8308398: Move SunEC crypto provider into java.base

Reviewed-by: valeriep, alanb

make/ZipSecurity.gmk

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,6 @@ $(eval $(call SetupZipArchive,BUILD_SEC_BIN_ZIP, \
         modules/java.base/sun/security/internal/interfaces \
         modules/java.base/sun/security/internal/spec \
         modules/java.base/com/sun/crypto/provider \
-        modules/jdk.crypto.ec/sun/security/ec \
         modules/jdk.crypto.mscapi/sun/security/mscapi \
         modules/jdk.crypto.cryptoki/sun/security/pkcs11 \
         modules/jdk.crypto.cryptoki/sun/security/pkcs11/wrapper \

make/conf/docs-modules.conf

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,6 @@ DOCS_MODULES= \
     jdk.charsets \
     jdk.compiler \
     jdk.crypto.cryptoki \
-    jdk.crypto.ec \
     jdk.dynalink \
     jdk.editpad \
     jdk.hotspot.agent \

make/conf/module-loader-map.conf

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,6 @@ PLATFORM_MODULES= \
     jdk.accessibility \
     jdk.charsets \
     jdk.crypto.cryptoki \
-    jdk.crypto.ec \
     jdk.dynalink \
     jdk.httpserver \
     jdk.jsobject \

src/java.base/share/classes/module-info.java

@@ -322,25 +322,21 @@ module java.base {
         java.sql.rowset;
     exports sun.security.action to
         java.desktop,
-        java.security.jgss,
+        java.security.jgss;
-        jdk.crypto.ec;
     exports sun.security.internal.interfaces to
         jdk.crypto.cryptoki;
     exports sun.security.internal.spec to
         jdk.crypto.cryptoki;
     exports sun.security.jca to
         java.smartcardio,
-        jdk.crypto.ec,
         jdk.crypto.cryptoki,
         jdk.naming.dns;
     exports sun.security.pkcs to
-        jdk.crypto.ec,
         jdk.jartool;
     exports sun.security.provider to
         java.rmi,
         java.security.jgss,
         jdk.crypto.cryptoki,
-        jdk.crypto.ec,
         jdk.security.auth;
     exports sun.security.provider.certpath to
         java.naming,
@@ -359,17 +355,11 @@ module java.base {
         java.security.sasl,
         java.smartcardio,
         java.xml.crypto,
-        jdk.crypto.ec,
         jdk.crypto.cryptoki,
         jdk.jartool,
         jdk.security.auth,
         jdk.security.jgss;
-    exports sun.security.util.math to
-        jdk.crypto.ec;
-    exports sun.security.util.math.intpoly to
-        jdk.crypto.ec;
     exports sun.security.x509 to
-        jdk.crypto.ec,
         jdk.crypto.cryptoki,
         jdk.jartool;
     exports sun.security.validator to

src/java.base/share/classes/sun/security/jca/ProviderConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -176,57 +176,60 @@ final class ProviderConfig {
                 return null;
             }
 
