[PATCH] Add class java.security.StandardMessageDigests
Xuelei Fan
xuelei.fan at oracle.com
Tue May 6 12:35:37 UTC 2014
>> Per the spec, clone() may throw CloneNotSupportedException. It is OK a
>> certain provider does not support Cloneable.
>
> The key part is that the behavior has to be consistent across all
> objects. It's not required that clone() works, but if it works for one
> instance, it works for all of them.
>
True.
>>> The
>>> TLS implementation also relies on this behavior (i.e. clone() either
>>> consistently fails or consistently succeeds).
>>>
>> That's true. SunJSSE requires cloneable MD implementation.
>
> Are you sure? It contains a fairly elaborate workaround for the
> non-cloneable case (construct as many digest objects as needed, and then
> feed them data in parallel so that you can finalize one pseudo-clone,
> but continue hashing using the other one).
>
Right. You got it! That's also what I mean with "cloneable".
>>>> BTW! I guess in some situation or some providers, clone() might not be
>>>> a lightweight operation.
>>>
>>> Hmm. I can see that the state cannot be cloned at all (that's why
>>> cloning is optional), but allocating a new state has to happen anyway,
>>> no matter how the object is constructed.
>>>
>> Let's consider a case, every MD object should be bound to a session, and
>> the operations should be synchronized in the session. clone() will share
>> the session, the operations among different MD objects that share the
>> session need to be synchronized. I think, there is a significant
>> performance and scalablity impact if StandardMessageDigests is used for
>> such cases in concurrency context.
>
> Why would clone() share the session, but constructing a new digest would
> not? Because sharing the session would be the only way to share the
> state? Ugh, yes, you might be right.
>
When I though about the case, the idea come to my mind was that the
clone() may need to use the current states of MD. It is great if all of
the current states can also be cloned to another session. But ...
When the implementation of the underlying is unknown, it is hard to
estimate the detailed behavior in the unknown black box.
Xuelei
More information about the security-dev
mailing list