From 9b316ef75a1e2b9d775be557ac8123397ab41e4a Mon Sep 17 00:00:00 2001
From: WilburZjh <wilburzjh@gmail.com>
Date: Sun, 22 Oct 2023 21:11:47 -0400
Subject: [PATCH] Apply an additional condition if -XX:-CRIUSecProvider is
 specified

---
 .../share/classes/jdk/crypto/jniprovider/NativeCrypto.java   | 5 +++--
 src/java.base/share/classes/java/security/Security.java      | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
index 02e681f93c2..812b7144671 100644
--- a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
+++ b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -119,14 +119,15 @@ public static final boolean isAllowedAndLoaded() {
 
     /**
      * Return the OpenSSL version.
-     * -1 is returned if CRIU is enabled and the checkpoint is allowed.
+     * -1 is returned if CRIU is enabled and checkpoints are allowed
+     * unless -XX:-CRIUSecProvider is specified.
      * The libraries are to be loaded for the first reference of InstanceHolder.instance.
      *
      * @return the OpenSSL library version if it is available
      */
     public static final long getVersionIfAvailable() {
 /*[IF CRIU_SUPPORT]*/
-        if (InternalCRIUSupport.isCheckpointAllowed()) {
+        if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) {
             return -1;
         }
 /*[ENDIF] CRIU_SUPPORT */
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index 481d4b94500..b5da85c2f01 100644
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -143,7 +143,8 @@ private static void initialize() {
 
         /*[IF CRIU_SUPPORT]*/
         // Check if CRIU checkpoint mode is enabled, if it is then reconfigure the security providers.
-        if (InternalCRIUSupport.isCheckpointAllowed()) {
+        // If -XX:-CRIUSecProvider is specified, we don't need to configure the CRIUSec provider.
+        if (InternalCRIUSupport.isCheckpointAllowed() && InternalCRIUSupport.enableCRIUSecProvider()) {
             CRIUConfigurator.setCRIUSecMode(props);
         }
         /*[ENDIF] CRIU_SUPPORT */