Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8246077

Cloneable test in HmacCore seems questionable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 15
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b28
    • CPU:
      generic
    • Verification:
      Verified

      Backports

        Description

            
        src/java.base/share/classes/com/sun/crypto/provider/HmacCore.java

        HmacCore(String digestAlgo, int bl) throws NoSuchAlgorithmException {
                MessageDigest md = MessageDigest.getInstance(digestAlgo);
                if (!(md instanceof Cloneable)) {
                    // use SUN provider if the most preferred one does not support
                    // cloning
                    Provider sun = Security.getProvider("SUN");
                    if (sun != null) {
                        md = MessageDigest.getInstance(digestAlgo, sun);
                    } else {
                        String noCloneProv = md.getProvider().getName();
                        // if no Sun provider, use provider list
                        Provider[] provs = Security.getProviders();
                        for (Provider p : provs) {
                            try {
                                if (!p.getName().equals(noCloneProv)) {
                                    MessageDigest md2 =
                                        MessageDigest.getInstance(digestAlgo, p);
                                    if (md2 instanceof Cloneable) {
                                        md = md2;
                                        break;
                                    }
                                }
                            } catch (NoSuchAlgorithmException nsae) {
                                continue;
                            }
                        }
                    }
                }
                this.md = md;
                this.blockLen = bl;
                this.k_ipad = new byte[blockLen];
                this.k_opad = new byte[blockLen];
                first = true;
            }

        ===

        The " if (!(md instanceof Cloneable)) {" test may be incorrect in above code. It seems like MessageDigest Objects returned are not Cloneable by contract.

        jshell> MessageDigest md = MessageDigest.getInstance("SHA-256")
        md ==> SHA-256 Message Digest from SUN, <initialized>
        jshell> (md instanceof Cloneable)
        $12 ==> false
        jshell> md.getClass();
        $13 ==> class java.security.MessageDigest$Delegate Digest$Delegate

        MessageDigest itself or its parent class do not implement Cloneable.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  coffeys Sean Coffey
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: