Update to July 2019 CPU

Fixed requires/provides for non-system jdk (backport of RHBZ#1702324)
Updated sources to the latest CPU
2019-07-18 11:30:15 +02:00 · 2019-05-26 09:30:15 +02:00 · 2019-04-18 14:04:59 +02:00
23 changed files with 2035 additions and 6540 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,31 +1,4 @@
 /jdk-jdk12-jdk-12+33.tar.xz
 /systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
 /jdk-updates-jdk12u-jdk-12.0.1+12.tar.xz
-/jdk-jdk13-jdk-13+27.tar.xz
-/jdk-jdk13-jdk-13+28.tar.xz
-/jdk-jdk13-jdk-13+33.tar.xz
-/jdk-updates-jdk13u-jdk-13.0.1+9.tar.xz
-/jdk-updates-jdk13u-jdk-13.0.2+8.tar.xz
-/jdk-jdk14-jdk-14+36.tar.xz
-/jdk-updates-jdk14u-jdk-14.0.1+7.tar.xz
-/jdk-updates-jdk14u-jdk-14.0.2+12.tar.xz
-/jdk-jdk15-jdk-15+36.tar.xz
-/jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
-/tapsets-icedtea-3.15.0.tar.xz
-/jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
-/openjdk-jdk16-jdk-16+36.tar.xz
-/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
-/openjdk-jdk17-jdk-17+26.tar.xz
-/openjdk-jdk17-jdk-17+33.tar.xz
-/openjdk-jdk17-jdk-17+35.tar.xz
-/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
-/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
-/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
-/openjdk-jdk-jdk-18+27.tar.xz
-/openjdk-jdk18-jdk-18+27.tar.xz
-/openjdk-jdk18-jdk-18+37.tar.xz
-/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
-/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
-/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
-/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
-/openjdk-jdk19u-jdk-19+36.tar.xz
+/jdk-updates-jdk12u-jdk-12.0.2+9.tar.xz
--- a/CheckVendor.java
+++ b/CheckVendor.java
@ -1,65 +0,0 @@
-/* CheckVendor -- Check the vendor properties match specified values.
-   Copyright (C) 2020 Red Hat, Inc.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @test
- */
-public class CheckVendor {
-
-    public static void main(String[] args) {
-        if (args.length < 4) {
-            System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
-	    System.exit(1);
-	}
-
-	String vendor = System.getProperty("java.vendor");
-	String expectedVendor = args[0];
-	String vendorURL = System.getProperty("java.vendor.url");
-	String expectedVendorURL = args[1];
-	String vendorBugURL = System.getProperty("java.vendor.url.bug");
-	String expectedVendorBugURL = args[2];
-        String vendorVersionString = System.getProperty("java.vendor.version");
-        String expectedVendorVersionString = args[3];
-
-	if (!expectedVendor.equals(vendor)) {
-	    System.err.printf("Invalid vendor %s, expected %s\n",
-			      vendor, expectedVendor);
-	    System.exit(2);
-	}
-
-	if (!expectedVendorURL.equals(vendorURL)) {
-	    System.err.printf("Invalid vendor URL %s, expected %s\n",
-			      vendorURL, expectedVendorURL);
-	    System.exit(3);
-	}
-
-	if (!expectedVendorBugURL.equals(vendorBugURL)) {
-            System.err.printf("Invalid vendor bug URL %s, expected %s\n",
-			      vendorBugURL, expectedVendorBugURL);
-	    System.exit(4);
-	}
-
-        if (!expectedVendorVersionString.equals(vendorVersionString)) {
-            System.err.printf("Invalid vendor version string %s, expected %s\n",
-                              vendorVersionString, expectedVendorVersionString);
-	    System.exit(5);
-        }
-
-        System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
-                          vendor, vendorURL, vendorBugURL, vendorVersionString);
-    }
-}
--- a/126
+++ b/126
@ -1,126 +0,0 @@
-Key:
-
-JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
-CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-
-New in release OpenJDK 19.0.0 (2022-09-20):
-===========================================
-Major changes are listed below.  Some changes may have been backported
-to earlier releases following their first appearance in OpenJDK 19.
-
-The full list of changes in 19u can be found at:
-  * https://builds.shipilev.net/backports-monitor/release-notes-19.txt
-
-NEW FEATURES
-============
-
-Language Features
-=================
-
-Pattern Matching for switch
-===========================
-https://openjdk.org/jeps/406
-https://openjdk.org/jeps/420
-https://openjdk.org/jeps/427
-
-Enhance the Java programming language with pattern matching for
-`switch` expressions and statements, along with extensions to the
-language of patterns. Extending pattern matching to `switch` allows an
-expression to be tested against a number of patterns, each with a
-specific action, so that complex data-oriented queries can be
-expressed concisely and safely.
-
-This was a preview feature (http://openjdk.java.net/jeps/12) in
-OpenJDK 17 (JEP 406) and saw a second preview in OpenJDK 18 (JEP 420).
-It reaches its third preview (JEP 427) in OpenJDK 19.
-
-Record Patterns
-===============
-https://openjdk.org/jeps/405
-
-Enhance the Java programming language with record patterns to
-deconstruct record values. Record patterns and type patterns can be
-nested to enable a powerful, declarative, and composable form of data
-navigation and processing.
-
-This is a preview feature (http://openjdk.java.net/jeps/12) introduced
-in OpenJDK 19 (JEP 405)
-
-Library Features
-================
-
-Vector API
-==========
-https://openjdk.org/jeps/338
-https://openjdk.org/jeps/414
-https://openjdk.org/jeps/417
-https://openjdk.org/jeps/426
-
-Introduce an API to express vector computations that reliably compile
-at runtime to optimal vector hardware instructions on supported CPU
-architectures and thus achieve superior performance to equivalent
-scalar computations.
-
-This is an incubation feature (https://openjdk.java.net/jeps/11)
-introduced in OpenJDK 16 (JEP 338). A second round of incubation took
-place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third and
-OpenJDK 19 sees its fourth (JEP 426).
-
-Foreign Function & Memory API
-=============================
-https://openjdk.org/jeps/412
-https://openjdk.org/jeps/419
-https://openjdk.org/jeps/424
-
-Introduce an API by which Java programs can interoperate with code and
-data outside of the Java runtime. By efficiently invoking foreign
-functions (i.e., code outside the JVM), and by safely accessing
-foreign memory (i.e., memory not managed by the JVM), the API enables
-Java programs to call native libraries and process native data without
-the brittleness and danger of JNI.
-
-This API is now a preview feature (http://openjdk.java.net/jeps/12).
-It was first introduced in incubation
-(https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an
-evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and
-Foreign Linker API (OpenJDK 16) (see release notes for
-java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP
-419) before its inclusion as a preview in OpenJDK 19 (JEP 424).
-
-Virtual Threads
-===============
-https://openjdk.org/jeps/425
-
-Introduce virtual threads to the Java Platform. Virtual threads are
-lightweight threads that dramatically reduce the effort of writing,
-maintaining, and observing high-throughput concurrent applications.
-
-This is a preview feature (http://openjdk.java.net/jeps/12) introduced
-in OpenJDK 19 (JEP 425)
-
-Structured Concurrency
-======================
-https://openjdk.org/jeps/428
-
-Simplify multithreaded programming by introducing an API for
-structured concurrency. Structured concurrency treats multiple tasks
-running in different threads as a single unit of work, thereby
-streamlining error handling and cancellation, improving reliability,
-and enhancing observability.
-
-This is an incubation feature (https://openjdk.java.net/jeps/11)
-introduced in OpenJDK 19 (JEP 428).
-
-Ports
-=====
-
-Linux/RISC-V Port
-=================
-https://openjdk.org/jeps/422
-
-RISC-V is a free and open-source RISC instruction set architecture
-(ISA) designed originally at the University of California, Berkeley,
-and now developed collaboratively under the sponsorship of RISC-V
-International. It is already supported by a wide range of language
-toolchains. With the increasing availability of RISC-V hardware, a
-port of the JDK would be valuable.
--- a/TestSecurityProperties.java
+++ b/TestSecurityProperties.java
@ -1,84 +0,0 @@
-/* TestSecurityProperties -- Ensure system security properties can be used to
-                             enable the crypto policies.
-   Copyright (C) 2022 Red Hat, Inc.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.Security;
-import java.util.Properties;
-
-public class TestSecurityProperties {
-    // JDK 11
-    private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
-    // JDK 8
-    private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
-
-    private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
-
-    private static final String MSG_PREFIX = "DEBUG: ";
-
-    public static void main(String[] args) {
-        if (args.length == 0) {
-            System.err.println("TestSecurityProperties <true|false>");
-            System.err.println("Invoke with 'true' if system security properties should be enabled.");
-            System.err.println("Invoke with 'false' if system security properties should be disabled.");
-            System.exit(1);
-        }
-        boolean enabled = Boolean.valueOf(args[0]);
-        System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
-        Properties jdkProps = new Properties();
-        loadProperties(jdkProps);
-        if (enabled) {
-            loadPolicy(jdkProps);
-        }
-        for (Object key: jdkProps.keySet()) {
-            String sKey = (String)key;
-            String securityVal = Security.getProperty(sKey);
-            String jdkSecVal = jdkProps.getProperty(sKey);
-            if (!securityVal.equals(jdkSecVal)) {
-                String msg = "Expected value '" + jdkSecVal + "' for key '" +
-                             sKey + "'" + " but got value '" + securityVal + "'";
-                throw new RuntimeException("Test failed! " + msg);
-            } else {
-                System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
-            }
-        }
-        System.out.println("TestSecurityProperties PASSED!");
-    }
-
-    private static void loadProperties(Properties props) {
-        String javaVersion = System.getProperty("java.version");
-        System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
-        String propsFile = JDK_PROPS_FILE_JDK_11;
-        if (javaVersion.startsWith("1.8.0")) {
-            propsFile = JDK_PROPS_FILE_JDK_8;
-        }
-        try (FileInputStream fin = new FileInputStream(propsFile)) {
-            props.load(fin);
-        } catch (Exception e) {
-            throw new RuntimeException("Test failed!", e);
-        }
-    }
-
-    private static void loadPolicy(Properties props) {
-        try (FileInputStream fin = new FileInputStream(POLICY_FILE)) {
-            props.load(fin);
-        } catch (Exception e) {
-            throw new RuntimeException("Test failed!", e);
-        }
-    }
-
-}
--- a/TestTranslations.java
+++ b/TestTranslations.java
@ -1,35 +0,0 @@
-/* TestTranslations -- Ensure translations are available for new timezones
-   Copyright (C) 2022 Red Hat, Inc.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-import java.util.Arrays;
-import java.util.Locale;
-import java.util.ResourceBundle;
-
-import sun.util.resources.LocaleData;
-import sun.util.locale.provider.LocaleProviderAdapter;
-
-public class TestTranslations {
-    public static void main(String[] args) {
-        for (String zone : args) {
-            System.out.printf("Translations for %s\n", zone);
-            for (Locale l : Locale.getAvailableLocales()) {
-                ResourceBundle bundle = new LocaleData(LocaleProviderAdapter.Type.JRE).getTimeZoneNames(l);
-                System.out.printf("Locale: %s, language: %s, translations: %s\n", l, l.getDisplayLanguage(), Arrays.toString(bundle.getStringArray(zone)));
-            }
-        }
-    }
-}
--- a/fips-19u-d95bb40c7c8.patch
+++ b/fips-19u-d95bb40c7c8.patch
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@ -3,13 +3,13 @@
 #
 # Example:
 # When used from local repo set REPO_ROOT pointing to file:// with your repo
-# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
-# If you want to use a local copy of patch PR3788, set the path to it in the PR3788 variable
+# if your local repo follows upstream forests conventions, you may be enough by setting OPENJDK_URL
+# if you wont to use local copy of patch PR2126 set path to it to PR2126 variable
 #
 # In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=openjdk
-# REPO_NAME=jdk18u
-# VERSION=jdk-18.0.1+10
+# PROJECT_NAME=jdk
+# REPO_NAME=jdk
+# VERSION=tip
 # or to eg prepare systemtap:
 # icedtea7's jstack and other tapsets
 # VERSION=6327cf1cea9e
@ -26,19 +26,17 @@
 # level folder, name is created, based on parameter
 #

