changeset 78:f6905d8eee6e

6578538: com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext Reviewed-by: valeriep
author wetmore
date Thu, 06 Mar 2008 16:06:45 -0800
parents fa6948bdc4b0
children 1cb78400acce
files src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java
diffstat 2 files changed, 79 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Thu Mar 06 10:35:28 2008 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Thu Mar 06 16:06:45 2008 -0800
@@ -34,6 +34,7 @@
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
@@ -107,12 +108,17 @@
             throw new InvalidKeySpecException("Key length is negative");
         }
         try {
-            this.prf = Mac.getInstance(prfAlgo, new SunJCE());
+            this.prf = Mac.getInstance(prfAlgo, "SunJCE");
         } catch (NoSuchAlgorithmException nsae) {
             // not gonna happen; re-throw just in case
             InvalidKeySpecException ike = new InvalidKeySpecException();
             ike.initCause(nsae);
             throw ike;
+        } catch (NoSuchProviderException nspe) {
+            // Again, not gonna happen; re-throw just in case
+            InvalidKeySpecException ike = new InvalidKeySpecException();
+            ike.initCause(nspe);
+            throw ike;
         }
         this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java	Thu Mar 06 16:06:45 2008 -0800
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6578538
+ * @summary com.sun.crypto.provider.SunJCE instance leak using KRB5 and
+ *     LoginContext
+ * @author Brad Wetmore
+ *
+ * @run main/othervm -Xmx2m TestProviderLeak
+ */
+
+/*
+ * We force the leak to become a problem by specifying the minimum
+ * size heap we can (above).  In current runs on a server and client
+ * machine, it took roughly 220-240 iterations to have the memory leak
+ * shut down other operations.  It complained about "Unable to verify
+ * the SunJCE provider."
+ */
+
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class TestProviderLeak {
+    private static void dumpMemoryStats(String s) throws Exception {
+        Runtime rt = Runtime.getRuntime();
+        System.out.println(s + ":\t" +
+            rt.freeMemory() + " bytes free");
+    }
+
+    public static void main(String [] args) throws Exception {
+        SecretKeyFactory skf =
+            SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE");
+        PBEKeySpec pbeKS = new PBEKeySpec(
+            "passPhrase".toCharArray(), new byte [] { 0 }, 5, 512);
+        for (int i = 0; i <= 1000; i++) {
+            try {
+                skf.generateSecret(pbeKS);
+                if ((i % 20) == 0) {
+                     // Calling gc() isn't dependable, but doesn't hurt.
+                     // Gives better output in leak cases.
+                    System.gc();
+                    dumpMemoryStats("Iteration " + i);
+                }
+            } catch (Exception e) {
+                dumpMemoryStats("\nException seen at iteration " + i);
+                throw e;
+            }
+        }
+    }
+}