Mercurial > hg > release > icedtea8-3.0

changeset 2673:acea0f437f64 icedtea-3.0.1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR2934: SunEC provider throwing KeyException with current NSS 2016-04-23 Andrew John Hughes <gnu_andrew@member.fsf.org> PR2934: SunEC provider throwing KeyException with current NSS * Makefile.am: (ECC_RESULT): Removed. (ECC_CHECK_SRCS): Add TestECDSA.java (ecccheck): Only compile tests if SunEC is enabled. (clean-ecccheck): Only remove build directory if SunEC is enabled. (check-ecc): Only run tests if SunEC is enabled. Add running of TestECDSA. Call set -e so rule fails if any test fails. * test/standalone/TestECDSA.java: New test to make sure SunEC can produce ECDSA signatures.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Sun, 24 Apr 2016 07:31:15 +0100
parents b3d2517cef6f
children b0f59f1feb40
files ChangeLog Makefile.am test/standalone/TestECDSA.java
diffstat 3 files changed, 78 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sun Apr 24 07:17:12 2016 +0100
+++ b/ChangeLog	Sun Apr 24 07:31:15 2016 +0100
@@ -1,5 +1,23 @@
 2016-04-23  Andrew John Hughes  <gnu_andrew@member.fsf.org>
 
+	PR2934: SunEC provider throwing KeyException
+	with current NSS
+	* Makefile.am:
+	(ECC_RESULT): Removed.
+	(ECC_CHECK_SRCS): Add TestECDSA.java
+	(ecccheck): Only compile tests if SunEC is enabled.
+	(clean-ecccheck): Only remove build directory if
+	SunEC is enabled.
+	(check-ecc): Only run tests if SunEC is enabled.
+	Add running of TestECDSA. Call set -e so rule
+	fails if any test fails.
+	* test/standalone/TestECDSA.java:
+	New test to make sure SunEC can produce ECDSA
+	signatures.
+
+2016-04-23  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	Bump to icedtea-3.0.1.
 	* Makefile.am:
 	(JDK_UPDATE_VERSION): Bump to 91.
 	(BUILD_VERSION): Bump to b14.
--- a/Makefile.am	Sun Apr 24 07:17:12 2016 +0100
+++ b/Makefile.am	Sun Apr 24 07:31:15 2016 +0100
@@ -313,12 +313,6 @@
 SYSTEMTAP_TEST_SUITE = check-tapset
 endif
 
-if ENABLE_SUNEC
-ECC_RESULT = yes
-else
-ECC_RESULT = no
-endif
-
 # Target to ensure a patched OpenJDK tree containing Zero & Shark
 # and any overlays is available in $(abs_top_builddir)/openjdk
 OPENJDK_TREE = stamps/overlay.stamp
@@ -332,7 +326,8 @@
 
 CRYPTO_CHECK_SRCS = $(top_srcdir)/test/standalone/TestCryptoLevel.java
 
-ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java
+ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java \
+	$(top_srcdir)/test/standalone/TestECDSA.java
 
 # Patch list
 
@@ -2554,20 +2549,28 @@
 # ECC Availability Check
 
 stamps/ecccheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP)
+if ENABLE_SUNEC
 	mkdir -p $(ECC_CHECK_BUILD_DIR)
 	$(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
 	  -d $(ECC_CHECK_BUILD_DIR) $(ECC_CHECK_SRCS)
+endif
 	mkdir -p stamps
 	touch $@
 
 clean-ecccheck:
+if ENABLE_SUNEC
 	rm -rf $(ECC_CHECK_BUILD_DIR)
+endif
 	rm -f stamps/ecccheck.stamp
 
 stamps/check-ecc.stamp: stamps/ecccheck.stamp stamps/icedtea.stamp
+if ENABLE_SUNEC
+	set -e ; \
 	if [ -e $(BUILD_SDK_DIR)/bin/java ] ; then \
-	  $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport $(ECC_RESULT) ; \
+	  $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport yes ; \
+	  $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestECDSA ; \
 	fi
+endif
 	mkdir -p stamps
 	touch $@
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/standalone/TestECDSA.java	Sun Apr 24 07:31:15 2016 +0100
@@ -0,0 +1,49 @@
+/* TestECDSA -- Ensure ECDSA signatures are working.
+   Copyright (C) 2016 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+
+/**
+ * @test
+ */
+public class TestECDSA {
+
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+        KeyPair key = keyGen.generateKeyPair();
+        
+        byte[] data = "This is a string to sign".getBytes("UTF-8");
+        
+        Signature dsa = Signature.getInstance("NONEwithECDSA");
+        dsa.initSign(key.getPrivate());
+        dsa.update(data);
+        byte[] sig = dsa.sign();
+        System.out.println("Signature: " + new BigInteger(1, sig).toString(16));
+        
+        Signature dsaCheck = Signature.getInstance("NONEwithECDSA");
+        dsaCheck.initVerify(key.getPublic());
+        dsaCheck.update(data);
+        boolean success = dsaCheck.verify(sig);
+        if (!success) {
+            throw new RuntimeException("Test failed. Signature verification error");
+        }
+        System.out.println("Test passed.");
+    }
+}