6578538: com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext
Reviewed-by: valeriep
This commit is contained in:
Bradford Wetmore
parent
9a2759ee8d
commit
623bcb71a5
@ -34,6 +34,7 @@ import java.security.KeyRep;
|
|||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
import java.security.InvalidKeyException;
|
import java.security.InvalidKeyException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import javax.crypto.Mac;
|
import javax.crypto.Mac;
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
@ -107,12 +108,17 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
|
|||||||
throw new InvalidKeySpecException("Key length is negative");
|
throw new InvalidKeySpecException("Key length is negative");
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
this.prf = Mac.getInstance(prfAlgo, new SunJCE());
|
this.prf = Mac.getInstance(prfAlgo, "SunJCE");
|
||||||
} catch (NoSuchAlgorithmException nsae) {
|
} catch (NoSuchAlgorithmException nsae) {
|
||||||
// not gonna happen; re-throw just in case
|
// not gonna happen; re-throw just in case
|
||||||
InvalidKeySpecException ike = new InvalidKeySpecException();
|
InvalidKeySpecException ike = new InvalidKeySpecException();
|
||||||
ike.initCause(nsae);
|
ike.initCause(nsae);
|
||||||
throw ike;
|
throw ike;
|
||||||
|
} catch (NoSuchProviderException nspe) {
|
||||||
|
// Again, not gonna happen; re-throw just in case
|
||||||
|
InvalidKeySpecException ike = new InvalidKeySpecException();
|
||||||
|
ike.initCause(nspe);
|
||||||
|
throw ike;
|
||||||
}
|
}
|
||||||
this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
|
this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,72 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2005-2007 Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||||
|
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||||
|
* have any questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @bug 6578538
|
||||||
|
* @summary com.sun.crypto.provider.SunJCE instance leak using KRB5 and
|
||||||
|
* LoginContext
|
||||||
|
* @author Brad Wetmore
|
||||||
|
*
|
||||||
|
* @run main/othervm -Xmx2m TestProviderLeak
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We force the leak to become a problem by specifying the minimum
|
||||||
|
* size heap we can (above). In current runs on a server and client
|
||||||
|
* machine, it took roughly 220-240 iterations to have the memory leak
|
||||||
|
* shut down other operations. It complained about "Unable to verify
|
||||||
|
* the SunJCE provider."
|
||||||
|
*/
|
||||||
|
|
||||||
|
import javax.crypto.*;
|
||||||
|
import javax.crypto.spec.*;
|
||||||
|
|
||||||
|
public class TestProviderLeak {
|
||||||
|
private static void dumpMemoryStats(String s) throws Exception {
|
||||||
|
Runtime rt = Runtime.getRuntime();
|
||||||
|
System.out.println(s + ":\t" +
|
||||||
|
rt.freeMemory() + " bytes free");
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void main(String [] args) throws Exception {
|
||||||
|
SecretKeyFactory skf =
|
||||||
|
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE");
|
||||||
|
PBEKeySpec pbeKS = new PBEKeySpec(
|
||||||
|
"passPhrase".toCharArray(), new byte [] { 0 }, 5, 512);
|
||||||
|
for (int i = 0; i <= 1000; i++) {
|
||||||
|
try {
|
||||||
|
skf.generateSecret(pbeKS);
|
||||||
|
if ((i % 20) == 0) {
|
||||||
|
// Calling gc() isn't dependable, but doesn't hurt.
|
||||||
|
// Gives better output in leak cases.
|
||||||
|
System.gc();
|
||||||
|
dumpMemoryStats("Iteration " + i);
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
dumpMemoryStats("\nException seen at iteration " + i);
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user