761,10 +1761,10 @@ AC_DEFUN_ONCE([IT_LOCATE_NSS], [ AC_REQUIRE([IT_OBTAIN_DEFAULT_LIBDIR]) -AC_MSG_CHECKING([whether to enable the NSS-based security provider]) +AC_MSG_CHECKING([whether to enable the PKCS11 crypto provider using NSS]) AC_ARG_ENABLE([nss], [AS_HELP_STRING([--enable-nss], - [Enable inclusion of NSS security provider])], + [Enable inclusion of PKCS11 crypto provider using NSS])], [ENABLE_NSS="${enableval}"], [ENABLE_NSS='no']) AM_CONDITIONAL([ENABLE_NSS], [test x$ENABLE_NSS = xyes]) if test "x${ENABLE_NSS}" = "xyes" @@ -2692,3 +2692,41 @@ AC_MSG_RESULT([$enable_arm32jit]) AM_CONDITIONAL([ENABLE_ARM32JIT], test x"${enable_arm32jit}" = "xyes") ]) + +AC_DEFUN_ONCE([IT_ENABLE_SUNEC], +[ + AC_REQUIRE([IT_LOCATE_NSS]) + AC_MSG_CHECKING([whether to enable the Sun elliptic curve crypto provider]) + AC_ARG_ENABLE([sunec], + [AS_HELP_STRING(--enable-sunec,build the Sun elliptic curve crypto provider [[default=no]])], + [ + case "${enableval}" in + yes) + enable_sunec=yes + ;; + *) + enable_sunec=no + ;; + esac + ], + [ + enable_sunec=no + ]) + AC_MSG_RESULT([$enable_sunec]) + AM_CONDITIONAL([ENABLE_SUNEC], test x"${enable_sunec}" = "xyes") + if test x"${enable_sunec}" = "xyes"; then + PKG_CHECK_MODULES(NSS_SOFTOKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no]) + PKG_CHECK_MODULES(NSS_JAVA, nss-java, [NSS_JAVA_FOUND=yes], [NSS_JAVA_FOUND=no]) + if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then + NSS_CFLAGS=$NSS_SOFTOKN_CFLAGS; + NSS_LIBS=$NSS_SOFTOKN_LIBS; + elif test "x${NSS_JAVA_FOUND}" = "xyes"; then + NSS_CFLAGS=$NSS_JAVA_CFLAGS; + NSS_LIBS=$NSS_JAVA_LIBS; + else + AC_MSG_ERROR([Could not find a suitable NSS installation to use for the SunEC provider.]) + fi + AC_SUBST(NSS_CFLAGS) + AC_SUBST(NSS_LIBS) + fi +])
--- a/configure.ac Thu Apr 17 02:57:23 2014 +0100 +++ b/configure.ac Fri Apr 18 17:11:05 2014 +0100 @@ -50,6 +50,7 @@ IT_DISABLE_HOTSPOT_TESTS IT_DISABLE_LANGTOOLS_TESTS IT_DISABLE_JDK_TESTS +IT_ENABLE_SUNEC # Use xvfb-run if found to run gui tests (check-jdk). AC_CHECK_PROG(XVFB_RUN_CMD, xvfb-run, [xvfb-run -a -e xvfb-errors], []) @@ -71,7 +72,6 @@ AM_CONDITIONAL([ENABLE_DOCS], [test x$ENABLE_DOCS = xyes]) AC_MSG_RESULT(${ENABLE_DOCS}) -IT_LOCATE_NSS IT_GET_PKGVERSION IT_GET_LSB_DATA
--- a/fsg.sh Thu Apr 17 02:57:23 2014 +0100 +++ b/fsg.sh Fri Apr 18 17:11:05 2014 +0100 @@ -106,10 +106,4 @@ rm -rvf openjdk/jdk/test/com/sun/servicetag echo "Removing EC source code we don't build" -rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java -rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java -rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java -rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java -rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java -rm -rvf openjdk/jdk/src/share/native/sun/security/ec -rm -rvf openjdk/jdk/make/sun/security/ec +rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
--- a/remove-intree-libraries.sh.in Thu Apr 17 02:57:23 2014 +0100 +++ b/remove-intree-libraries.sh.in Fri Apr 18 17:11:05 2014 +0100 @@ -63,3 +63,13 @@ echo "Removing libpcsc headers" rm -rvf ${PCSC_SRC} fi + +if test "x@ENABLE_SUNEC@" = "xno"; then +rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java +rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java +rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java +rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java +rm -rvf openjdk/jdk/src/share/native/sun/security/ec +rm -rvf openjdk/jdk/make/sun/security/ec +fi