diff --git a/TestECDSA.java b/TestECDSA.java new file mode 100644 index 0000000..ca7fe59 --- /dev/null +++ b/TestECDSA.java @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +} diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes index 3d390fd..a040ec5 100644 --- a/java-1_8_0-openjdk.changes +++ b/java-1_8_0-openjdk.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Mar 1 08:41:19 UTC 2017 - fstrba@suse.com + +- Fix build of Sun Elliptical Curves Crypto provider on Tumbleweed. + Fixes bsc#1026102. +- Clean the mozilla-nss requires and move them into the headless + +------------------------------------------------------------------- +Tue Feb 21 07:18:27 UTC 2017 - asn@cryptomilk.org + +- Add a test to check that ECC is working + * new file TestECDSA.java + ------------------------------------------------------------------- Wed Feb 1 12:54:10 UTC 2017 - fstrba@suse.com diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec index 4112fa6..0b90dbd 100644 --- a/java-1_8_0-openjdk.spec +++ b/java-1_8_0-openjdk.spec @@ -138,16 +138,12 @@ %if 0%{?__isa_bits} %global bits %{__isa_bits} %endif -%bcond_with zero %if 0%{?suse_version} >= 1330 || 0%{?suse_version} == 1315 -%if %{with bootstrap} -%global with_sunec 0 -%else %global with_sunec 1 -%endif %else %global with_sunec 0 %endif +%bcond_with zero # Turn on/off some features depending on openSUSE version %if 0%{?suse_version} >= 1130 %if ! %{with zero} @@ -187,6 +183,8 @@ Source6: http://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_v Source7: http://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_version}/langtools.tar.xz Source8: http://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_version}/hotspot.tar.xz Source9: http://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_version}/nashorn.tar.xz +# Test +Source10: TestECDSA.java # RPM/distribution specific patches # RHBZ 1015432 Patch2: 1015432.patch @@ -234,12 +232,6 @@ BuildRequires: zip # Requires rest of java Requires: %{name}-headless = %{version}-%{release} Requires: fontconfig -# mozilla-nss has to be installed to prevent -# java.security.ProviderException: Could not initialize NSS -# ... -# java.io.FileNotFoundException: /usr/lib64/libnss3.so -#was bnc#634793 -Requires: mozilla-nss # Standard JPackage base provides. Provides: java = %{javaver} Provides: java-%{javaver} = %{version}-%{release} @@ -321,7 +313,6 @@ Summary: OpenJDK 8 Runtime Environment # Require jpackage-utils for ownership of /usr/lib/jvm/ Group: Development/Languages/Java Requires: jpackage-utils -%requires_eq mozilla-nss # Post requires update-alternatives to install tool update-alternatives. Requires(post): update-alternatives # Postun requires update-alternatives to uninstall tool update-alternatives. @@ -345,6 +336,19 @@ Provides: jndi-dns = %{version} Provides: jndi-ldap = %{version} Provides: jndi-rmi = %{version} Provides: jsse = %{version} +# mozilla-nss has to be installed to prevent +# java.security.ProviderException: Could not initialize NSS +# ... +# java.io.FileNotFoundException: /usr/lib64/libnss3.so +#was bnc#634793 +%if %{with sunec} +# The SunEC built against system NSS uses private APIs that +# change from time to time. Require thus the version we built +# against. +%requires_eq mozilla-nss +%else +Requires: mozilla-nss +%endif %if 0%{?suse_version} > 1320 # Require zoneinfo data in java8+ format provided by tzdata-java8 subpackage. Requires(post): tzdata-java8 @@ -874,6 +878,16 @@ then update-alternatives --remove jre_%{javaver} %{_jvmdir}/%{jrelnk} fi +%if %{with_sunec} +%check +export JAVA_HOME=$(pwd)/%{buildoutputdir}images/j2sdk-image + +# Check ECC is working +$JAVA_HOME/bin/javac -d . %{SOURCE10} +$JAVA_HOME/bin/java TestECDSA + +%endif + %if 0%{?suse_version} >= 1130 %posttrans headless # bnc#781690#c11: don't trust user defined JAVA_HOME and use the current VM