RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in thread-unsafe clones [v3]
Sean Mullan
mullan at openjdk.org
Fri Feb 3 15:33:54 UTC 2023
On Wed, 1 Feb 2023 15:13:41 GMT, Matthew Donovan <duke at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Sean's comment
>
> test/jdk/java/security/MessageDigest/TestCloneable.java line 95:
>
>> 93:
>> 94: System.out.println(": Shared data check");
>> 95: if (!Arrays.equals(d1.digest(), d2.digest())) {
>
> If d1 and d2 don't share memory and each thread processes random bytes, how can the digests be equal?
@mpdonova I believe it is because Random is producing the same sequence of bytes for each thread, and thus each MessageDigest should be equal. When the memory is shared, they inevitably overwrite each other's tempArray and you get different results.
-------------
PR: https://git.openjdk.org/jdk/pull/12348
More information about the security-dev
mailing list