-            // Create providers which are in java.base directly
+            p = switch (provName) {
-            if (provName.equals("SUN") || provName.equals("sun.security.provider.Sun")) {
+                case "SUN", "sun.security.provider.Sun" ->
-                p = new sun.security.provider.Sun();
+                    new sun.security.provider.Sun();
-            } else if (provName.equals("SunRsaSign") || provName.equals("sun.security.rsa.SunRsaSign")) {
+                case "SunRsaSign", "sun.security.rsa.SunRsaSign" ->
-                p = new sun.security.rsa.SunRsaSign();
+                    new sun.security.rsa.SunRsaSign();
-            } else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) {
+                case "SunJCE", "com.sun.crypto.provider.SunJCE" ->
-                p = new com.sun.crypto.provider.SunJCE();
+                    new com.sun.crypto.provider.SunJCE();
-            } else if (provName.equals("SunJSSE")) {
+                case "SunJSSE" -> new sun.security.ssl.SunJSSE();
-                p = new sun.security.ssl.SunJSSE();
+                case "SunEC" -> new sun.security.ec.SunEC();
-            } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
+                case "Apple", "apple.security.AppleProvider" -> {
-                // need to use reflection since this class only exists on MacOsx
+                    // Reflection is needed for compile time as the class
-                @SuppressWarnings("removal")
+                    // is not available for non-macosx systems
-                var tmp = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
+                    @SuppressWarnings("removal")
-                    public Provider run() {
+                    var tmp = AccessController.doPrivileged(
-                        try {
+                        new PrivilegedAction<Provider>() {
-                            Class<?> c = Class.forName("apple.security.AppleProvider");
+                            public Provider run() {
-                            if (Provider.class.isAssignableFrom(c)) {
+                                try {
-                                @SuppressWarnings("deprecation")
+                                    Class<?> c = Class.forName(
-                                Object tmp = c.newInstance();
+                                        "apple.security.AppleProvider");
-                                return (Provider) tmp;
+                                    if (Provider.class.isAssignableFrom(c)) {
-                            } else {
+                                        @SuppressWarnings("deprecation")
+                                        Object tmp = c.newInstance();
+                                        return (Provider) tmp;
+                                    }
+                                } catch (Exception ex) {
+                                    if (debug != null) {
+                                        debug.println("Error loading provider Apple");
+                                        ex.printStackTrace();
+                                    }
+                                }
                                 return null;
                             }
-                        } catch (Exception ex) {
+                        });
-                            if (debug != null) {
+                    yield tmp;
-                                debug.println("Error loading provider Apple");
+                }
-                                ex.printStackTrace();
+                default -> {
-                            }
+                    if (isLoading) {
-                            return null;
+                        // because this method is synchronized, this can only
+                        // happen if there is recursion.
+                        if (debug != null) {
+                            debug.println("Recursion loading provider: " + this);
+                            new Exception("Call trace").printStackTrace();
                         }
+                        yield null;
                     }
-                });
+                    try {
-                p = tmp;
+                        isLoading = true;
-            } else {
+                        tries++;
-                if (isLoading) {
+                        yield doLoadProvider();
-                    // because this method is synchronized, this can only
+                    } finally {
-                    // happen if there is recursion.
+                        isLoading = false;
-                    if (debug != null) {
-                        debug.println("Recursion loading provider: " + this);
-                        new Exception("Call trace").printStackTrace();
                     }
-                    return null;
                 }
-                try {
+            };
-                    isLoading = true;
-                    tries++;
-                    p = doLoadProvider();
-                } finally {
-                    isLoading = false;
-                }
-            }
             provider = p;
         }
         return p;

src/java.base/share/classes/sun/security/x509/AlgorithmId.java

@@ -544,8 +544,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
         if (pn != null && mn != null) {
             return ((mn.equals("java.base") &&
                     (pn.equals("SUN") || pn.equals("SunRsaSign") ||
-                    pn.equals("SunJCE") || pn.equals("SunJSSE"))) ||
+                    pn.equals("SunJCE") || pn.equals("SunJSSE") ||
-                (mn.equals("jdk.crypto.ec") && pn.equals("SunEC")) ||
+                    pn.equals("SunEC"))) ||
                 (mn.equals("jdk.crypto.mscapi") && pn.equals("SunMSCAPI")) ||
                 (mn.equals("jdk.crypto.cryptoki") &&
                     pn.startsWith("SunPKCS11")));

src/java.base/share/lib/security/default.policy

@@ -127,15 +127,6 @@ grant codeBase "jrt:/jdk.charsets" {
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
 };
 
-grant codeBase "jrt:/jdk.crypto.ec" {
-    permission java.lang.RuntimePermission
-                   "accessClassInPackage.sun.security.*";
-    permission java.lang.RuntimePermission "loadLibrary.sunec";
-    permission java.security.SecurityPermission "putProviderProperty.SunEC";
-    permission java.security.SecurityPermission "clearProviderProperties.SunEC";
-    permission java.security.SecurityPermission "removeProviderProperty.SunEC";
-};
-
 grant codeBase "jrt:/jdk.crypto.cryptoki" {
     permission java.lang.RuntimePermission
                    "accessClassInPackage.com.sun.crypto.provider";

src/jdk.crypto.cryptoki/share/classes/module-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,8 +32,5 @@
  * @since 9
  */
 module jdk.crypto.cryptoki {
-    // Depends on SunEC provider for EC related functionality
-    requires jdk.crypto.ec;
-
     provides java.security.Provider with sun.security.pkcs11.SunPKCS11;
 }

src/jdk.crypto.ec/share/classes/module-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,6 @@
  * @moduleGraph
  * @since 9
  */
+@Deprecated(since="22", forRemoval = true)
 module jdk.crypto.ec {
-    provides java.security.Provider with sun.security.ec.SunEC;
 }

test/jdk/java/lang/SecurityManager/CheckSecurityProvider.java

@@ -60,8 +60,7 @@ public class CheckSecurityProvider {
         // NOTE: the ordering must match what's defined inside java.security
         expected.add("sun.security.provider.Sun");
         expected.add("sun.security.rsa.SunRsaSign");
-        layer.findModule("jdk.crypto.ec")
+        expected.add("sun.security.ec.SunEC");
-            .ifPresent(m -> expected.add("sun.security.ec.SunEC"));
         expected.add("sun.security.ssl.SunJSSE");
         expected.add("com.sun.crypto.provider.SunJCE");
         layer.findModule("jdk.security.jgss")

