RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider
Xue-Lei Andrew Fan
xuelei at openjdk.org
Fri Jul 14 03:07:11 UTC 2023
On Fri, 14 Jul 2023 02:37:09 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> > > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks!
> >
> >
> > For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue?
>
> Yes, it makes sense to me.
I may reply too quickly to get the idea. Why you think there will be strong reference to the key object for hashCode()/equals(), but not for getEncoded()? I did not get the idea.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1635198764
More information about the security-dev
mailing list