RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in thread-unsafe clones [v3]

Sean Mullan mullan at openjdk.org
Fri Feb 3 15:33:54 UTC 2023


On Wed, 1 Feb 2023 15:13:41 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Sean's comment
>
> test/jdk/java/security/MessageDigest/TestCloneable.java line 95:
> 
>> 93: 
>> 94:         System.out.println(": Shared data check");
>> 95:         if (!Arrays.equals(d1.digest(), d2.digest())) {
> 
> If d1 and d2 don't share memory and each thread processes random bytes, how can the digests be equal?

@mpdonova I believe it is because Random is producing the same sequence of bytes for each thread, and thus each MessageDigest should be equal. When the memory is shared, they inevitably overwrite each other's tempArray and you get different results.

-------------

PR: https://git.openjdk.org/jdk/pull/12348



More information about the security-dev mailing list