[15] RFR JDK-8246077: Cloneable test in HmacCore seems questionable

Valerie Peng valerie.peng at oracle.com
Thu Jun 4 00:09:44 UTC 2020


Hi,

Anyone can help review this fix? I changed 
com.sun.crypto.provider.HmacCore class and 
sun.security.ssl.HandshakeHash class to check for cloneability based on 
the clone() call instead of the Cloneable interface. Noticed a bug in 
sun.security.provider.DigestBase class which misses to reset the 
temporary buffer when cloning and fixed it here as well.

Lastly, I also made changes to java.security.MessageDigest and 
java.security.Signature classes and attempt to match the Delegate 
wrapper with the underlying spi object, i.e. if the spi implements 
Cloneable and then Delegate wrapper also implements Cloneable. This part 
is mostly for non-JDK callers which rely on the instanceof Cloneable 
check for cloneability. However, for Signature class, if the object is 
requested using Signature.getInstance(String), then we can't do matching 
here since the underlying spi is not yet determined at this time. The 3  
TestCloneable.java tests are for testing this last part and is NOT for 
the HmacCore and HandshakeHash changes. I am on the fence about this 
part and am open to leave this out if minimum fix is preferred.

Bug: https://bugs.openjdk.java.net/browse/JDK-8246077
Webrev: http://cr.openjdk.java.net/~valeriep/8246077/webrev.00/

Thanks,

Valerie



More information about the security-dev mailing list