RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in thread-unsafe clones
Mark Powers
mpowers at openjdk.org
Wed Feb 1 17:58:52 UTC 2023
On Wed, 1 Feb 2023 15:13:41 GMT, Matthew Donovan <duke at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8300416
>
> test/jdk/java/security/MessageDigest/TestCloneable.java line 95:
>
>> 93:
>> 94: System.out.println(": Shared data check");
>> 95: if (!Arrays.equals(d1.digest(), d2.digest())) {
>
> If d1 and d2 don't share memory and each thread processes random bytes, how can the digests be equal?
In the case where ByteBuffer has allocated a direct buffer, a new internal byte array gets allocated. This is the shared memory that's causing the problem. See MessageDigestSpi.java line 220.
Oops got to update the copyright.
-------------
PR: https://git.openjdk.org/jdk/pull/12348
More information about the security-dev
mailing list