From 1c9fc7e02d24539a21b7422b555aace1da709636 Mon Sep 17 00:00:00 2001 From: WilburZjh Date: Thu, 7 Dec 2023 21:19:56 -0500 Subject: [PATCH] Apply an additional condition if -XX:-CRIUSecProvider is specified --- .../share/classes/jdk/crypto/jniprovider/NativeCrypto.java | 5 +++-- src/java.base/share/classes/java/security/Security.java | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java index 02e681f93c..812b714467 100644 --- a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java +++ b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java @@ -119,14 +119,15 @@ public static final boolean isAllowedAndLoaded() { /** * Return the OpenSSL version. - * -1 is returned if CRIU is enabled and the checkpoint is allowed. + * -1 is returned if CRIU is enabled and checkpoints are allowed + * unless -XX:-CRIUSecProvider is specified. * The libraries are to be loaded for the first reference of InstanceHolder.instance. * * @return the OpenSSL library version if it is available */ public static final long getVersionIfAvailable() { /*[IF CRIU_SUPPORT]*/ - if (InternalCRIUSupport.isCheckpointAllowed()) { + if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) { return -1; } /*[ENDIF] CRIU_SUPPORT */ diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java index f09fae47b5..ef5bdf1d46 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -124,7 +124,8 @@ private static void initialize() { /*[IF CRIU_SUPPORT]*/ // Check if CRIU checkpoint mode is enabled, if it is then reconfigure the security providers. - if (InternalCRIUSupport.isCheckpointAllowed()) { + // If -XX:-CRIUSecProvider is specified, we don't need to configure the CRIUSec provider. + if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) { CRIUConfigurator.setCRIUSecMode(props); } /*[ENDIF] CRIU_SUPPORT */