[11.0.9u] Open P2 bug 8250787 Provider.put no longer registering aliases in FIPS env

David Alvarez alvdavi at amazon.com
Fri Sep 18 20:21:22 UTC 2020 

Hi Goetz,

I am currently working on a patch for this. After reading the original 
bug, it is my take that the problem of aliases not working in this 
scenario is older, it is just that the JDK changed how most of these 
services are added in 7092821.

The problem is the provider class holding two maps to keep track of 
services, legacyMap (for those added with put) and serviceMap (for those 
added with putService). When an alias is added using put, it will try to 
locate the original service, but only in the legacyMap. My approach is 
making the parseLegacyPut method search both maps [1]. I am still adding 
that alias to the legacyMap (instead of now moving that one to the new 
serviceMap).

I would like to know if anyone sees a problem with this approach, but in 
any case, I'm preparing an RFR for this. If it does not go out today, it 
will on Monday.

--
David

[1] 
http://hg.openjdk.java.net/jdk-updates/jdk11u-dev/file/360916af5610/src/java.base/share/classes/java/security/Provider.java#l1191

On 2020-09-17 23:57, Lindenmaier, Goetz wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> Hi,
> 
> Paul, any progress on this?
> 
> Can anybody rate the risk of not fixing this bug?
> Can anybody reproduce the bug?
> 
> 7092821 that introduced this problem is only a performance
> optimization. If we cannot find a solution for 8250787,
> should we backout 7092821 from 11.0.9?
> 
> Unfortunately, backing out the change does not
> apply clean, because, e.g.,  8246613 reverted parts
> of it.
> 
> Best regards,
>    Goetz.
> 
> From: Hohensee, Paul <hohensee at amazon.com>
> Sent: Monday, August 31, 2020 6:43 PM
> To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; jdk-updates-dev at openjdk.java.net
> Subject: RE: [11u] Input on 8250787 Provider.put no longer registering aliases in FIPS env
> 
> We’ll take a look.
> 
> Thanks,
> Paul
> 
> From: "Lindenmaier, Goetz" <goetz.lindenmaier at sap.com<mailto:goetz.lindenmaier at sap.com>>
> Date: Monday, August 31, 2020 at 7:55 AM
> To: "jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>" <jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>>, "Hohensee, Paul" <hohensee at amazon.com<mailto:hohensee at amazon.com>>
> Subject: [11u] Input on 8250787 Provider.put no longer registering aliases in FIPS env
> 
> Hi,
> 
> I had a look at
> 8250787 Provider.put no longer registering aliases in FIPS env
> https://bugs.openjdk.java.net/browse/JDK-8250787
> 
> This is the last relevant open 11.0.9-oracle change in 11u.
> Oracle rates it P2.
> Unfortunately, no patch to downport exists. It is fixed only in 11
> and 8 by Oracle.
> 
> Apparently the problem was introduced by
> 1.       7092821<https://bugs.openjdk.java.net/browse/JDK-7092821>: java.security.Provider.getService() is synchronized and became scalability bottleneck
> 2.       https://bugs.openjdk.java.net/browse/JDK-7092821
> which was downported to 11.0.7.  Paul, do you maybe have an idea how to fix this?
> 
> Best regards,
>    Goetz.
> 
>

More information about the jdk-updates-dev mailing list