# HG changeset patch # User Andrew John Hughes # Date 1461479475 -3600 # Node ID acea0f437f64694665037b5688c11fb3f21ffea8 # Parent b3d2517cef6f619b8ff64b9dd504d3304ba0dd49 PR2934: SunEC provider throwing KeyException with current NSS 2016-04-23 Andrew John Hughes PR2934: SunEC provider throwing KeyException with current NSS * Makefile.am: (ECC_RESULT): Removed. (ECC_CHECK_SRCS): Add TestECDSA.java (ecccheck): Only compile tests if SunEC is enabled. (clean-ecccheck): Only remove build directory if SunEC is enabled. (check-ecc): Only run tests if SunEC is enabled. Add running of TestECDSA. Call set -e so rule fails if any test fails. * test/standalone/TestECDSA.java: New test to make sure SunEC can produce ECDSA signatures. diff -r b3d2517cef6f -r acea0f437f64 ChangeLog --- a/ChangeLog Sun Apr 24 07:17:12 2016 +0100 +++ b/ChangeLog Sun Apr 24 07:31:15 2016 +0100 @@ -1,5 +1,23 @@ 2016-04-23 Andrew John Hughes + PR2934: SunEC provider throwing KeyException + with current NSS + * Makefile.am: + (ECC_RESULT): Removed. + (ECC_CHECK_SRCS): Add TestECDSA.java + (ecccheck): Only compile tests if SunEC is enabled. + (clean-ecccheck): Only remove build directory if + SunEC is enabled. + (check-ecc): Only run tests if SunEC is enabled. + Add running of TestECDSA. Call set -e so rule + fails if any test fails. + * test/standalone/TestECDSA.java: + New test to make sure SunEC can produce ECDSA + signatures. + +2016-04-23 Andrew John Hughes + + Bump to icedtea-3.0.1. * Makefile.am: (JDK_UPDATE_VERSION): Bump to 91. (BUILD_VERSION): Bump to b14. diff -r b3d2517cef6f -r acea0f437f64 Makefile.am --- a/Makefile.am Sun Apr 24 07:17:12 2016 +0100 +++ b/Makefile.am Sun Apr 24 07:31:15 2016 +0100 @@ -313,12 +313,6 @@ SYSTEMTAP_TEST_SUITE = check-tapset endif -if ENABLE_SUNEC -ECC_RESULT = yes -else -ECC_RESULT = no -endif - # Target to ensure a patched OpenJDK tree containing Zero & Shark # and any overlays is available in $(abs_top_builddir)/openjdk OPENJDK_TREE = stamps/overlay.stamp @@ -332,7 +326,8 @@ CRYPTO_CHECK_SRCS = $(top_srcdir)/test/standalone/TestCryptoLevel.java -ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java +ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java \ + $(top_srcdir)/test/standalone/TestECDSA.java # Patch list @@ -2554,20 +2549,28 @@ # ECC Availability Check stamps/ecccheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP) +if ENABLE_SUNEC mkdir -p $(ECC_CHECK_BUILD_DIR) $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \ -d $(ECC_CHECK_BUILD_DIR) $(ECC_CHECK_SRCS) +endif mkdir -p stamps touch $@ clean-ecccheck: +if ENABLE_SUNEC rm -rf $(ECC_CHECK_BUILD_DIR) +endif rm -f stamps/ecccheck.stamp stamps/check-ecc.stamp: stamps/ecccheck.stamp stamps/icedtea.stamp +if ENABLE_SUNEC + set -e ; \ if [ -e $(BUILD_SDK_DIR)/bin/java ] ; then \ - $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport $(ECC_RESULT) ; \ + $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport yes ; \ + $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestECDSA ; \ fi +endif mkdir -p stamps touch $@ diff -r b3d2517cef6f -r acea0f437f64 test/standalone/TestECDSA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/standalone/TestECDSA.java Sun Apr 24 07:31:15 2016 +0100 @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +}