java-11-openjdk/rh1022017-reduce_ssl_curves.patch

diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
@@ -515,50 +515,19 @@
                 }
             } else {        // default groups
                 NamedGroup[] groups;
-                if (requireFips) {
-                    groups = new NamedGroup[] {
-                        // only NIST curves in FIPS mode
-                        NamedGroup.SECP256_R1,
-                        NamedGroup.SECP384_R1,
-                        NamedGroup.SECP521_R1,
-                        NamedGroup.SECT283_K1,
-                        NamedGroup.SECT283_R1,
-                        NamedGroup.SECT409_K1,
-                        NamedGroup.SECT409_R1,
-                        NamedGroup.SECT571_K1,
-                        NamedGroup.SECT571_R1,
+	    groups = new NamedGroup[] {
+		// only NIST curves in FIPS mode
+		NamedGroup.SECP256_R1,
+		NamedGroup.SECP384_R1,
+		NamedGroup.SECP521_R1,
 
-                        // FFDHE 2048
-                        NamedGroup.FFDHE_2048,
-                        NamedGroup.FFDHE_3072,
-                        NamedGroup.FFDHE_4096,
-                        NamedGroup.FFDHE_6144,
-                        NamedGroup.FFDHE_8192,
-                    };
-                } else {
-                    groups = new NamedGroup[] {
-                        // NIST curves first
-                        NamedGroup.SECP256_R1,
-                        NamedGroup.SECP384_R1,
-                        NamedGroup.SECP521_R1,
-                        NamedGroup.SECT283_K1,
-                        NamedGroup.SECT283_R1,
-                        NamedGroup.SECT409_K1,
-                        NamedGroup.SECT409_R1,
-                        NamedGroup.SECT571_K1,
-                        NamedGroup.SECT571_R1,
-
-                        // non-NIST curves
-                        NamedGroup.SECP256_K1,
-
-                        // FFDHE 2048
-                        NamedGroup.FFDHE_2048,
-                        NamedGroup.FFDHE_3072,
-                        NamedGroup.FFDHE_4096,
-                        NamedGroup.FFDHE_6144,
-                        NamedGroup.FFDHE_8192,
-                    };
-                }
+		// FFDHE 2048
+		NamedGroup.FFDHE_2048,
+		NamedGroup.FFDHE_3072,
+		NamedGroup.FFDHE_4096,
+		NamedGroup.FFDHE_6144,
+		NamedGroup.FFDHE_8192,
+	    };
 
                 groupList = new ArrayList<>(groups.length);
                 for (NamedGroup group : groups) {
Update to shenandoah-jdk-11.0.1+13-20190101 Update tarball generation script in preparation for PR3681/RH1656677 SunEC changes. Use remove-intree-libraries.sh to remove the remaining SunEC code for now. Fix PR1983 SunEC patch so that ecc_impl.h is patched rather than added Add missing RH1022017 patch to reduce curves reported by SSL to those we support. Remove RH1648995; fixed upstream 2019-01-16 06:44:10 +00:00			`diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java`
			`--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java`
			`+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java`
			`@@ -515,50 +515,19 @@`
			`}`
			`} else { // default groups`
			`NamedGroup[] groups;`
			`- if (requireFips) {`
			`- groups = new NamedGroup[] {`
			`- // only NIST curves in FIPS mode`
			`- NamedGroup.SECP256_R1,`
			`- NamedGroup.SECP384_R1,`
			`- NamedGroup.SECP521_R1,`
			`- NamedGroup.SECT283_K1,`
			`- NamedGroup.SECT283_R1,`
			`- NamedGroup.SECT409_K1,`
			`- NamedGroup.SECT409_R1,`
			`- NamedGroup.SECT571_K1,`
			`- NamedGroup.SECT571_R1,`
			`+ groups = new NamedGroup[] {`
			`+ // only NIST curves in FIPS mode`
			`+ NamedGroup.SECP256_R1,`
			`+ NamedGroup.SECP384_R1,`
			`+ NamedGroup.SECP521_R1,`

			`- // FFDHE 2048`
			`- NamedGroup.FFDHE_2048,`
			`- NamedGroup.FFDHE_3072,`
			`- NamedGroup.FFDHE_4096,`
			`- NamedGroup.FFDHE_6144,`
			`- NamedGroup.FFDHE_8192,`
			`- };`
			`- } else {`
			`- groups = new NamedGroup[] {`
			`- // NIST curves first`
			`- NamedGroup.SECP256_R1,`
			`- NamedGroup.SECP384_R1,`
			`- NamedGroup.SECP521_R1,`
			`- NamedGroup.SECT283_K1,`
			`- NamedGroup.SECT283_R1,`
			`- NamedGroup.SECT409_K1,`
			`- NamedGroup.SECT409_R1,`
			`- NamedGroup.SECT571_K1,`
			`- NamedGroup.SECT571_R1,`
			`-`
			`- // non-NIST curves`
			`- NamedGroup.SECP256_K1,`
			`-`
			`- // FFDHE 2048`
			`- NamedGroup.FFDHE_2048,`
			`- NamedGroup.FFDHE_3072,`
			`- NamedGroup.FFDHE_4096,`
			`- NamedGroup.FFDHE_6144,`
			`- NamedGroup.FFDHE_8192,`
			`- };`
			`- }`
			`+ // FFDHE 2048`
			`+ NamedGroup.FFDHE_2048,`
			`+ NamedGroup.FFDHE_3072,`
			`+ NamedGroup.FFDHE_4096,`
			`+ NamedGroup.FFDHE_6144,`
			`+ NamedGroup.FFDHE_8192,`
			`+ };`

			`groupList = new ArrayList<>(groups.length);`
			`for (NamedGroup group : groups) {`