RFR: 8294848: Unnecessary SSLCipher dispose implementations
Daniel Jeliński
djelinski at openjdk.org
Wed Oct 5 13:03:51 UTC 2022
This PR removes the implementation of `dispose()` method for AEAD SSLCiphers.
Invocations of [readCipher.dispose](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L118) and [disposeWriteCipher](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L191) come with a comment:
> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
AEAD ciphers are similar to MAC - `doFinal()` is also called for every packet. They don't need another explicit `doFinal` call.
Tier1-3 tests clean. No new tests - this is clean up only.
-------------
Commit messages:
- Remove unneeded doFinal calls
Changes: https://git.openjdk.org/jdk/pull/10574/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10574&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8294848
Stats: 88 lines in 1 file changed: 0 ins; 88 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/10574.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/10574/head:pull/10574
PR: https://git.openjdk.org/jdk/pull/10574
More information about the security-dev
mailing list