-if [ ! "x$PR3823" = "x" ] ; then
-  if [ ! -f "$PR3823" ] ; then
-    echo "You have specified PR3823 as $PR3823 but it does not exist. Exiting"
+if [ ! "x$PR2126" = "x" ] ; then
+  if [ ! -f "$PR2126" ] ; then
+    echo "You have specified PR2126 as $PR2126 but it does not exists. exiting"
    exit 1
  fi
 fi

 set -e

-OPENJDK_URL_DEFAULT=https://github.com
+OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
 COMPRESSION_DEFAULT=xz
-# Corresponding IcedTea version
-ICEDTEA_VERSION=13.0

 if [ "x$1" = "xhelp" ] ; then
    echo -e "Behaviour may be specified by setting the following variables:\n"
@ -48,8 +46,9 @@ if [ "x$1" = "xhelp" ] ; then
    echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
    echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
    echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
+    echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
    echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
-    echo "PR3823 - the path to the PR3823 patch to apply (optional; downloaded if unavailable)"
+    echo "PR2126 - the path to the PR2126 patch to apply (optional; downloaded if unavailable)"
    exit 1;
 fi

@ -92,7 +91,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
    echo "No file name root specified; default to ${FILE_NAME_ROOT}"
 fi
 if [ "x$REPO_ROOT" = "x" ] ; then
-    REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
+    REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
    echo "No repository root specified; default to ${REPO_ROOT}"
 fi;

@ -109,7 +108,7 @@ else
  mkdir "${FILE_NAME_ROOT}"
  pushd "${FILE_NAME_ROOT}"
    echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-    git clone -b ${VERSION} ${REPO_ROOT} openjdk
+    hg clone ${REPO_ROOT} openjdk -r ${VERSION}
  popd
 fi
 pushd "${FILE_NAME_ROOT}"
@ -117,40 +116,21 @@ pushd "${FILE_NAME_ROOT}"
        pushd openjdk
            echo "Removing EC source code we don't build"
            CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
-	    rm -vf ${CRYPTO_PATH}/ec2.h
-	    rm -vf ${CRYPTO_PATH}/ec2_163.c
-	    rm -vf ${CRYPTO_PATH}/ec2_193.c
-	    rm -vf ${CRYPTO_PATH}/ec2_233.c
-	    rm -vf ${CRYPTO_PATH}/ec2_aff.c
-	    rm -vf ${CRYPTO_PATH}/ec2_mont.c
-	    rm -vf ${CRYPTO_PATH}/ecp_192.c
-	    rm -vf ${CRYPTO_PATH}/ecp_224.c
-
+            rm -vrf $CRYPTO_PATH
            echo "Syncing EC list with NSS"
-            if [ "x$PR3823" = "x" ] ; then
-                # get PR3823.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
-                # Do not push it or publish it
-		echo "PR3823 not found. Downloading..."
-		wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3823.patch
-	        echo "Applying ${PWD}/pr3823.patch"
-		patch -Np1 < pr3823.patch
-		rm pr3823.patch
-	    else
-		echo "Applying ${PR3823}"
-		patch -Np1 < $PR3823
+            if [ "x$PR2126" = "x" ] ; then
+                # orriginally for 8:
+                # get pr2126.patch (from http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=8d2c9a898f50) from most correct tag
+                # Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2126)
+                # there is currnetly no "upstram version of this patch, hardcoding custom version
+                PR2126="../../pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch"
            fi;
+            echo "Applying ${PR2126}"
+            patch -Np1 < $PR2126
            find . -name '*.orig' -exec rm -vf '{}' ';'
        popd
    fi

