RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider

Xue-Lei Andrew Fan xuelei at openjdk.org
Fri Jul 14 03:07:11 UTC 2023


On Fri, 14 Jul 2023 02:37:09 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> > > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks!
> > 
> > 
> > For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue?
> 
> Yes, it makes sense to me.

I may reply too quickly to get the idea.  Why you think there will be strong reference to the key object for hashCode()/equals(), but not for getEncoded()?  I did not get the idea.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1635198764


More information about the security-dev mailing list