changeset 48624:46e99460e8c9

8172525: Improve key keying case Reviewed-by: mullan, valeriep, rhalade, ahgross
author apetcher
date Fri, 28 Apr 2017 10:17:46 -0400
parents 607d78d0e6f7
children f6796a7e4454
files src/java.base/share/classes/com/sun/crypto/provider/DESKey.java src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
diffstat 4 files changed, 30 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -86,7 +87,12 @@
     public byte[] getEncoded() {
         // Return a copy of the key, rather than a reference,
         // so that the key data cannot be modified from outside
-        return this.key.clone();
+
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -86,7 +87,11 @@
     }
 
     public byte[] getEncoded() {
-        return this.key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java	Fri Apr 28 10:17:46 2017 -0400
@@ -25,6 +25,7 @@
 
 package com.sun.crypto.provider;
 
+import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.spec.InvalidKeySpecException;
@@ -80,7 +81,11 @@
     }
 
     public byte[] getEncoded() {
-        return this.key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Thu Mar 23 10:52:00 2017 +0530
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Fri Apr 28 10:17:46 2017 -0400
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.ObjectStreamException;
+import java.lang.ref.Reference;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
@@ -208,7 +209,11 @@
     }
 
     public byte[] getEncoded() {
-        return key.clone();
+        // The key is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        byte[] result = key.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public String getAlgorithm() {
@@ -220,7 +225,11 @@
     }
 
     public char[] getPassword() {
-        return passwd.clone();
+        // The password is zeroized by finalize()
+        // The reachability fence ensures finalize() isn't called early
+        char[] result = passwd.clone();
+        Reference.reachabilityFence(this);
+        return result;
     }
 
     public byte[] getSalt() {