RFR 8241960: The SHA3 message digests are not thread safe when cloned

Weijun Wang weijun.wang at oracle.com
Wed Apr 1 01:10:20 UTC 2020

> On Apr 1, 2020, at 4:01 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
> Hi Alexey,
> Good catch, thanks for the report, I will review it.
> On a first look, it seems that this is more about the clone() method of the SHA-3 impl missed copying/cloning an internal field.
> Given that this is about SUN provider, I've modified the synopsis accordingly and move the priority up to P3.
> It may not take multi-thread to reproduce this? If so, we can simplify the regression test.

Looks like a must:

    private void keccak() {
        // convert the 200-byte state into 25 lanes
        bytes2Lanes(state, lanes);
        // process the lanes through step mappings
        for (int ir = 0; ir < NR; ir++) {
            smIota(smChi(smPiRho(smTheta(lanes))), ir);
        // convert the resulting 25 lanes back into 200-byte state
        lanes2Bytes(lanes, state);

One object's lanes can only be used by another if this method is called by multiple threads at the same time.


> Regards,
> Valerie
> On 3/31/2020 11:27 AM, Alexey Bakhtin wrote:
>> Hi All,
>> Please review fix for SHA3 message digests thread safety.
>> Issue reproduced on the JDK11, JDK13 and JDK14
>> JTREG test is provided in the patch
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8241960
>> Webrev: https://cr.openjdk.java.net/~abakhtin/8241960/webrev.v0/
>> Regards
>> Alexey

More information about the security-dev mailing list