Merge pull request #296 from WilburZjh/EnableFullSecurityEnvCRIU

Apply an additional condition if -XX:-CRIUSecProvider is specified
ibmruntimes · Dec 9, 2023 · b62222a · b62222a
2 parents 7719deb + 9b316ef
commit b62222a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -119,14 +119,15 @@ public static final boolean isAllowedAndLoaded() {
 
  /**
  * Return the OpenSSL version.
- * -1 is returned if CRIU is enabled and the checkpoint is allowed.
+ * -1 is returned if CRIU is enabled and checkpoints are allowed
+ * unless -XX:-CRIUSecProvider is specified.
  * The libraries are to be loaded for the first reference of InstanceHolder.instance.
  *
  * @return the OpenSSL library version if it is available
  */
  public static final long getVersionIfAvailable() {
 /*[IF CRIU_SUPPORT]*/
- if (InternalCRIUSupport.isCheckpointAllowed()) {
+ if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) {
  return -1;
  }
 /*[ENDIF] CRIU_SUPPORT */

diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
@@ -143,7 +143,8 @@ private static void initialize() {
 
  /*[IF CRIU_SUPPORT]*/
  // Check if CRIU checkpoint mode is enabled, if it is then reconfigure the security providers.
- if (InternalCRIUSupport.isCheckpointAllowed()) {
+ // If -XX:-CRIUSecProvider is specified, we don't need to configure the CRIUSec provider.
+ if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) {
  CRIUConfigurator.setCRIUSecMode(props);
  }
  /*[ENDIF] CRIU_SUPPORT */