-    # Generate .src-rev so build has knowledge of the revision the tarball was created from
-    mkdir build
-    pushd build
-    sh ${PWD}/../openjdk/configure
-    make store-source-revision
-    popd
-    rm -rf build
-
    echo "Compressing remaining forest"
    if [ "X$COMPRESSION" = "Xxz" ] ; then
        SWITCH=cJf
@ -161,3 +141,5 @@ pushd "${FILE_NAME_ROOT}"
    mv ${FILE_NAME_ROOT}.tar.${COMPRESSION}  ..
 popd
 echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
+
+
--- a/icedtea_sync.sh
+++ b/icedtea_sync.sh
@ -1,192 +0,0 @@
-#!/bin/bash
-
-# Copyright (C) 2019 Red Hat, Inc.
-# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-ICEDTEA_USE_VCS=true
-
-ICEDTEA_VERSION=3.15.0
-ICEDTEA_URL=https://icedtea.classpath.org/download/source
-ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
-
-ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
-
-set -e
-
-RPM_DIR=${PWD}
-if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then
-    echo "Not in RPM source tree.";
-    exit 1;
-fi
-
-if test "x${TMPDIR}" = "x"; then
-    TMPDIR=/tmp;
-fi
-WORKDIR=${TMPDIR}/it.sync
-
-echo "Using working directory ${WORKDIR}"
-mkdir ${WORKDIR}
-pushd ${WORKDIR}
-
-if test "x${WGET}" = "x"; then
-    WGET=$(which wget);
-    if test "x${WGET}" = "x"; then
-	echo "wget not found";
-	exit 1;
-    fi
-fi
-
-if test "x${TAR}" = "x"; then
-    TAR=$(which tar)
-    if test "x${TAR}" = "x"; then
-	echo "tar not found";
-	exit 2;
-    fi
-fi
-
-echo "Dependencies:";
-echo -e "\tWGET: ${WGET}";
-echo -e "\tTAR: ${TAR}\n";
-
-if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then
-    echo "Mode: Using VCS";
-
-    if test "x${GREP}" = "x"; then
-	GREP=$(which grep);
-	if test "x${GREP}" = "x"; then
-	    echo "grep not found";
-	    exit 3;
-	fi
-    fi
-
-    if test "x${CUT}" = "x"; then
-	CUT=$(which cut);
-	if test "x${CUT}" = "x"; then
-	    echo "cut not found";
-	    exit 4;
-	fi
-    fi
-
-    if test "x${TR}" = "x"; then
-	TR=$(which tr);
-	if test "x${TR}" = "x"; then
-	    echo "tr not found";
-	    exit 5;
-	fi
-    fi
-
-    if test "x${HG}" = "x"; then
-	HG=$(which hg);
-	if test "x${HG}" = "x"; then
-	    echo "hg not found";
-	    exit 6;
-	fi
-    fi
-
-    echo "Dependencies:";
-    echo -e "\tGREP: ${GREP}";
-    echo -e "\tCUT: ${CUT}";
-    echo -e "\tTR: ${TR}";
-    echo -e "\tHG: ${HG}";
-
-    echo "Checking out repository from VCS...";
-    ${HG} clone ${ICEDTEA_HG_URL} icedtea
-
-    echo "Obtaining version from configure.ac...";
-    ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
-    echo "Root version from configure: ${ROOT_VER}";
-
-    VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
-    echo "VCS revision: ${VCS_REV}";
-
-    ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
-    echo "Creating icedtea-${ICEDTEA_VERSION}";
-    mkdir icedtea-${ICEDTEA_VERSION}
-    echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
-    # Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
-    #cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
-    cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION}
-    cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION}
-
-    rm -rf icedtea
-else
-    echo "Mode: Using tarball";
-
-    if test "x${ICEDTEA_VERSION}" = "x"; then
-	echo "No IcedTea version specified for tarball download.";
-	exit 3;
-    fi
-
-    if test "x${CHECKSUM}" = "x"; then
-	CHECKSUM=$(which sha256sum)
-	if test "x${CHECKSUM}" = "x"; then
-	    echo "sha256sum not found";
-	    exit 4;
-	fi
-    fi
-
-    if test "x${PGP}" = "x"; then
-	PGP=$(which gpg)
-	if test "x${PGP}" = "x"; then
-	    echo "gpg not found";
-	    exit 5;
-	fi
-    fi
-
-    echo "Dependencies:";
-    echo -e "\tCHECKSUM: ${CHECKSUM}";
-    echo -e "\tPGP: ${PGP}\n";
-
-    echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
-    if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
-	echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
-	exit 6;
-    fi
-
-    echo "Downloading IcedTea release tarball...";
-    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
-    echo "Downloading IcedTea tarball signature...";
-    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-    echo "Downloading IcedTea tarball checksums...";
-    ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
-
-    echo "Verifying checksums...";
-    ${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
-
-    echo "Checking signature...";
-    ${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-
-    echo "Extracting files...";
-    ${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
-       icedtea-${ICEDTEA_VERSION}/tapset \
-       icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
-
-    rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
-    rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-    rm -vf icedtea-${ICEDTEA_VERSION}.sha256
-fi
-
-echo "Replacing desktop files...";
-mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR}
-
-echo "Creating new tapset tarball...";
-mv -v icedtea-${ICEDTEA_VERSION} openjdk
-${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
-
-rm -rvf openjdk
-
-popd
-rm -rf ${WORKDIR}
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
--- a/jconsole.desktop.in
+++ b/jconsole.desktop.in
@ -1,8 +1,8 @@
 [Desktop Entry]
-Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
-Comment=Monitor and manage OpenJDK applications
-Exec=_SDKBINDIR_/jconsole
-Icon=java-@JAVA_VER@-@JAVA_VENDOR@
+Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
+Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
+Exec=@JAVA_HOME@/jconsole
+Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
 Terminal=false
 Type=Application
 StartupWMClass=sun-tools-jconsole-JConsole
--- a/jdk8292223-tzdata2022b-kyiv.patch
+++ b/jdk8292223-tzdata2022b-kyiv.patch
@ -1,132 +0,0 @@
-diff --git a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
-index 8759aab3995..11ccbf73839 100644
--- a/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
-+++ b/src/java.base/share/classes/sun/util/resources/TimeZoneNames.java
-@@ -847,6 +847,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle {
-             {"Europe/Kirov", new String[] {"Kirov Standard Time", "GMT+03:00",
-                                            "Kirov Daylight Time", "GMT+03:00",
-                                            "Kirov Time", "GMT+03:00"}},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
-index f007c1a8d3b..617268e4cf3 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_de.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
-index 386414e16e6..14c5d89b9c5 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_es.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
-index d23f5fd49e6..44117125619 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_fr.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
-index b4f57d4568c..efa818f3865 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_it.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
-index 1a10a9f96dc..7c0565461ad 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ja.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
-index 9a2d9e5c57c..8a2c805997f 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_ko.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
-index de5e5c82daa..e3c06417f09 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_pt_BR.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
-index b53de4d8c89..3e46b6a063e 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_sv.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
-index 7797cda19d5..590908409a8 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_CN.java
-@@ -825,6 +825,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
-diff --git a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
-index 2cd10554853..23c5f180b6d 100644
--- a/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
-+++ b/src/jdk.localedata/share/classes/sun/util/resources/ext/TimeZoneNames_zh_TW.java
-@@ -827,6 +827,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle {
-             {"Europe/Jersey", GMTBST},
-             {"Europe/Kaliningrad", EET},
-             {"Europe/Kiev", EET},
-+            {"Europe/Kyiv", EET},
-             {"Europe/Lisbon", WET},
-             {"Europe/Ljubljana", CET},
-             {"Europe/London", GMTBST},
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@ -1,8 +0,0 @@
-name = NSS-FIPS
-nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = sql:/etc/pki/nssdb
-nssDbMode = readOnly
-nssModule = fips
-
-attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
-
--- a/openjdk_news.sh
+++ b/openjdk_news.sh
@ -1,76 +0,0 @@
-#!/bin/bash
-
-# Copyright (C) 2022 Red Hat, Inc.
-# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-OLD_RELEASE=$1
-NEW_RELEASE=$2
-SUBDIR=$3
-REPO=$4
-SCRIPT_DIR=$(dirname ${0})
-
-if test "x${SUBDIR}" = "x"; then
-    echo "No subdirectory specified; using .";
-    SUBDIR=".";
-fi
-
-if test "x$REPO" = "x"; then
-    echo "No repository specified; using ${PWD}"
-    REPO=${PWD}
-fi
-
-if test x${TMPDIR} = x; then
-    TMPDIR=/tmp;
-fi
-
-echo "Repository: ${REPO}"
-
-if [ -e ${REPO}/.git ] ; then
-    TYPE=git;
-elif [ -e ${REPO}/.hg ] ; then
-    TYPE=hg;
-else
-    echo "No Mercurial or Git repository detected.";
-    exit 1;
-fi
-
-if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
-    echo "ERROR: Need to specify old and new release";
-    exit 2;
-fi
-
-echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
-for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
-do
-    if test "x$TYPE" = "xhg"; then
-	hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
-	    egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])#  - JDK-\1#'| \
-	    sed 's#^[o:| ]*summary:\W*#  - #' >> ${TMPDIR}/fixes2;
-	hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
-	    egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})#  - JDK-\1#' >> ${TMPDIR}/fixes3;
-    else
-	git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
-	    sed -r 's#^([0-9])#  - JDK-\1#' >> ${TMPDIR}/fixes2;
-	touch ${TMPDIR}/fixes3 ; # unused
-    fi
-done
-
-sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
-
-echo "In ${TMPDIR}/fixes:"
-cat ${TMPDIR}/fixes
--- a/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk12.patch
+++ b/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk12.patch
@ -0,0 +1,649 @@
+diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4
+--- a/make/autoconf/jdk-options.m4
+++ b/make/autoconf/jdk-options.m4
+@@ -267,9 +267,10 @@
+ #
+ AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
+ [
+  AC_REQUIRE([LIB_SETUP_MISC_LIBS])
+   AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
+ 
+-  if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
+  if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
+     ENABLE_INTREE_EC=true
+     AC_MSG_RESULT([yes])
+   else
+diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
+--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
+@@ -178,6 +178,48 @@
+   AC_SUBST(LIBDL)
+   LIBS="$save_LIBS"
+
+  ###############################################################################
+  #
+  # Check for the NSS libraries
+  #
+
+  AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
+
+  # default is bundled
+  DEFAULT_SYSTEM_NSS=no
+
+  AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
+     [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
+  [
+    case "${enableval}" in
+      yes)
+        system_nss=yes
+        ;;
+      *)
+        system_nss=no
+        ;;
+    esac
+  ],
+  [
+    system_nss=${DEFAULT_SYSTEM_NSS}
+  ])
+  AC_MSG_RESULT([$system_nss])
+
+  if test "x${system_nss}" = "xyes"; then
+      PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+      PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
+      if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
+          NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
+	  USE_EXTERNAL_NSS=true
+      else
+	  AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
+      fi
+  else
+      USE_EXTERNAL_NSS=false
+  fi
+  AC_SUBST(USE_EXTERNAL_NSS)
+
+
+   # Control if libzip can use mmap. Available for purposes of overriding.
+   LIBZIP_CAN_USE_MMAP=true
+   AC_SUBST(LIBZIP_CAN_USE_MMAP)
+diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
+--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
+@@ -795,6 +795,10 @@
+ # Libraries
+ #
+ 
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
+NSS_LIBS:=@NSS_LIBS@
+NSS_CFLAGS:=@NSS_CFLAGS@
+
+ USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
