Description of problem: This is a JDK 10 clone of bug 1537049. On JDK 8 (java-1.8.0-openjdk) one can use system NSS via a patched SunEC provider. This is currently not possible on JDK 10 (java-openjdk). It's a regression in terms of functionality. Version-Release number of selected component (if applicable): java-openjdk-10.0.0.46-10.fc27.x86_64 How reproducible: 100% Steps to Reproduce: 1. $ wget https://src.fedoraproject.org/rpms/java-9-openjdk/raw/master/f/TestECDSA.java 2. $ javac TestECDSA.java 3. $ /usr/lib/jvm/java-10-openjdk/bin/java TestECDSA Actual results: Exception in thread "main" java.security.NoSuchAlgorithmException: EC KeyPairGenerator not available at java.base/java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:236) at TestECDSA.main(TestECDSA.java:29) Expected results: Signature: 3045022100ec68089396b64d8797638f1e5e16092573309a97f66df1041460242595335a3e022065d6a34d1fd312f3295c6be73466f86820da3f5b88c4a43d6abb13005f7e2661 Test passed. Additional info: This works with latest java-1.8.0-openjdk, and fails with latest java-openjdk. $ rpm -ql java-1.8.0-openjdk-headless | grep libsunec /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.fc27.x86_64/jre/lib/amd64/libsunec.so $ ldd /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.fc27.x86_64/jre/lib/amd64/libsunec.so linux-vdso.so.1 (0x00007ffe6175b000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f529bc70000) libssl3.so => /lib64/libssl3.so (0x00007f529ba23000) libsmime3.so => /lib64/libsmime3.so (0x00007f529b7fc000) libnss3.so => /lib64/libnss3.so (0x00007f529b4d4000) libnssutil3.so => /lib64/libnssutil3.so (0x00007f529b2a4000) libplds4.so => /lib64/libplds4.so (0x00007f529b0a0000) libplc4.so => /lib64/libplc4.so (0x00007f529ae9b000) libnspr4.so => /lib64/libnspr4.so (0x00007f529ac5d000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f529aa3e000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f529a83a000) libm.so.6 => /lib64/libm.so.6 (0x00007f529a4e5000) libc.so.6 => /lib64/libc.so.6 (0x00007f529a102000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f5299eeb000) /lib64/ld-linux-x86-64.so.2 (0x00007f529c203000) libz.so.1 => /lib64/libz.so.1 (0x00007f5299cd4000) librt.so.1 => /lib64/librt.so.1 (0x00007f5299acc000) $ rpm -ql java-openjdk-headless | grep libsunec <nothing>
The port was fairly straight-forward. Only some files needed changing since they included source repository paths. Namely jdk-options.m4 and Lib-jdk.crypto.ec.gmk. PR which enables system NSS: https://src.fedoraproject.org/rpms/java-openjdk/pull-request/1 Scratch build with this is running: https://koji.fedoraproject.org/koji/taskinfo?taskID=26291651 Martin it would be appreciated if you could look this over. Thanks!
(In reply to Severin Gehwolf from comment #1) > Scratch build with this is running: > https://koji.fedoraproject.org/koji/taskinfo?taskID=26291651 For the record, this passed.
JDK 10 for F27 from: https://koji.fedoraproject.org/koji/taskinfo?taskID=26303153 $ rpm -q java-openjdk java-openjdk-10.0.0.46-12.fc27.x86_64 $ rpm -ql java-openjdk-headless | grep libsunec /usr/lib/jvm/java-10-openjdk-10.0.0.46-12.fc27.x86_64/lib/libsunec.so $ ldd /usr/lib/jvm/java-10-openjdk-10.0.0.46-12.fc27.x86_64/lib/libsunec.so linux-vdso.so.1 (0x00007ffd7157c000) libssl3.so => /lib64/libssl3.so (0x00007fdeabce7000) libsmime3.so => /lib64/libsmime3.so (0x00007fdeabac0000) libnss3.so => /lib64/libnss3.so (0x00007fdeab798000) libnssutil3.so => /lib64/libnssutil3.so (0x00007fdeab568000) libplds4.so => /lib64/libplds4.so (0x00007fdeab364000) libplc4.so => /lib64/libplc4.so (0x00007fdeab15f000) libnspr4.so => /lib64/libnspr4.so (0x00007fdeaaf21000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdeaad03000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fdeaaaff000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fdeaa778000) libm.so.6 => /lib64/libm.so.6 (0x00007fdeaa42d000) libc.so.6 => /lib64/libc.so.6 (0x00007fdeaa077000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fdea9e60000) librt.so.1 => /lib64/librt.so.1 (0x00007fdea9c58000) /lib64/ld-linux-x86-64.so.2 (0x00007fdeac146000) $ /usr/lib/jvm/java-10-openjdk/bin/java TestECDSA Signature: 30440220414ccda00b7ee01be3015115be47ec73550a23cdcf24bf258731294ebdbe822202203db858315dd94293e4ad5f47b09dbc3a2dd022251327e024eb94fbca28a86fc3 Test passed
$ /usr/lib/jvm/java-10-openjdk/bin/java TestECDSA Signature: 304502206791c2738381e0a8ab49db7ecb1435585ba95ec0bc3a06b20dff168b2ff96e7d022100b00121a0a36ecdd82b2075fe90b10e2d6e49b95539b78f32f9f8fcd2f3d08c98 Test passed. $ rpm -ql java-openjdk-headless | grep sunec /usr/lib/jvm/java-10-openjdk-10.0.1.10-1.fc27.x86_64/lib/libsunec.so $ ldd /usr/lib/jvm/java-10-openjdk-10.0.1.10-1.fc27.x86_64/lib/libsunec.so linux-vdso.so.1 (0x00007fff6df9b000) libssl3.so => /lib64/libssl3.so (0x00007fdd65663000) libsmime3.so => /lib64/libsmime3.so (0x00007fdd6543c000) libnss3.so => /lib64/libnss3.so (0x00007fdd65114000) libnssutil3.so => /lib64/libnssutil3.so (0x00007fdd64ee4000) libplds4.so => /lib64/libplds4.so (0x00007fdd64ce0000) libplc4.so => /lib64/libplc4.so (0x00007fdd64adb000) libnspr4.so => /lib64/libnspr4.so (0x00007fdd6489d000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdd6467f000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fdd6447b000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fdd640f4000) libm.so.6 => /lib64/libm.so.6 (0x00007fdd63da9000) libc.so.6 => /lib64/libc.so.6 (0x00007fdd639f3000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fdd637dc000) librt.so.1 => /lib64/librt.so.1 (0x00007fdd635d4000) /lib64/ld-linux-x86-64.so.2 (0x00007fdd65ac2000)
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days