RFR: 8294848: Unnecessary SSLCipher dispose implementations

Bradford Wetmore wetmore at openjdk.org
Sat Oct 8 15:32:29 UTC 2022


On Wed, 5 Oct 2022 11:24:57 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

> This PR removes the implementation of `dispose()` method for AEAD SSLCiphers.
> 
> Invocations of [readCipher.dispose](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L118) and [disposeWriteCipher](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L191) come with a comment:
> 
>> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
>> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
> 
> Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
> 
> AEAD ciphers are similar to MAC - `doFinal()` is also called for every packet. They don't need another explicit `doFinal` call.
> 
> Tier1-3 tests clean. No new tests - this is clean up only.

LGTM.

Can I suggest a noreg-hard label in addition to noreg-cleanup?

-------------

Marked as reviewed by wetmore (Reviewer).

PR: https://git.openjdk.org/jdk/pull/10574


More information about the security-dev mailing list