JDK-8165275 : Replace the reflective call to the implUpdate method in HandshakeMessage::digestKey
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-09-01
  • Updated: 2020-11-20
  • Resolved: 2016-10-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9 Other
8u261Fixed 9 b141Fixed openjdk8u272Fixed
sun.security.ssl.HandshakeMessage::digestKey checks if a method named "implUpdate(SecretKey)" is defined in the implementation class of MessageDigestSpi in a MessageDigest instance; if so, it invokes that method.

sun.security.pkcs11.P11Digest seems to be the only class defining "implUpdate(SecretKey)" method with the following comment:

235    // Called by SunJSSE via reflection during the SSL 3.0 handshake if
236    // the master secret is sensitive. We may want to consider making this
237    // method public in a future release.
238    protected void implUpdate(SecretKey key) throws InvalidKeyException {

P11Digest is a final class and looks like this method does not need to be protected.

One option to replace the reflection call with an internal interface defining the implUpdate method signature.   HandshakeMessage can check if MessageDigestSpi instance is such interface and invoke the method statically.