test/jdk/javax/net/ssl/TLS/TEST.properties

@@ -6,4 +6,4 @@ modules = \
     java.security.jgss/sun.security.krb5.internal.ccache \
     java.security.jgss/sun.security.krb5.internal:+open \
     java.base/sun.security.util \
-    jdk.crypto.ec/sun.security.ec
+    java.base/sun.security.ec

test/jdk/javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
  * @test
  * @bug 8049429 8234723
  * @modules java.management
- *          jdk.crypto.ec/sun.security.ec
+ *          java.base/sun.security.ec
  * @summary Test that all cipher suites work in all versions and all client
  *          authentication types. The way this is setup the server is stateless
  *          and all checking is done on the client side.

test/jdk/javax/net/ssl/TLS/TestJSSEClientProtocol.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
  * @test
  * @bug 8049429 8172273 8234723
  * @modules java.management
- *          jdk.crypto.ec/sun.security.ec
+ *          java.base/sun.security.ec
  * @summary Test that all cipher suites work in all versions and all client
  *          authentication types. The way this is setup the server is stateless
  *          and all checking is done on the client side.
@@ -75,4 +75,9 @@
  *              -DCLIENT_PROTOCOL=TLSv1.3
  *              -DCIPHER=TLS_AES_256_GCM_SHA384
  *          TestJSSE
+ * @run main/othervm --limit-modules java.base
+ *              -DSERVER_PROTOCOL=SSLv3,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
+ *              -DCLIENT_PROTOCOL=TLSv1.3
+ *              -DCIPHER=TLS_AES_256_GCM_SHA384
+ *          TestJSSE
  */

test/jdk/javax/net/ssl/TLS/TestJSSENoCommonProtocols.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
  * @test
  * @bug 8049429
  * @modules java.management
- *          jdk.crypto.ec/sun.security.ec
+ *          java.base/sun.security.ec
  * @summary Test that all cipher suites work in all versions and all client
  *          authentication types. The way this is setup the server is stateless
  *          and all checking is done on the client side.

test/jdk/javax/net/ssl/TLS/TestJSSEServerProtocol.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
  * @test
  * @bug 8049429 8234723
  * @modules java.management
- *          jdk.crypto.ec/sun.security.ec
+ *          java.base/sun.security.ec
  * @summary Test that all cipher suites work in all versions and all client
  *          authentication types. The way this is setup the server is stateless
  *          and all checking is done on the client side.
@@ -60,4 +60,9 @@
  *              -DCLIENT_PROTOCOL=TLSv1.3
  *              -DCIPHER=TLS_AES_256_GCM_SHA384
  *          TestJSSE javax.net.ssl.SSLHandshakeException
+ * @run main/othervm --limit-modules java.base
+ *              -DSERVER_PROTOCOL=TLSv1.2
+ *              -DCLIENT_PROTOCOL=TLSv1.3
+ *              -DCIPHER=TLS_AES_256_GCM_SHA384
+ *          TestJSSE javax.net.ssl.SSLHandshakeException
  */

test/jdk/sun/security/ec/ecModuleCheck.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.module.ModuleFinder;
+import static jdk.test.lib.Asserts.*;
+
+/*
+ * @test
+ * @bug 8308398
+ * @library /test/lib
+ * @summary Verify jdk.crypto.ec empty module
+ * @run main ecModuleCheck
+ */
+
+/* This test verifies jdk.crypto.ec is in the image, but not resolvable.
+ */
+public class ecModuleCheck {
+    public static void main(String[] args) throws Exception {
+        // True if module is found in the image.
+        assertTrue(ModuleFinder.ofSystem().find("jdk.crypto.ec").isPresent(),
+            "jdk.crypto.ec was not found in image.");
+        // Since the module empty, isPresent() should be false.
+        assertFalse(ModuleLayer.boot().findModule("jdk.crypto.ec").
+            isPresent(), "jdk.crypto.ec shouldn't be resolvable.");
+    }
+}

test/jdk/sun/security/ec/ed/TestEdOps.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,7 @@
  *          java.base/sun.security.util
  *          java.base/sun.security.util.math
  *          java.base/sun.security.util.math.intpoly
- *          jdk.crypto.ec/sun.security.ec.ed
+ *          java.base/sun.security.ec.ed
  * @run main TestEdOps
  */
 