+ LCMS_CFLAGS:=@LCMS_CFLAGS@
+ LCMS_LIBS:=@LCMS_LIBS@
+diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk
+--- a/make/lib/Lib-jdk.crypto.ec.gmk
+++ b/make/lib/Lib-jdk.crypto.ec.gmk
+@@ -28,19 +28,26 @@
+ ################################################################################
+ 
+ ifeq ($(ENABLE_INTREE_EC), true)
+  ifeq ($(USE_EXTERNAL_NSS), true)
+    BUILD_LIBSUNEC_CFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+    BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+  endif
+
+   $(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \
+       NAME := sunec, \
+       TOOLCHAIN := TOOLCHAIN_LINK_CXX, \
+       OPTIMIZATION := LOW, \
+-      CFLAGS := $(CFLAGS_JDKLIB) \
+      CFLAGS := $(BUILD_LIBSUNEC_CFLAGS_JDKLIB) $(CFLAGS_JDKLIB) \
+           -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
+-      CXXFLAGS := $(CXXFLAGS_JDKLIB), \
+      CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB) $(CXXFLAGS_JDKLIB), \
+       DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough unused-value, \
+       DISABLED_WARNINGS_clang := sign-compare, \
+       DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
+-      LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
+      LDFLAGS := $(subst -Xlinker --as-needed,, \
+                 $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
+       LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
+       LIBS := $(LIBCXX), \
+      LIBS_linux := -lc $(NSS_LIBS), \
+   ))
+ 
+   TARGETS += $(BUILD_LIBSUNEC)
+diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h
+--- a/src/java.base/unix/native/include/jni_md.h
+++ b/src/java.base/unix/native/include/jni_md.h
+@@ -41,6 +41,11 @@
+   #define JNIEXPORT
+   #define JNIIMPORT
+ #endif
+#if (defined(__GNUC__)) || __has_attribute(unused)
+  #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
+#else
+  #define UNUSED(x) UNUSED_ ## x
+#endif
+ 
+ #define JNICALL
+ 
+diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+@@ -61,6 +61,7 @@
+             AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                 public Void run() {
+                     System.loadLibrary("sunec"); // check for native library
+                    initialize();
+                     return null;
+                 }
+             });
+@@ -293,6 +294,11 @@
+             "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
+     }
+ 
+    /**
+     * Initialize the native code.
+     */
+    private static native void initialize();
+
+     private void putXDHEntries() {
+ 
+         HashMap<String, String> ATTRS = new HashMap<>(1);
+diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+--- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+@@ -25,7 +25,11 @@
+ 
+ #include <jni.h>
+ #include "jni_util.h"
+#ifdef SYSTEM_NSS
+#include "ecc_impl.h"
+#else
+ #include "impl/ecc_impl.h"
+#endif
+ #include "sun_security_ec_ECDHKeyAgreement.h"
+ #include "sun_security_ec_ECKeyPairGenerator.h"
+ #include "sun_security_ec_ECDSASignature.h"
+@@ -33,6 +37,13 @@
+ #define INVALID_PARAMETER_EXCEPTION \
+         "java/security/InvalidParameterException"
+ #define KEY_EXCEPTION   "java/security/KeyException"
+#define INTERNAL_ERROR "java/lang/InternalError"
+
+#ifdef SYSTEM_NSS
+#define SYSTEM_UNUSED(x) UNUSED(x)
+#else
+#define SYSTEM_UNUSED(x) x
+#endif
+ 
+ extern "C" {
+ 
+@@ -55,8 +66,13 @@
+ /*
+  * Deep free of the ECParams struct
+  */
+-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
+ {
+#ifdef SYSTEM_NSS
+    // Needs to be freed using the matching method to the one
+    // that allocated it. PR_TRUE means the memory is zeroed.
+    PORT_FreeArena(ecparams->arena, PR_TRUE);
+#else
+     // Use B_FALSE to free the SECItem->data element, but not the SECItem itself
+     // Use B_TRUE to free both
+ 
+@@ -70,6 +86,7 @@
+     SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
+     if (freeStruct)
+         free(ecparams);
+#endif
+ }
+ 
+ jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
+@@ -139,7 +156,7 @@
+  */
+ JNIEXPORT jobjectArray
+ JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
+-  (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
+  (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
+ {
+     ECPrivateKey *privKey = NULL; // contains both public and private values
+     ECParams *ecparams = NULL;
+@@ -171,8 +188,17 @@
+     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
+ 
+     // Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+        != SECSuccess) {
+        ThrowException(env, KEY_EXCEPTION);
+        goto cleanup;
+    }
+    if (EC_NewKey(ecparams, &privKey) != SECSuccess) {    
+#else    
+     if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
+         jSeedLength, 0) != SECSuccess) {
+#endif
+         ThrowException(env, KEY_EXCEPTION);
+         goto cleanup;
+     }
+@@ -219,10 +245,15 @@
+         }
+         if (privKey) {
+             FreeECParams(&privKey->ecParams, false);
+#ifndef SYSTEM_NSS
+	    // The entire ECPrivateKey is allocated in the arena
+	    // when using system NSS, so only the in-tree version
+	    // needs to clear these manually.
+             SECITEM_FreeItem(&privKey->version, B_FALSE);
+             SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
+             SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
+             free(privKey);
+#endif
+         }
+ 
+         if (pSeedBuffer) {
+@@ -240,7 +271,7 @@
+  */
+ JNIEXPORT jbyteArray
+ JNICALL Java_sun_security_ec_ECDSASignature_signDigest
+-  (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+  (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+ {
+     jbyte* pDigestBuffer = NULL;
+     jint jDigestLength = env->GetArrayLength(digest);
+@@ -299,8 +330,18 @@
+     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
+ 
+     // Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+        != SECSuccess) {
+        ThrowException(env, KEY_EXCEPTION);
+        goto cleanup;
+    }
+    if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+        != SECSuccess) {    
+#else    
+     if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
+         (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
+#endif
+         ThrowException(env, KEY_EXCEPTION);
+         goto cleanup;
+     }
+@@ -349,7 +390,7 @@
+  */
+ JNIEXPORT jboolean
+ JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
+-  (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+  (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+ {
+     jboolean isValid = false;
+ 
+@@ -406,9 +447,10 @@
+ 
+ cleanup:
+     {
+-        if (params_item.data)
+        if (params_item.data) {
+             env->ReleaseByteArrayElements(encodedParams,
+                 (jbyte *) params_item.data, JNI_ABORT);
+	}
+ 
+         if (pubKey.publicValue.data)
+             env->ReleaseByteArrayElements(publicKey,
+@@ -434,7 +476,7 @@
+  */
+ JNIEXPORT jbyteArray
+ JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
+-  (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+  (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+ {
+     jbyteArray jSecret = NULL;
+     ECParams *ecparams = NULL;
+@@ -510,9 +552,10 @@
+             env->ReleaseByteArrayElements(publicKey,
+                 (jbyte *) publicValue_item.data, JNI_ABORT);
+ 
+-        if (params_item.data)
+        if (params_item.data) {
+             env->ReleaseByteArrayElements(encodedParams,
+                 (jbyte *) params_item.data, JNI_ABORT);
+	}
+ 
+         if (ecparams)
+             FreeECParams(ecparams, true);
+@@ -521,4 +564,28 @@
+     return jSecret;
+ }
+ 
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+  (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+    if (SECOID_Init() != SECSuccess) {
+        ThrowException(env, INTERNAL_ERROR);
+    }
+    if (RNG_RNGInit() != SECSuccess) {
+        ThrowException(env, INTERNAL_ERROR);
+    }
+#endif
+}
+
+JNIEXPORT void
+JNICALL JNI_OnUnload
+  (JavaVM *vm, void *reserved)
+{
+#ifdef SYSTEM_NSS
+    RNG_RNGShutdown();
+    SECOID_Shutdown();
+#endif
+}
+
+ } /* extern "C" */
+diff --git a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
+new file mode 100644
+--- /dev/null
+++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
+@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* *********************************************************************
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Last Modified Date from the Original Code: May 2017
+ *********************************************************************** */
+
+#ifndef _ECC_IMPL_H
+#define _ECC_IMPL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#ifdef SYSTEM_NSS
+#include <secitem.h>
+#include <secerr.h>
+#include <keythi.h>
+#ifdef LEGACY_NSS
+#include <softoken.h>
+#else
+#include <blapi.h>
+#endif
+#else
+#include "ecl-exp.h"
+#endif
+
+/*
+ * Multi-platform definitions
+ */
+#ifdef __linux__
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum { B_FALSE, B_TRUE } boolean_t;
+#endif /* __linux__ */
+
+#ifdef _ALLBSD_SOURCE
+#include <stdint.h>
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#endif /* _ALLBSD_SOURCE */
+
+#ifdef AIX
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+#endif /* AIX */
+
+#ifdef _WIN32
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#define strdup _strdup          /* Replace POSIX name with ISO C++ name */
+#endif /* _WIN32 */
+
+#ifndef _KERNEL
+#include <stdlib.h>
+#endif  /* _KERNEL */
+
+#define EC_MAX_DIGEST_LEN 1024  /* max digest that can be signed */
+#define EC_MAX_POINT_LEN 145    /* max len of DER encoded Q */
+#define EC_MAX_VALUE_LEN 72     /* max len of ANSI X9.62 private value d */
+#define EC_MAX_SIG_LEN 144      /* max signature len for supported curves */
+#define EC_MIN_KEY_LEN  112     /* min key length in bits */
+#define EC_MAX_KEY_LEN  571     /* max key length in bits */
+#define EC_MAX_OID_LEN 10       /* max length of OID buffer */
+
+/*
+ * Various structures and definitions from NSS are here.
+ */
+
+#ifndef SYSTEM_NSS
+#ifdef _KERNEL
+#define PORT_ArenaAlloc(a, n, f)        kmem_alloc((n), (f))
+#define PORT_ArenaZAlloc(a, n, f)       kmem_zalloc((n), (f))
+#define PORT_ArenaGrow(a, b, c, d)      NULL
+#define PORT_ZAlloc(n, f)               kmem_zalloc((n), (f))
+#define PORT_Alloc(n, f)                kmem_alloc((n), (f))
+#else
+#define PORT_ArenaAlloc(a, n, f)        malloc((n))
+#define PORT_ArenaZAlloc(a, n, f)       calloc(1, (n))
+#define PORT_ArenaGrow(a, b, c, d)      NULL
+#define PORT_ZAlloc(n, f)               calloc(1, (n))
+#define PORT_Alloc(n, f)                malloc((n))
+#endif
+
+#define PORT_NewArena(b)                (char *)12345
+#define PORT_ArenaMark(a)               NULL
+#define PORT_ArenaUnmark(a, b)
+#define PORT_ArenaRelease(a, m)
+#define PORT_FreeArena(a, b)
+#define PORT_Strlen(s)                  strlen((s))
+#define PORT_SetError(e)
+
+#define PRBool                          boolean_t
+#define PR_TRUE                         B_TRUE
+#define PR_FALSE                        B_FALSE
+
+#ifdef _KERNEL
+#define PORT_Assert                     ASSERT
+#define PORT_Memcpy(t, f, l)            bcopy((f), (t), (l))
+#else
+#define PORT_Assert                     assert
+#define PORT_Memcpy(t, f, l)            memcpy((t), (f), (l))
+#endif
+
+#endif
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#ifndef SYSTEM_NSS
+typedef enum {
+        siBuffer = 0,
+        siClearDataBuffer = 1,
+        siCipherDataBuffer = 2,
+        siDERCertBuffer = 3,
+        siEncodedCertBuffer = 4,
+        siDERNameBuffer = 5,
+        siEncodedNameBuffer = 6,
+        siAsciiNameString = 7,
+        siAsciiString = 8,
+        siDEROID = 9,
+        siUnsignedInteger = 10,
+        siUTCTime = 11,
+        siGeneralizedTime = 12
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+        SECItemType type;
+        unsigned char *data;
+        unsigned int len;
+};
+
+typedef SECItem SECKEYECParams;
+
+typedef enum { ec_params_explicit,
+               ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+               ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+    int         size;   /* field size in bits */
+    ECFieldType type;
+    union {
+        SECItem  prime; /* prime p for (GFp) */
+        SECItem  poly;  /* irreducible binary polynomial for (GF2m) */
+    } u;
+    int         k1;     /* first coefficient of pentanomial or
+                         * the only coefficient of trinomial
+                         */
+    int         k2;     /* two remaining coefficients of pentanomial */
