8223003: SunMSCAPI keys are not cleaned up

Reviewed-by: igerasim
This commit is contained in:
Weijun Wang 2019-04-27 18:21:57 +08:00
parent e6ace7be6f
commit 21d50973d1
6 changed files with 50 additions and 30 deletions
src/jdk.crypto.mscapi/windows
classes/sun/security/mscapi
native/libsunmscapi
test/jdk/java/security/KeyPairGenerator

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -75,9 +75,9 @@ abstract class CKey implements Key, Length {
protected final String algorithm; protected final String algorithm;
protected CKey(String algorithm, long hCryptProv, long hCryptKey, int keyLength) { protected CKey(String algorithm, NativeHandles handles, int keyLength) {
this.algorithm = algorithm; this.algorithm = algorithm;
this.handles = new NativeHandles(hCryptProv, hCryptKey); this.handles = handles;
this.keyLength = keyLength; this.keyLength = keyLength;
} }

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -36,9 +36,13 @@ class CKeyPair {
private final CPublicKey publicKey; private final CPublicKey publicKey;
/**
* This method is called by native codes in security.cpp.
*/
CKeyPair(String alg, long hCryptProv, long hCryptKey, int keyLength) { CKeyPair(String alg, long hCryptProv, long hCryptKey, int keyLength) {
privateKey = CPrivateKey.of(alg, hCryptProv, hCryptKey, keyLength); CKey.NativeHandles handles = new CKey.NativeHandles(hCryptProv, hCryptKey);
publicKey = CPublicKey.of(alg, hCryptProv, hCryptKey, keyLength); privateKey = CPrivateKey.of(alg, handles, keyLength);
publicKey = CPublicKey.of(alg, handles, keyLength);
} }
public CPrivateKey getPrivate() { public CPrivateKey getPrivate() {

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -37,12 +37,18 @@ class CPrivateKey extends CKey implements PrivateKey {
private static final long serialVersionUID = 8113152807912338063L; private static final long serialVersionUID = 8113152807912338063L;
private CPrivateKey(String alg, long hCryptProv, long hCryptKey, int keyLength) { private CPrivateKey(String alg, NativeHandles handles, int keyLength) {
super(alg, hCryptProv, hCryptKey, keyLength); super(alg, handles, keyLength);
} }
public static CPrivateKey of(String alg, long hCryptProv, long hCryptKey, int keyLength) { // Called by native code inside security.cpp
return new CPrivateKey(alg, hCryptProv, hCryptKey, keyLength); static CPrivateKey of(
String alg, long hCryptProv, long hCryptKey, int keyLength) {
return of(alg, new NativeHandles(hCryptProv, hCryptKey), keyLength);
}
public static CPrivateKey of(String alg, NativeHandles handles, int keyLength) {
return new CPrivateKey(alg, handles, keyLength);
} }
// this key does not support encoding // this key does not support encoding

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -59,8 +59,8 @@ public abstract class CPublicKey extends CKey implements PublicKey {
private ECPoint w = null; private ECPoint w = null;
private static final long serialVersionUID = 12L; private static final long serialVersionUID = 12L;
CECPublicKey(long hCryptProv, int keyLength) { CECPublicKey(NativeHandles handles, int keyLength) {
super("EC", hCryptProv, 0, keyLength); super("EC", handles, keyLength);
} }
@Override @Override
@ -121,8 +121,8 @@ public abstract class CPublicKey extends CKey implements PublicKey {
private BigInteger exponent = null; private BigInteger exponent = null;
private static final long serialVersionUID = 12L; private static final long serialVersionUID = 12L;
CRSAPublicKey(long hCryptProv, long hCryptKey, int keyLength) { CRSAPublicKey(NativeHandles handles, int keyLength) {
super("RSA", hCryptProv, hCryptKey, keyLength); super("RSA", handles, keyLength);
} }
public String toString() { public String toString() {
@ -181,21 +181,27 @@ public abstract class CPublicKey extends CKey implements PublicKey {
private native byte[] getModulus(byte[] keyBlob) throws KeyException; private native byte[] getModulus(byte[] keyBlob) throws KeyException;
} }
public static CPublicKey of( // Called by native code inside security.cpp
static CPublicKey of(
String alg, long hCryptProv, long hCryptKey, int keyLength) { String alg, long hCryptProv, long hCryptKey, int keyLength) {
return of(alg, new NativeHandles(hCryptProv, hCryptKey), keyLength);
}
public static CPublicKey of(
String alg, NativeHandles handles, int keyLength) {
switch (alg) { switch (alg) {
case "RSA": case "RSA":
return new CRSAPublicKey(hCryptProv, hCryptKey, keyLength); return new CRSAPublicKey(handles, keyLength);
case "EC": case "EC":
return new CECPublicKey(hCryptProv, keyLength); return new CECPublicKey(handles, keyLength);
default: default:
throw new AssertionError("Unsupported algorithm: " + alg); throw new AssertionError("Unsupported algorithm: " + alg);
} }
} }
protected CPublicKey( protected CPublicKey(
String alg, long hCryptProv, long hCryptKey, int keyLength) { String alg, NativeHandles handles, int keyLength) {
super(alg, hCryptProv, hCryptKey, keyLength); super(alg, handles, keyLength);
} }
@Override @Override

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -692,18 +692,22 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_CKeyStore_loadKeysOrCertificateC
/* /*
* Class: sun_security_mscapi_Key * Class: sun_security_mscapi_CKey
* Method: cleanUp * Method: cleanUp
* Signature: (JJ)V * Signature: (JJ)V
*/ */
JNIEXPORT void JNICALL Java_sun_security_mscapi_Key_cleanUp JNIEXPORT void JNICALL Java_sun_security_mscapi_CKey_cleanUp
(JNIEnv *env, jclass clazz, jlong hCryptProv, jlong hCryptKey) (JNIEnv *env, jclass clazz, jlong hCryptProv, jlong hCryptKey)
{ {
if (hCryptKey != NULL) if (hCryptKey == NULL && hCryptProv != NULL) {
::CryptDestroyKey((HCRYPTKEY) hCryptKey); // deprecated NCryptFreeObject((NCRYPT_HANDLE)hCryptProv);
} else {
if (hCryptKey != NULL)
::CryptDestroyKey((HCRYPTKEY) hCryptKey); // deprecated
if (hCryptProv != NULL) if (hCryptProv != NULL)
::CryptReleaseContext((HCRYPTPROV) hCryptProv, NULL); // deprecated ::CryptReleaseContext((HCRYPTPROV) hCryptProv, NULL); // deprecated
}
} }
/* /*

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/** /**
* @test * @test
* @bug 8163896 * @bug 8163896 8223003
* @summary Finalizing one key of a KeyPair invalidates the other key * @summary Finalizing one key of a KeyPair invalidates the other key
*/ */