[jdk21u-dev] RFR: 8302111: Serialization considerations [v2]

Goetz Lindenmaier goetz at openjdk.org
Tue Feb 11 08:30:01 UTC 2025 

> I think this is a valuable fix we need in 21.  It secures deserialized data.
> 
> The code needed some resolves, but overall the change of
> head fits well on the code in 21.  In detail:
> 
> I resolved
>   src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java and
>   src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java.
> It does not apply as these changes are missing in 21:
>   8311170: Simplify and modernize equals and hashCode in security area
>   8315974: Make fields final in 'com.sun.crypto.provider' package
> Both files have similar differences between head and 21:
> In both files I resolved one larger chunk. Some of the removed code is different:
>   * Initialization of this.l removed in original.  This initialization is not in 21.
>   * head has some coding initializing this.x/y.  This is handled by a call to
>     parseKeyBits() in 21, which executes similar code.
> The new code is the same as in head.
> 
> In src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java, changes
>   8327818: Implement Kerberos debug with sun.security.util.Debug and again
>   8311170: Simplify and modernize equals and hashCode in security area
> are missing in 21.
> This only requires trivial resolves due to context differences.
> 
> I based this backport on the commit to head.
> The commit to 22.0.2 is identical to that, except that it skips
> two unnecessary empty lines in KRBError.java. I rather go
> with the head version as this will make further backports
> fit better.
> 
> This passed our nightly testing which includes the tests for the security implementations. 
> We run headless tier 1-4 on 8 platform with fastdebug, jck and further internal tests.

Goetz Lindenmaier has updated the pull request incrementally with one additional commit since the last revision:

  Remove parseKeyBits()

-------------

Changes:
  - all: https://git.openjdk.org/jdk21u-dev/pull/1391/files
  - new: https://git.openjdk.org/jdk21u-dev/pull/1391/files/c11e3a94..d3ec94bc

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk21u-dev&pr=1391&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk21u-dev&pr=1391&range=00-01

  Stats: 20 lines in 2 files changed: 0 ins; 20 del; 0 mod
  Patch: https://git.openjdk.org/jdk21u-dev/pull/1391.diff
  Fetch: git fetch https://git.openjdk.org/jdk21u-dev.git pull/1391/head:pull/1391

PR: https://git.openjdk.org/jdk21u-dev/pull/1391

More information about the jdk-updates-dev mailing list