Mercurial > hg > release > icedtea8-3.0
changeset 2673:acea0f437f64 icedtea-3.0.1
PR2934: SunEC provider throwing KeyException with current NSS
2016-04-23 Andrew John Hughes <gnu_andrew@member.fsf.org>
PR2934: SunEC provider throwing KeyException
with current NSS
* Makefile.am:
(ECC_RESULT): Removed.
(ECC_CHECK_SRCS): Add TestECDSA.java
(ecccheck): Only compile tests if SunEC is enabled.
(clean-ecccheck): Only remove build directory if
SunEC is enabled.
(check-ecc): Only run tests if SunEC is enabled.
Add running of TestECDSA. Call set -e so rule
fails if any test fails.
* test/standalone/TestECDSA.java:
New test to make sure SunEC can produce ECDSA
signatures.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Sun, 24 Apr 2016 07:31:15 +0100 |
parents | b3d2517cef6f |
children | b0f59f1feb40 |
files | ChangeLog Makefile.am test/standalone/TestECDSA.java |
diffstat | 3 files changed, 78 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sun Apr 24 07:17:12 2016 +0100 +++ b/ChangeLog Sun Apr 24 07:31:15 2016 +0100 @@ -1,5 +1,23 @@ 2016-04-23 Andrew John Hughes <gnu_andrew@member.fsf.org> + PR2934: SunEC provider throwing KeyException + with current NSS + * Makefile.am: + (ECC_RESULT): Removed. + (ECC_CHECK_SRCS): Add TestECDSA.java + (ecccheck): Only compile tests if SunEC is enabled. + (clean-ecccheck): Only remove build directory if + SunEC is enabled. + (check-ecc): Only run tests if SunEC is enabled. + Add running of TestECDSA. Call set -e so rule + fails if any test fails. + * test/standalone/TestECDSA.java: + New test to make sure SunEC can produce ECDSA + signatures. + +2016-04-23 Andrew John Hughes <gnu_andrew@member.fsf.org> + + Bump to icedtea-3.0.1. * Makefile.am: (JDK_UPDATE_VERSION): Bump to 91. (BUILD_VERSION): Bump to b14.
--- a/Makefile.am Sun Apr 24 07:17:12 2016 +0100 +++ b/Makefile.am Sun Apr 24 07:31:15 2016 +0100 @@ -313,12 +313,6 @@ SYSTEMTAP_TEST_SUITE = check-tapset endif -if ENABLE_SUNEC -ECC_RESULT = yes -else -ECC_RESULT = no -endif - # Target to ensure a patched OpenJDK tree containing Zero & Shark # and any overlays is available in $(abs_top_builddir)/openjdk OPENJDK_TREE = stamps/overlay.stamp @@ -332,7 +326,8 @@ CRYPTO_CHECK_SRCS = $(top_srcdir)/test/standalone/TestCryptoLevel.java -ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java +ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java \ + $(top_srcdir)/test/standalone/TestECDSA.java # Patch list @@ -2554,20 +2549,28 @@ # ECC Availability Check stamps/ecccheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP) +if ENABLE_SUNEC mkdir -p $(ECC_CHECK_BUILD_DIR) $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \ -d $(ECC_CHECK_BUILD_DIR) $(ECC_CHECK_SRCS) +endif mkdir -p stamps touch $@ clean-ecccheck: +if ENABLE_SUNEC rm -rf $(ECC_CHECK_BUILD_DIR) +endif rm -f stamps/ecccheck.stamp stamps/check-ecc.stamp: stamps/ecccheck.stamp stamps/icedtea.stamp +if ENABLE_SUNEC + set -e ; \ if [ -e $(BUILD_SDK_DIR)/bin/java ] ; then \ - $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport $(ECC_RESULT) ; \ + $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport yes ; \ + $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestECDSA ; \ fi +endif mkdir -p stamps touch $@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/standalone/TestECDSA.java Sun Apr 24 07:31:15 2016 +0100 @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +}