-
Bug
-
Resolution: Fixed
-
P2
-
None
-
b28
-
generic
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8247655 | 16 | Valerie Peng | P2 | Resolved | Fixed | b02 |
| JDK-8250044 | 15.0.2 | Valerie Peng | P2 | Resolved | Fixed | b01 |
| JDK-8250342 | 15.0.1 | Valerie Peng | P2 | Resolved | Fixed | b03 |
src/java.base/share/classes/com/sun/crypto/provider/HmacCore.java
HmacCore(String digestAlgo, int bl) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance(digestAlgo);
if (!(md instanceof Cloneable)) {
// use SUN provider if the most preferred one does not support
// cloning
Provider sun = Security.getProvider("SUN");
if (sun != null) {
md = MessageDigest.getInstance(digestAlgo, sun);
} else {
String noCloneProv = md.getProvider().getName();
// if no Sun provider, use provider list
Provider[] provs = Security.getProviders();
for (Provider p : provs) {
try {
if (!p.getName().equals(noCloneProv)) {
MessageDigest md2 =
MessageDigest.getInstance(digestAlgo, p);
if (md2 instanceof Cloneable) {
md = md2;
break;
}
}
} catch (NoSuchAlgorithmException nsae) {
continue;
}
}
}
}
this.md = md;
this.blockLen = bl;
this.k_ipad = new byte[blockLen];
this.k_opad = new byte[blockLen];
first = true;
}
===
The " if (!(md instanceof Cloneable)) {" test may be incorrect in above code. It seems like MessageDigest Objects returned are not Cloneable by contract.
jshell> MessageDigest md = MessageDigest.getInstance("SHA-256")
md ==> SHA-256 Message Digest from SUN, <initialized>
jshell> (md instanceof Cloneable)
$12 ==> false
jshell> md.getClass();
$13 ==> class java.security.MessageDigest$Delegate Digest$Delegate
MessageDigest itself or its parent class do not implement Cloneable.
- backported by
-
JDK-8247655 Cloneable test in HmacCore seems questionable
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-