+    int         k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+        SECItem a;      /* contains octet stream encoding of
+                         * field element (X9.62 section 4.3.3)
+                         */
+        SECItem b;
+        SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+typedef void PRArenaPool;
+
+struct ECParamsStr {
+    PRArenaPool * arena;
+    ECParamsType  type;
+    ECFieldID     fieldID;
+    ECCurve       curve;
+    SECItem       base;
+    SECItem       order;
+    int           cofactor;
+    SECItem       DEREncoding;
+    ECCurveName   name;
+    SECItem       curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+    ECParams ecParams;
+    SECItem publicValue;   /* elliptic curve point encoded as
+                            * octet stream.
+                            */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+    ECParams ecParams;
+    SECItem publicValue;   /* encoded ec point */
+    SECItem privateValue;  /* private big integer */
+    SECItem version;       /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef enum _SECStatus {
+        SECBufferTooSmall = -3,
+        SECWouldBlock = -2,
+        SECFailure = -1,
+        SECSuccess = 0
+} SECStatus;
+#endif
+
+#ifdef _KERNEL
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
+#else
+/*
+ This function is no longer required because the random bytes are now
+ supplied by the caller. Force a failure.
+*/
+#ifndef SYSTEM_NSS
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
+#endif
+#endif
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define MP_TO_SEC_ERROR(err)
+
+#define SECITEM_TO_MPINT(it, mp)                                        \
+        CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
+
+#ifdef SYSTEM_NSS
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
+#else
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
+
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
+    int);
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
+
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+    const unsigned char* random, int randomlen, int);
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
+    const unsigned char* random, int randomlen, int, int timing);
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
+    const SECItem *, int);
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
+    SECItem *, int);
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* _ECC_IMPL_H */ 
--- a/pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch
+++ b/pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch
@ -0,0 +1,687 @@
+diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+--- openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+@@ -180,72 +180,6 @@
+         // Elliptic Curves (RFC 4492)
+         //
+         // See sun.security.util.CurveDB for the OIDs
+-        // NIST K-163
+-        SECT163_K1  (0x0001, "sect163k1", "1.3.132.0.1", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECT163_R1  (0x0002, "sect163r1", "1.3.132.0.2", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST B-163
+-        SECT163_R2  (0x0003, "sect163r2", "1.3.132.0.15", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECT193_R1  (0x0004, "sect193r1", "1.3.132.0.24", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECT193_R2  (0x0005, "sect193r2", "1.3.132.0.25", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST K-233
+-        SECT233_K1  (0x0006, "sect233k1", "1.3.132.0.26", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST B-233
+-        SECT233_R1  (0x0007, "sect233r1", "1.3.132.0.27", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECT239_K1  (0x0008, "sect239k1", "1.3.132.0.3", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST K-283
+-        SECT283_K1  (0x0009, "sect283k1", "1.3.132.0.16", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST B-283
+-        SECT283_R1  (0x000A, "sect283r1", "1.3.132.0.17", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST K-409
+-        SECT409_K1  (0x000B, "sect409k1", "1.3.132.0.36", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST B-409
+-        SECT409_R1  (0x000C, "sect409r1", "1.3.132.0.37", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST K-571
+-        SECT571_K1  (0x000D, "sect571k1", "1.3.132.0.38", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST B-571
+-        SECT571_R1  (0x000E, "sect571r1", "1.3.132.0.39", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP160_K1  (0x000F, "secp160k1", "1.3.132.0.9", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP160_R1  (0x0010, "secp160r1", "1.3.132.0.8", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP160_R2  (0x0011, "secp160r2", "1.3.132.0.30", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP192_K1  (0x0012, "secp192k1", "1.3.132.0.31", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-
+-        // NIST P-192
+-        SECP192_R1  (0x0013, "secp192r1", "1.2.840.10045.3.1.1", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP224_K1  (0x0014, "secp224k1", "1.3.132.0.32", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        // NIST P-224
+-        SECP224_R1  (0x0015, "secp224r1", "1.3.132.0.33", true,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+-        SECP256_K1  (0x0016, "secp256k1", "1.3.132.0.10", false,
+-                            ProtocolVersion.PROTOCOLS_TO_12),
+ 
+         // NIST P-256
+         SECP256_R1  (0x0017, "secp256r1", "1.2.840.10045.3.1.7", true,
+@@ -116,12 +116,6 @@
+                         NamedGroup.SECP256_R1,
+                         NamedGroup.SECP384_R1,
+                         NamedGroup.SECP521_R1,
+-                        NamedGroup.SECT283_K1,
+-                        NamedGroup.SECT283_R1,
+-                        NamedGroup.SECT409_K1,
+-                        NamedGroup.SECT409_R1,
+-                        NamedGroup.SECT571_K1,
+-                        NamedGroup.SECT571_R1,
+ 
+                         // FFDHE 2048
+                         NamedGroup.FFDHE_2048,
+@@ -136,15 +130,6 @@
+                         NamedGroup.SECP256_R1,
+                         NamedGroup.SECP384_R1,
+                         NamedGroup.SECP521_R1,
+-                        NamedGroup.SECT283_K1,
+-                        NamedGroup.SECT283_R1,
+-                        NamedGroup.SECT409_K1,
+-                        NamedGroup.SECT409_R1,
+-                        NamedGroup.SECT571_K1,
+-                        NamedGroup.SECT571_R1,
+-
+-                        // non-NIST curves
+-                        NamedGroup.SECP256_K1,
+ 
+                         // FFDHE 2048
+                         NamedGroup.FFDHE_2048,
+diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
+--- openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
+++ openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
+@@ -168,114 +168,6 @@
+         Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
+ 
+         /* SEC2 prime curves */
+-        add("secp112r1", "1.3.132.0.6", P,
+-            "DB7C2ABF62E35E668076BEAD208B",
+-            "DB7C2ABF62E35E668076BEAD2088",
+-            "659EF8BA043916EEDE8911702B22",
+-            "09487239995A5EE76B55F9C2F098",
+-            "A89CE5AF8724C0A23E0E0FF77500",
+-            "DB7C2ABF62E35E7628DFAC6561C5",
+-            1, nameSplitPattern);
+-
+-        add("secp112r2", "1.3.132.0.7", P,
+-            "DB7C2ABF62E35E668076BEAD208B",
+-            "6127C24C05F38A0AAAF65C0EF02C",
+-            "51DEF1815DB5ED74FCC34C85D709",
+-            "4BA30AB5E892B4E1649DD0928643",
+-            "adcd46f5882e3747def36e956e97",
+-            "36DF0AAFD8B8D7597CA10520D04B",
+-            4, nameSplitPattern);
+-
+-        add("secp128r1", "1.3.132.0.28", P,
+-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+-            "E87579C11079F43DD824993C2CEE5ED3",
+-            "161FF7528B899B2D0C28607CA52C5B86",
+-            "CF5AC8395BAFEB13C02DA292DDED7A83",
+-            "FFFFFFFE0000000075A30D1B9038A115",
+-            1, nameSplitPattern);
+-
+-        add("secp128r2", "1.3.132.0.29", P,
+-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+-            "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+-            "5EEEFCA380D02919DC2C6558BB6D8A5D",
+-            "7B6AA5D85E572983E6FB32A7CDEBC140",
+-            "27B6916A894D3AEE7106FE805FC34B44",
+-            "3FFFFFFF7FFFFFFFBE0024720613B5A3",
+-            4, nameSplitPattern);
+-
+-        add("secp160k1", "1.3.132.0.9", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+-            "0000000000000000000000000000000000000000",
+-            "0000000000000000000000000000000000000007",
+-            "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+-            "938CF935318FDCED6BC28286531733C3F03C4FEE",
+-            "0100000000000000000001B8FA16DFAB9ACA16B6B3",
+-            1, nameSplitPattern);
+-
+-        add("secp160r1", "1.3.132.0.8", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+-            "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+-            "4A96B5688EF573284664698968C38BB913CBFC82",
+-            "23A628553168947D59DCC912042351377AC5FB32",
+-            "0100000000000000000001F4C8F927AED3CA752257",
+-            1, nameSplitPattern);
+-
+-        add("secp160r2", "1.3.132.0.30", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+-            "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+-            "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+-            "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
+-            "0100000000000000000000351EE786A818F3A1A16B",
+-            1, nameSplitPattern);
+-
+-        add("secp192k1", "1.3.132.0.31", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+-            "000000000000000000000000000000000000000000000000",
+-            "000000000000000000000000000000000000000000000003",
+-            "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+-            "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
+-            "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
+-            1, nameSplitPattern);
+-
+-        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+-            "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+-            "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+-            "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
+-            "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+-            1, nameSplitPattern);
+-
+-        add("secp224k1", "1.3.132.0.32", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+-            "00000000000000000000000000000000000000000000000000000000",
+-            "00000000000000000000000000000000000000000000000000000005",
+-            "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+-            "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
+-            "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
+-            1, nameSplitPattern);
+-
+-        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+-            "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+-            "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+-            "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+-            1, nameSplitPattern);
+-
+-        add("secp256k1", "1.3.132.0.10", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+-            "0000000000000000000000000000000000000000000000000000000000000000",
+-            "0000000000000000000000000000000000000000000000000000000000000007",
+-            "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+-            "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
+-            1, nameSplitPattern);
+-
+         add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
+             "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+             "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+@@ -303,435 +195,6 @@
+             "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+             1, nameSplitPattern);
+ 
+-        /* ANSI X9.62 prime curves */
+-        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+-            "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+-            "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+-            "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
+-            "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
+-            1, nameSplitPattern);
+-
