Integrated: 8294848: Unnecessary SSLCipher dispose implementations
Daniel Jeliński
djelinski at openjdk.org
Mon Oct 10 07:07:03 UTC 2022
On Wed, 5 Oct 2022 11:24:57 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> This PR removes the implementation of `dispose()` method for AEAD SSLCiphers.
>
> Invocations of [readCipher.dispose](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L118) and [disposeWriteCipher](https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L191) come with a comment:
>
>> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
>> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
>
> Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
>
> AEAD ciphers are similar to MAC - `doFinal()` is also called for every packet. They don't need another explicit `doFinal` call.
>
> Tier1-3 tests clean. No new tests - this is clean up only.
This pull request has now been integrated.
Changeset: 8a148bc9
Author: Daniel Jeliński <djelinski at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/8a148bc960a61908359f9e6dd62c8e7791cc2690
Stats: 88 lines in 1 file changed: 0 ins; 88 del; 0 mod
8294848: Unnecessary SSLCipher dispose implementations
Reviewed-by: xuelei, valeriep, wetmore
-------------
PR: https://git.openjdk.org/jdk/pull/10574
More information about the security-dev
mailing list