RFR: 8294848: Unnecessary SSLCipher dispose implementations
Valerie Peng
valeriep at openjdk.org
Wed Oct 5 22:13:42 UTC 2022
On Wed, 5 Oct 2022 11:24:57 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> This PR removes the implementation of `dispose()` method for AEAD SSLCiphers.
>
> Invocations of [readCipher.dispose](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L118) and [disposeWriteCipher](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L191) come with a comment:
>
>> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
>> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
>
> Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
>
> AEAD ciphers are similar to MAC - `doFinal()` is also called for every packet. They don't need another explicit `doFinal` call.
>
> Tier1-3 tests clean. No new tests - this is clean up only.
Marked as reviewed by valeriep (Reviewer).
-------------
PR: https://git.openjdk.org/jdk/pull/10574
More information about the security-dev
mailing list