+-        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+-            "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+-            "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+-            "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
+-            "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
+-            1, nameSplitPattern);
+-
+-        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+-            "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+-            "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+-            "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
+-            1, nameSplitPattern);
+-
+-        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+-            "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+-            "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+-            "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
+-            1, nameSplitPattern);
+-
+-        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+-            "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+-            "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+-            "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
+-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
+-            1, nameSplitPattern);
+-
+-        /* SEC2 binary curves */
+-        add("sect113r1", "1.3.132.0.4", B,
+-            "020000000000000000000000000201",
+-            "003088250CA6E7C7FE649CE85820F7",
+-            "00E8BEE4D3E2260744188BE0E9C723",
+-            "009D73616F35F4AB1407D73562C10F",
+-            "00A52830277958EE84D1315ED31886",
+-            "0100000000000000D9CCEC8A39E56F",
+-            2, nameSplitPattern);
+-
+-        add("sect113r2", "1.3.132.0.5", B,
+-            "020000000000000000000000000201",
+-            "00689918DBEC7E5A0DD6DFC0AA55C7",
+-            "0095E9A9EC9B297BD4BF36E059184F",
+-            "01A57A6A7B26CA5EF52FCDB8164797",
+-            "00B3ADC94ED1FE674C06E695BABA1D",
+-            "010000000000000108789B2496AF93",
+-            2, nameSplitPattern);
+-
+-        add("sect131r1", "1.3.132.0.22", B,
+-            "080000000000000000000000000000010D",
+-            "07A11B09A76B562144418FF3FF8C2570B8",
+-            "0217C05610884B63B9C6C7291678F9D341",
+-            "0081BAF91FDF9833C40F9C181343638399",
+-            "078C6E7EA38C001F73C8134B1B4EF9E150",
+-            "0400000000000000023123953A9464B54D",
+-            2, nameSplitPattern);
+-
+-        add("sect131r2", "1.3.132.0.23", B,
+-            "080000000000000000000000000000010D",
+-            "03E5A88919D7CAFCBF415F07C2176573B2",
+-            "04B8266A46C55657AC734CE38F018F2192",
+-            "0356DCD8F2F95031AD652D23951BB366A8",
+-            "0648F06D867940A5366D9E265DE9EB240F",
+-            "0400000000000000016954A233049BA98F",
+-            2, nameSplitPattern);
+-
+-        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
+-            "0800000000000000000000000000000000000000C9",
+-            "000000000000000000000000000000000000000001",
+-            "000000000000000000000000000000000000000001",
+-            "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+-            "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+-            "04000000000000000000020108A2E0CC0D99F8A5EF",
+-            2, nameSplitPattern);
+-
+-        add("sect163r1", "1.3.132.0.2", B,
+-            "0800000000000000000000000000000000000000C9",
+-            "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+-            "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+-            "0369979697AB43897789566789567F787A7876A654",
+-            "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+-            "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
+-            2, nameSplitPattern);
+-
+-        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
+-            "0800000000000000000000000000000000000000C9",
+-            "000000000000000000000000000000000000000001",
+-            "020A601907B8C953CA1481EB10512F78744A3205FD",
+-            "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+-            "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+-            "040000000000000000000292FE77E70C12A4234C33",
+-            2, nameSplitPattern);
+-
+-        add("sect193r1", "1.3.132.0.24", B,
+-            "02000000000000000000000000000000000000000000008001",
+-            "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+-            "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+-            "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+-            "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+-            "01000000000000000000000000C7F34A778F443ACC920EBA49",
+-            2, nameSplitPattern);
+-
+-        add("sect193r2", "1.3.132.0.25", B,
+-            "02000000000000000000000000000000000000000000008001",
+-            "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+-            "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+-            "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+-            "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+-            "010000000000000000000000015AAB561B005413CCD4EE99D5",
+-            2, nameSplitPattern);
+-
+-        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
+-            "020000000000000000000000000000000000000004000000000000000001",
+-            "000000000000000000000000000000000000000000000000000000000000",
+-            "000000000000000000000000000000000000000000000000000000000001",
+-            "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+-            "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+-            "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+-            4, nameSplitPattern);
+-
+-        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
+-            "020000000000000000000000000000000000000004000000000000000001",
+-            "000000000000000000000000000000000000000000000000000000000001",
+-            "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+-            "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+-            "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+-            "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+-            2, nameSplitPattern);
+-
+-        add("sect239k1", "1.3.132.0.3", B,
+-            "800000000000000000004000000000000000000000000000000000000001",
+-            "000000000000000000000000000000000000000000000000000000000000",
+-            "000000000000000000000000000000000000000000000000000000000001",
+-            "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+-            "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+-            "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
+-            4, nameSplitPattern);
+-
+-        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
+-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+-            "000000000000000000000000000000000000000000000000000000000000000000000000",
+-            "000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+-            "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+-            4, nameSplitPattern);
+-
+-        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
+-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+-            "000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+-            "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+-            "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+-            2, nameSplitPattern);
+-
+-        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
+-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+-            "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+-            "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+-            4, nameSplitPattern);
+-
+-        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
+-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+-            "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+-            "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+-            "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+-            2, nameSplitPattern);
+-
+-        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
+-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+-            "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+-            "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+-            4, nameSplitPattern);
+-
+-        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
+-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+-            "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+-            "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+-            "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+-            2, nameSplitPattern);
+-
+-        /* ANSI X9.62 binary curves */
+-        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
+-            "800000000000000000000000000000000000000000000201",
+-            "2866537B676752636A68F56554E12640276B649EF7526267",
+-            "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+-            "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+-            "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+-            "40000000000000000000000004A20E90C39067C893BBB9A5",
+-            2, nameSplitPattern);
+-
+-        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
+-            "800000000000000000000000000000000000000000000201",
+-            "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+-            "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+-            "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+-            "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+-            "20000000000000000000000050508CB89F652824E06B8173",
+-            4, nameSplitPattern);
+-
+-        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
+-            "800000000000000000000000000000000000000000000201",
+-            "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+-            "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+-            "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+-            "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+-            "155555555555555555555555610C0B196812BFB6288A3EA3",
+-            6, nameSplitPattern);
+-
+-        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
+-            "800000000000000000000000000000000000000000000000001000000001",
+-            "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+-            "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+-            "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+-            "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+-            "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
+-            4, nameSplitPattern);
+-
+-        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
+-            "800000000000000000000000000000000000000000000000001000000001",
+-            "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+-            "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+-            "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+-            "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+-            "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
+-            6, nameSplitPattern);
+-
+-        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
+-            "800000000000000000000000000000000000000000000000001000000001",
+-            "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+-            "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+-            "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+-            "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+-            "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
+-            0xA, nameSplitPattern);
+-
+-        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
+-            "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+-            "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
+-            "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
+-            "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
+-            "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
+-            "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
+-            0x4C, nameSplitPattern);
+-
+-        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
