RFR 8241960: The SHA3 message digests are not thread safe when cloned
Valerie Peng
valerie.peng at oracle.com
Tue Mar 31 20:01:18 UTC 2020
Hi Alexey,
Good catch, thanks for the report, I will review it.
On a first look, it seems that this is more about the clone() method of
the SHA-3 impl missed copying/cloning an internal field.
Given that this is about SUN provider, I've modified the synopsis
accordingly and move the priority up to P3.
It may not take multi-thread to reproduce this? If so, we can simplify
the regression test.
Regards,
Valerie
On 3/31/2020 11:27 AM, Alexey Bakhtin wrote:
> Hi All,
>
> Please review fix for SHA3 message digests thread safety.
> Issue reproduced on the JDK11, JDK13 and JDK14
> JTREG test is provided in the patch
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8241960
> Webrev: https://cr.openjdk.java.net/~abakhtin/8241960/webrev.v0/
>
> Regards
> Alexey
>
More information about the security-dev
mailing list