1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8172525: Improve key keying case

Browse Source 
Reviewed-by: mullan, valeriep, rhalade, ahgross
This commit is contained in:
Adam Petcher 2017-04-28 10:17:46 -04:00
parent 2ad7c43b76
commit bb2e7a3311
4 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
View File

@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
@ -86,7 +87,12 @@ final class DESKey implements SecretKey {
public byte[] getEncoded() {
// Return a copy of the key, rather than a reference,
// so that the key data cannot be modified from outside
return this.key.clone();
// The key is zeroized by finalize()
// The reachability fence ensures finalize() isn't called early
byte[] result = key.clone();
Reference.reachabilityFence(this);
return result;
}
public String getAlgorithm() {

7
src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
View File

@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
@ -86,7 +87,11 @@ final class DESedeKey implements SecretKey {
}
public byte[] getEncoded() {
return this.key.clone();
// The key is zeroized by finalize()
// The reachability fence ensures finalize() isn't called early
byte[] result = key.clone();
Reference.reachabilityFence(this);
return result;
}
public String getAlgorithm() {

7
src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
View File

@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
@ -80,7 +81,11 @@ final class PBEKey implements SecretKey {
}
public byte[] getEncoded() {
return this.key.clone();
// The key is zeroized by finalize()
// The reachability fence ensures finalize() isn't called early
byte[] result = key.clone();
Reference.reachabilityFence(this);
return result;
}
public String getAlgorithm() {

13
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View File

@ -26,6 +26,7 @@
package com.sun.crypto.provider;
import java.io.ObjectStreamException;
import java.lang.ref.Reference;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
@ -208,7 +209,11 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
}
public byte[] getEncoded() {
return key.clone();
// The key is zeroized by finalize()
// The reachability fence ensures finalize() isn't called early
byte[] result = key.clone();
Reference.reachabilityFence(this);
return result;
}
public String getAlgorithm() {
@ -220,7 +225,11 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
}
public char[] getPassword() {
return passwd.clone();
// The password is zeroized by finalize()
// The reachability fence ensures finalize() isn't called early
char[] result = passwd.clone();
Reference.reachabilityFence(this);
return result;
}
public byte[] getSalt() {