+-            "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+-            "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
+-            "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
+-            "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+-            "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+-            "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
+-            0x2760, nameSplitPattern);
+-
+-        /* ANSI X9.62 binary curves from the 1998 standard but forbidden
+-         * in the 2005 version of the standard.
+-         * We don't register them but leave them here for the time being in
+-         * case we need to support them after all.
+-         */
+-/*
+-        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
+-            "080000000000000000000000000000000000000107",
+-            "072546B5435234A422E0789675F432C89435DE5242",
+-            "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+-            "07AF69989546103D79329FCC3D74880F33BBE803CB",
+-            "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+-            "0400000000000000000001E60FC8821CC74DAEAFC1",
+-            2, nameSplitPattern);
+-
+-        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
+-            "080000000000000000000000000000000000000107",
+-            "0108B39E77C4B108BED981ED0E890E117C511CF072",
+-            "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+-            "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+-            "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+-            "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
+-            2, nameSplitPattern);
+-
+-        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
+-            "080000000000000000000000000000000000000107",
+-            "07A526C63D3E25A256A007699F5447E32AE456B50E",
+-            "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+-            "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+-            "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+-            "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
+-            2, nameSplitPattern);
+-
+-        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
+-            "0100000000000000000000000000000000080000000007",
+-            "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+-            "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+-            "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+-            "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+-            "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
+-            0xFF6E, nameSplitPattern);
+-
+-        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
+-            "010000000000000000000000000000000800000000000000000007",
+-            "0000000000000000000000000000000000000000000000000000",
+-            "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+-            "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+-            "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+-            "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
+-            0xFE48, nameSplitPattern);
+-
+-        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
+-            "010000000000000000000000000000000000000000000000000000010000000000000B",
+-            "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+-            "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+-            "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+-            "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+-            "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+-            0xFF06, nameSplitPattern);
+-
+-        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
+-            "010000000000000000000000000000000000000000000000000000000000000000000000000807",
+-            "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
+-            "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
+-            "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
+-            "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
+-            "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
+-            0xFE2E, nameSplitPattern);
+-
+-        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
+-            "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
+-            "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
+-            "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
+-            "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
+-            "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
+-            "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
+-            0xFF70, nameSplitPattern);
+-*/
+-
+-        /*
+-         * Brainpool curves (RFC 5639)
+-         * (Twisted curves are not included)
+-         */
+-
+-        add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
+-            "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
+-            "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
+-            "1E589A8595423412134FAA2DBDEC95C8D8675E58",
+-            "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
+-            "1667CB477A1A8EC338F94741669C976316DA6321",
+-            "E95E4A5F737059DC60DF5991D45029409E60FC09",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
+-            "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
+-            "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
+-            "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
+-            "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
+-            "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
+-            "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
+-            "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
+-            "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
+-            "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
+-            "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
+-            "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
+-            "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
+-            "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
+-            "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
+-            "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
+-            "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
+-            "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
+-            "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
+-            "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
+-            "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
+-            "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
+-            "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
+-            "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
+-            "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
+-            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
+-            "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
+-            "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
+-            "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
+-            "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
+-            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
+-            1, nameSplitPattern);
+-
+-        add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
+-            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
+-            "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
+-            "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
+-            "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
+-            "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
+-            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
+-            1, nameSplitPattern);
+-
+         specCollection = Collections.unmodifiableCollection(oidMap.values());
+     }
+ }
+diff --git a/test/jdk/sun/security/ec/TestEC.java b/test/jdk/sun/security/ec/TestEC.java
+--- openjdk/test/jdk/sun/security/ec/TestEC.java
+++ openjdk/test/jdk/sun/security/ec/TestEC.java
+@@ -35,8 +35,8 @@
+  * @library ../pkcs11/sslecc
+  * @library ../../../java/security/testlibrary
+  * @modules jdk.crypto.cryptoki/sun.security.pkcs11.wrapper
+- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
+- * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1" TestEC
+ * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1" TestEC
+  */
+ 
+ import java.security.NoSuchProviderException;
+diff -r bd66ea2fdde3 test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
+--- openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java       Thu Jul 27 18:04:48 2017 +0000
+++ openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java       Fri Oct 06 13:18:47 2017 +0200
+@@ -34,9 +34,9 @@
+  * @library ..
+  * @library ../../../../java/security/testlibrary
+  * @modules jdk.crypto.cryptoki
+- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
+  *      ClientJSSEServerJSSE
+- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
+  *      ClientJSSEServerJSSE sm policy
+  */
--- a/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+++ b/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
@ -0,0 +1,88 @@
+
+# HG changeset patch
+# User andrew
+# Date 1478057514 0
+# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
+# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
+PR3183: Support Fedora/RHEL system crypto policy
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
+--- a/src/java.base/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
+@@ -43,6 +43,9 @@
+  * implementation-specific location, which is typically the properties file
+  * {@code conf/security/java.security} in the Java installation directory.
+  *
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
+  * @author Benjamin Renaud
+  * @since 1.1
+  */
+@@ -52,6 +55,10 @@
+     private static final Debug sdebug =
+                         Debug.getInstance("properties");
+ 
+    /* System property file*/
+    private static final String SYSTEM_PROPERTIES =
+        "/etc/crypto-policies/back-ends/java.config";
+
+     /* The java.security properties */
+     private static Properties props;
+ 
+@@ -93,6 +100,7 @@
+                 if (sdebug != null) {
+                     sdebug.println("reading security properties file: " +
+                                 propFile);
+                    sdebug.println(props.toString());
+                 }
+             } catch (IOException e) {
+                 if (sdebug != null) {
+@@ -114,6 +122,31 @@
+         }
+ 
+         if ("true".equalsIgnoreCase(props.getProperty
+                ("security.useSystemPropertiesFile"))) {
+
+            // now load the system file, if it exists, so its values
+            // will win if they conflict with the earlier values
+            try (BufferedInputStream bis =
+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+                props.load(bis);
+                loadedProps = true;
+
+                if (sdebug != null) {
+                    sdebug.println("reading system security properties file " +
+                                   SYSTEM_PROPERTIES);
+                    sdebug.println(props.toString());
+                }
+            } catch (IOException e) {
+                if (sdebug != null) {
+                    sdebug.println
+                        ("unable to load security properties from " +
+                         SYSTEM_PROPERTIES);
+                    e.printStackTrace();
+                }
+            }
+        }
+
+        if ("true".equalsIgnoreCase(props.getProperty
+                 ("security.overridePropertiesFile"))) {
+ 
+             String extraPropFile = System.getProperty
+diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
+--- a/src/java.base/share/conf/security/java.security	Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/conf/security/java.security	Wed Nov 02 03:31:54 2016 +0000
+@@ -276,6 +276,13 @@
+ security.overridePropertiesFile=true
+ 
+ #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=true
+
+#
+ # Determines the default key and trust manager factory algorithms for
+ # the javax.net.ssl package.
+ #
--- a/remove-intree-libraries.sh
+++ b/remove-intree-libraries.sh
@ -1,52 +1,24 @@
 #!/bin/sh

