[jdk21u-dev] RFR: 8302111: Serialization considerations

[Goetz Lindenmaier]

I think this is a valuable fix we need in 21.  It secures deserialized data.

The code needed some resolves, but overall the change of
head fits well on the code in 21.  In detail:

I resolved
  src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java and
  src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java.
It does not apply as these changes are missing in 21:
  8311170: Simplify and modernize equals and hashCode in security area
  8315974: Make fields final in 'com.sun.crypto.provider' package

In both files I resolved one larger chunk. Some removed code is different:
  * Initialization of this.l removed in original.  Initialization not in 21.
  * head has some coding initializing this.x/y.  This is handled by a call to
    parseKeyBits in 21.
Both files have similar differences between head and 21.

In src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java, changes
  8327818: Implement Kerberos debug with sun.security.util.Debug and again
  8311170: Simplify and modernize equals and hashCode in security area
are missing in 21.
This only requires trivial resolves due to context differences.

I based this backport on the commit to head.
The commit to 22.0.2 is identical to that, except that it skips
two unnecessary empty lines in KRBError.java. I rather go
with the head version as this will make further backports
fit better.

-------------

Commit messages:
 - Backport 369c573383a0120e0d85aeb89a211f38b5261013

Changes: https://git.openjdk.org/jdk21u-dev/pull/1391/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk21u-dev&pr=1391&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8302111
  Stats: 1026 lines in 21 files changed: 567 ins; 279 del; 180 mod
  Patch: https://git.openjdk.org/jdk21u-dev/pull/1391.diff
  Fetch: git fetch https://git.openjdk.org/jdk21u-dev.git pull/1391/head:pull/1391

PR: https://git.openjdk.org/jdk21u-dev/pull/1391