RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in thread-unsafe clones

Mark Powers mpowers at openjdk.org
Wed Feb 1 17:58:52 UTC 2023


On Wed, 1 Feb 2023 15:13:41 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> https://bugs.openjdk.org/browse/JDK-8300416
>
> test/jdk/java/security/MessageDigest/TestCloneable.java line 95:
> 
>> 93: 
>> 94:         System.out.println(": Shared data check");
>> 95:         if (!Arrays.equals(d1.digest(), d2.digest())) {
> 
> If d1 and d2 don't share memory and each thread processes random bytes, how can the digests be equal?

In the case where ByteBuffer has allocated a direct buffer, a new internal byte array gets allocated. This is the shared memory that's causing the problem. See MessageDigestSpi.java line 220.

Oops got to update the copyright.

-------------

PR: https://git.openjdk.org/jdk/pull/12348



More information about the security-dev mailing list