-# Arguments: <JDK TREE> <MINIMAL|FULL>
-TREE=${1}
-TYPE=${2}
-
 ZIP_SRC=src/java.base/share/native/libzip/zlib/
 JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
 GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
 PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
 LCMS_SRC=src/java.desktop/share/native/liblcms/

-if test "x${TREE}" = "x"; then
-    echo "$0 <JDK_TREE> (MINIMAL|FULL)";
-    exit 1;
-fi
-
-if test "x${TYPE}" = "x"; then
-    TYPE=minimal;
-fi
-
-if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
-    echo "Type must be minimal or full";
-    exit 2;
-fi
-
-echo "Removing in-tree libraries from ${TREE}"
-echo "Cleansing operation: ${TYPE}";
-
-cd ${TREE}
+cd openjdk

 echo "Removing built-in libs (they will be linked)"

-# On full runs, allow for zlib having already been deleted by minimal
 echo "Removing zlib"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
+if [ ! -d ${ZIP_SRC} ]; then
 	echo "${ZIP_SRC} does not exist. Refusing to proceed."
 	exit 1
 fi	
 rm -rvf ${ZIP_SRC}

-# Minimal is limited to just zlib so finish here
-if test "x${TYPE}" = "xminimal"; then
-    echo "Finished.";
-    exit 0;
-fi
-
 echo "Removing libjpeg"
-if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
+if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
 	echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
 	exit 1
 fi	
--- a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
+++ b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
@ -1,9 +1,10 @@
-diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java	Thu Jun 13 19:37:49 2019 +0200
-+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java	Thu Jul 04 10:35:42 2019 +0200
-@@ -595,7 +595,11 @@
-                 toolkit = new HeadlessToolkit(toolkit);
-             }
+diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
+--- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
+@@ -883,9 +883,13 @@
+                     return null;
+                 }
+             });
             if (!GraphicsEnvironment.isHeadless()) {
 -                loadAssistiveTechnologies();
 +                try {
@ -14,3 +15,4 @@ diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
             }
         }
         return toolkit;
+     }
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
@ -1,12 +1,11 @@
-diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
-index 68a9c1a2d08..7aa25eb2cb7 100644
--- openjdk.orig/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
- security.provider.tbd=Apple
- #endif
+diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
+--- openjdk/src/java.base/share/conf/security/java.security	Tue May 16 13:29:05 2017 -0700
+++ openjdk/src/java.base/share/conf/security/java.security	Tue Jun 06 14:05:12 2017 +0200
+@@ -83,6 +83,7 @@
+ #ifndef solaris
 security.provider.tbd=SunPKCS11
+ #endif
 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
 
 #
- # Security providers used when FIPS mode support is active
+ # A list of preferred providers for specific algorithms. These providers will
--- a/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
+++ b/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
@ -1,15 +1,13 @@
-diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-index bacff32efbc..ff7b3dcc81c 100644
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-@@ -46,8 +46,8 @@ class PlatformPCSC {
+--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java	2013-03-01 10:48:12.038189968 +0100
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java	2013-03-01 10:48:11.913188505 +0100
+@@ -48,8 +48,8 @@
 
-     private static final String PROP_NAME = "sun.security.smartcardio.library";
+     private final static String PROP_NAME = "sun.security.smartcardio.library";
 
-    private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
-    private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
-+    private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
-+    private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
-     private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
+-    private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
+-    private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+    private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+    private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
+     private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
 
     PlatformPCSC() {
--- a/rh1750419-redhat_alt_java.patch
+++ b/rh1750419-redhat_alt_java.patch
@ -1,117 +0,0 @@
-diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
-index 700ddefda49..2882de68eb2 100644
--- openjdk.orig/make/modules/java.base/Launcher.gmk
-+++ openjdk/make/modules/java.base/Launcher.gmk
-@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
-     OPTIMIZATION := HIGH, \
- ))
- 
-+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
-+$(eval $(call SetupBuildLauncher, alt-java, \
-+    CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
-+    EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
-+    VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
-+    OPTIMIZATION := HIGH, \
-+))
-+
- ifeq ($(call isTargetOs, windows), true)
-   $(eval $(call SetupBuildLauncher, javaw, \
-       CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
-diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
-new file mode 100644
-index 00000000000..697df2898ac
--- /dev/null
-+++ openjdk/src/java.base/share/native/launcher/alt_main.h
-@@ -0,0 +1,73 @@
-+/*
-+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation.  Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+#ifdef REDHAT_ALT_JAVA
-+
-+#include <sys/prctl.h>
-+
-+
-+/* Per task speculation control */
-+#ifndef PR_GET_SPECULATION_CTRL
-+# define PR_GET_SPECULATION_CTRL    52
-+#endif
-+#ifndef PR_SET_SPECULATION_CTRL
-+# define PR_SET_SPECULATION_CTRL    53
-+#endif
-+/* Speculation control variants */
-+#ifndef PR_SPEC_STORE_BYPASS
-+# define PR_SPEC_STORE_BYPASS          0
-+#endif
-+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-+
-+#ifndef PR_SPEC_NOT_AFFECTED
-+# define PR_SPEC_NOT_AFFECTED          0
-+#endif
-+#ifndef PR_SPEC_PRCTL
-+# define PR_SPEC_PRCTL                 (1UL << 0)
-+#endif
-+#ifndef PR_SPEC_ENABLE
-+# define PR_SPEC_ENABLE                (1UL << 1)
-+#endif
-+#ifndef PR_SPEC_DISABLE
-+# define PR_SPEC_DISABLE               (1UL << 2)
-+#endif
-+#ifndef PR_SPEC_FORCE_DISABLE
-+# define PR_SPEC_FORCE_DISABLE         (1UL << 3)
-+#endif
-+#ifndef PR_SPEC_DISABLE_NOEXEC
-+# define PR_SPEC_DISABLE_NOEXEC        (1UL << 4)
-+#endif
-+
-+static void set_speculation() __attribute__((constructor));
-+static void set_speculation() {
-+  if ( prctl(PR_SET_SPECULATION_CTRL,
-+             PR_SPEC_STORE_BYPASS,
-+             PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
-+    return;
-+  }
-+  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
-+}
-+
-+#endif // REDHAT_ALT_JAVA
-diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
-index b734fe2ba78..79dc8307650 100644
--- openjdk.orig/src/java.base/share/native/launcher/main.c
-+++ openjdk/src/java.base/share/native/launcher/main.c
-@@ -34,6 +34,14 @@
- #include "jli_util.h"
- #include "jni.h"
- 
-+#ifdef REDHAT_ALT_JAVA
-+#if defined(__linux__) && defined(__x86_64__)
-+#include "alt_main.h"
-+#else
-+#warning alt-java requested but SSB mitigation not available on this platform.
-+#endif
-+#endif
-+
- #ifdef _MSC_VER
- #if _MSC_VER > 1400 && _MSC_VER < 1600
- 
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk19u-jdk-19+36.tar.xz) = c441e1f7dbabe3e66e062a7f661f953e06c10dd165995e2996e614d32f2333cd4532f45064ba4d098dfc8fa3637448d4dc9869c235d086ef80499a7a262f4ede
+SHA512 (jdk-updates-jdk12u-jdk-12.0.2+9.tar.xz) = ed1b5dec108fb29f72a8a80faca22703d3d1378d5a3b535c9e41b8f73d51d6650dd72e0e4b2e79de61c9f85013b26f39f6a7b5292b646bd6f5b3a54c9922fbf9
+SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
--- a/update_package.sh
+++ b/update_package.sh
@ -0,0 +1,69 @@
+#!/bin/bash -x
+#  this file contains defaults for currently generated source tarballs
+
+set -e
+
+# TAPSET
+export PROJECT_NAME="hg"
+export REPO_NAME="icedtea8"
+export VERSION="9d464368e06d"
+export COMPRESSION=xz
+export OPENJDK_URL=http://icedtea.classpath.org
+export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
+export TO_COMPRESS="*/tapset"
+# warning, filename  and filenameroot creation is duplicated here from generate_source_tarball.sh
+CLONED_FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
+TAPSET_VERSION=3.2
+TAPSET=systemtap_"$TAPSET_VERSION"_tapsets_$CLONED_FILENAME
+if [ ! -f ${TAPSET} ] ; then
+  if [ ! -f ${CLONED_FILENAME} ] ; then
+  echo "Generating ${CLONED_FILENAME}"
+    sh ./generate_source_tarball.sh
+  else 
+    echo "exists exists exists exists exists exists exists "
+    echo "reusing reusing reusing reusing reusing reusing "
+    echo ${CLONED_FILENAME}
+  fi
+  mv -v $CLONED_FILENAME  $TAPSET
+else 
+  echo "exists exists exists exists exists exists exists "
+  echo "reusing reusing reusing reusing reusing reusing "
+  echo ${TAPSET}
+fi
+
+# OpenJDK from jdk-updates/jdk12u
+export PROJECT_NAME="jdk-updates"
+export REPO_NAME="jdk12u"
+export VERSION="jdk-12.0.2+9"
+export COMPRESSION=xz
+# unset tapsets overrides
+export OPENJDK_URL=""
+export TO_COMPRESS=""
+# warning, filename  and filenameroot creation is duplicated here from generate_source_tarball.sh
+export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
+FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
+
+if [ ! -f ${FILENAME} ] ; then
+echo "Generating ${FILENAME}"
+  sh ./generate_source_tarball.sh
+else 
+  echo "exists exists exists exists exists exists exists "
+  echo "reusing reusing reusing reusing reusing reusing "
+  echo ${FILENAME}
+fi
+
+set +e
+
+major=`echo $REPO_NAME | sed 's/[a-zA-Z]*//g'`
+build=`echo $VERSION | sed 's/.*+//g'`
+name_helper=`echo $FILENAME | sed s/$major/'%{majorver}'/g `
+name_helper=`echo $name_helper | sed s/$build/'%{buildver}'/g `
+echo "align specfile acordingly:" 
+echo " sed 's/^Source0:.*/Source0: $name_helper/' -i *.spec"
+echo " sed 's/^Source8:.*/Source8: $TAPSET/'   -i *.spec"
+echo " sed 's/^%global buildver.*/%global buildver        $build/'   -i *.spec"
+echo " sed 's/Release:.*/Release: 1%{?dist}/'   -i *.spec"
+echo "and maybe others...."
+echo "you should fedpkg/rhpkg new-sources $TAPSET $FILENAME"
+echo "you should fedpkg/rhpkg prep --arch XXXX on all architectures: x86_64 i386 i586 i686 ppc ppc64 ppc64le s390 s390x aarch64 armv7hl"
+
Author	SHA1	Message	Date
Severin Gehwolf	2983f39cc6	Update to July 2019 CPU	2019-07-18 11:30:15 +02:00
Petra Mikova	1be922c14f	Fixed requires/provides for non-system jdk (backport of RHBZ#1702324)	2019-05-26 09:30:15 +02:00
pmikova	ad609b33e6	Updated sources to the latest CPU	2019-04-18 14:04:59 +02:00