Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8172525: Improve key keying case
authorapetcher
Fri, 28 Apr 2017 10:17:46 -0400
changeset 48560 46e99460e8c9
parent 48559 607d78d0e6f7
child 48561 f6796a7e4454
8172525: Improve key keying case Reviewed-by: mullan, valeriep, rhalade, ahgross
src/java.base/share/classes/com/sun/crypto/provider/DESKey.java file | annotate | diff | comparison | revisions
src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java file | annotate | diff | comparison | revisions
src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java file | annotate | diff | comparison | revisions
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java file | annotate | diff | comparison | revisions 
--- a/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -86,7 +87,12 @@
     public byte[] getEncoded() {
         // Return a copy of the key, rather than a reference,
         // so that the key data cannot be modified from outside
-        return this.key.clone();
+
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -86,7 +87,11 @@
     }
 
     public byte[] getEncoded() {
-        return this.key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.spec.InvalidKeySpecException;
@@ -80,7 +81,11 @@
     }
 
     public byte[] getEncoded() {
-        return this.key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Fri Apr 28 10:17:46 2017 -0400
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.ObjectStreamException;
+import java.lang.ref.Reference;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
@@ -208,7 +209,11 @@
     }
 
     public byte[] getEncoded() {
-        return key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
@@ -220,7 +225,11 @@
     }
 
     public char[] getPassword() {
-        return passwd.clone();
+        // The password is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        char[] result = passwd.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public byte[] getSalt() {
jdk-sandbox