stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6578538: com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext

Browse Source 
Reviewed-by: valeriep
This commit is contained in:
Bradford Wetmore 2008-03-06 16:06:45 -08:00
parent 9a2759ee8d
commit 623bcb71a5
2 changed files with 79 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View File

@ -34,6 +34,7 @@ import java.security.KeyRep;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
@ -107,12 +108,17 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
throw new InvalidKeySpecException("Key length is negative");
}
try {
this.prf = Mac.getInstance(prfAlgo, new SunJCE());
this.prf = Mac.getInstance(prfAlgo, "SunJCE");
} catch (NoSuchAlgorithmException nsae) {
// not gonna happen; re-throw just in case
InvalidKeySpecException ike = new InvalidKeySpecException();
ike.initCause(nsae);
throw ike;
} catch (NoSuchProviderException nspe) {
// Again, not gonna happen; re-throw just in case
InvalidKeySpecException ike = new InvalidKeySpecException();
ike.initCause(nspe);
throw ike;
}
this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}

72
jdk/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java Normal file
View File

@ -0,0 +1,72 @@
/*
* Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6578538
* @summary com.sun.crypto.provider.SunJCE instance leak using KRB5 and
* LoginContext
* @author Brad Wetmore
*
* @run main/othervm -Xmx2m TestProviderLeak
*/
/*
* We force the leak to become a problem by specifying the minimum
* size heap we can (above). In current runs on a server and client
* machine, it took roughly 220-240 iterations to have the memory leak
* shut down other operations. It complained about "Unable to verify
* the SunJCE provider."
*/
import javax.crypto.*;
import javax.crypto.spec.*;
public class TestProviderLeak {
private static void dumpMemoryStats(String s) throws Exception {
Runtime rt = Runtime.getRuntime();
System.out.println(s + ":\t" +
rt.freeMemory() + " bytes free");
}
public static void main(String [] args) throws Exception {
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE");
PBEKeySpec pbeKS = new PBEKeySpec(
"passPhrase".toCharArray(), new byte [] { 0 }, 5, 512);
for (int i = 0; i <= 1000; i++) {
try {
skf.generateSecret(pbeKS);
if ((i % 20) == 0) {
// Calling gc() isn't dependable, but doesn't hurt.
// Gives better output in leak cases.
System.gc();
dumpMemoryStats("Iteration " + i);
}
} catch (Exception e) {
dumpMemoryStats("\nException seen at iteration " + i);
throw e;
}
}
}
}