test/jdk/sun/security/ec/xec/TestXECOps.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,7 @@
  * @test
  * @bug 8171277
  * @summary Test XEC curve operations
- * @modules jdk.crypto.ec/sun.security.ec
+ * @modules java.base/sun.security.ec
  * @library /test/lib
  * @build jdk.test.lib.Convert
  * @run main TestXECOps

test/jdk/sun/security/ec/xec/XECIterative.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
  * @summary XEC curve operations iterative test vectors
  * @library /test/lib
  * @build jdk.test.lib.Convert
- * @modules jdk.crypto.ec/sun.security.ec
+ * @modules java.base/sun.security.ec
  * @run main XECIterative 0 10000
  * @run main XECIterative 10000 20000
  * @run main XECIterative 20000 30000

test/jdk/sun/security/pkcs11/ec/ReadPKCS12.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
  * @library /test/lib ..
  * @library ../../../../java/security/testlibrary
  * @key randomness
- * @modules jdk.crypto.cryptoki jdk.crypto.ec/sun.security.ec
+ * @modules jdk.crypto.cryptoki java.base/sun.security.ec
  * @run main/othervm ReadPKCS12
  * @run main/othervm -Djava.security.manager=allow ReadPKCS12 sm policy
  */

test/jdk/sun/security/provider/PolicyFile/DefaultPolicy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,14 +64,14 @@ public class DefaultPolicy {
     }
 
     private static void checkPolicy(Policy p) throws Exception {
-        // check if jdk.crypto.ec module has been de-privileged
+        // check if jdk.crypto.cryptoki module has been de-privileged
         CodeSource cs =
-            new CodeSource(new URL("jrt:/jdk.crypto.ec"), (CodeSigner[])null);
+            new CodeSource(new URL("jrt:/jdk.crypto.cryptoki"), (CodeSigner[])null);
         ProtectionDomain pd = new ProtectionDomain(cs, null, null, null);
         if (p.implies(pd, new AllPermission())) {
             throw new Exception("module should not be granted AllPermission");
         }
-        if (!p.implies(pd, new RuntimePermission("loadLibrary.sunec"))) {
+        if (!p.implies(pd, new RuntimePermission("loadLibrary.j2pkcs11"))) {
             throw new Exception("module should be granted RuntimePermission");
         }
     }

test/jdk/sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,11 @@
  * @library /test/lib
  * @build java.base/sun.security.rsa.RSAKeyPairGenerator
  *        java.base/sun.security.provider.DSAKeyPairGenerator
- *        jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator
+ *        java.base/sun.security.ec.ECKeyPairGenerator
  * @run main DefaultSignatureAlgorithm
- * @modules jdk.crypto.ec
+ *
+ * This test uses RSA, DSA, and EC inside this test directory, not the providers
+ * from the jdk
  */
 
 import jdk.test.lib.Asserts;
@@ -82,10 +84,7 @@ public class DefaultSignatureAlgorithm {
             throws Exception {
         String patchArg = "-J--patch-module=java.base="
                 + System.getProperty("test.classes")
-                + File.separator + "patches" + File.separator + "java.base"
+                + File.separator + "patches" + File.separator + "java.base";
-                + " -J--patch-module=jdk.crypto.ec="
-                + System.getProperty("test.classes")
-                + File.separator + "patches" + File.separator + "jdk.crypto.ec";
         return kt(patchArg + " -genkeypair -alias " + alias
                 + " -dname CN=" + alias + " " + options);
     }

test/jdk/tools/jpackage/share/jdk/jpackage/tests/JLinkOptionsTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@ public final class JLinkOptionsTest {
                     "--bind-services",
                     },
                     // with bind-services should have some services
-                    new String[]{"java.smartcardio", "jdk.crypto.ec"},
+                    new String[]{"java.smartcardio", "jdk.crypto.cryptoki"},
                     null,
                     },
             // bind-services
@@ -80,7 +80,7 @@ public final class JLinkOptionsTest {
                     "--jlink-options", "--bind-services",
                     },
                     // with bind-services should have some services
-                    new String[]{"java.smartcardio", "jdk.crypto.ec"},
+                    new String[]{"java.smartcardio", "jdk.crypto.cryptoki"},
                     null,
                     },
 
@@ -105,7 +105,7 @@ public final class JLinkOptionsTest {
                     // with bind-services should have some services
                     new String[]{"java.smartcardio"},
                     // but not limited
-                    new String[]{"jdk.crypto.ec"},
+                    new String[]{"jdk.crypto.cryptoki"},
                     },
 
         });