stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8268525: Some new memory leak after JDK-8248268 and JDK-8255557

Browse Source 
Reviewed-by: valeriep, ascarpino
This commit is contained in:
Weijun Wang 2021-06-10 22:18:38 +00:00
parent 53b6e2c85c
commit 7b2e7d8bab
5 changed files with 91 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java
View File

@ -435,50 +435,54 @@ final class CipherCore {
byte[] keyBytes = getKeyBytes(key);
byte[] ivBytes = null;
if (params != null) {
if (params instanceof IvParameterSpec) {
ivBytes = ((IvParameterSpec) params).getIV();
if ((ivBytes == null) || (ivBytes.length != blockSize)) {
try {
if (params != null) {
if (params instanceof IvParameterSpec) {
ivBytes = ((IvParameterSpec) params).getIV();
if ((ivBytes == null) || (ivBytes.length != blockSize)) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
}
} else if (params instanceof RC2ParameterSpec) {
ivBytes = ((RC2ParameterSpec) params).getIV();
if ((ivBytes != null) && (ivBytes.length != blockSize)) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
}
} else {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
("Unsupported parameter: " + params);
}
} else if (params instanceof RC2ParameterSpec) {
ivBytes = ((RC2ParameterSpec) params).getIV();
if ((ivBytes != null) && (ivBytes.length != blockSize)) {
}
if (cipherMode == ECB_MODE) {
if (ivBytes != null) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
("ECB mode cannot use IV");
}
} else {
throw new InvalidAlgorithmParameterException
("Unsupported parameter: " + params);
} else if (ivBytes == null) {
if (decrypting) {
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}
if (random == null) {
random = SunJCE.getRandom();
}
ivBytes = new byte[blockSize];
random.nextBytes(ivBytes);
}
buffered = 0;
diffBlocksize = blockSize;
String algorithm = key.getAlgorithm();
cipher.init(decrypting, algorithm, keyBytes, ivBytes);
} finally {
Arrays.fill(keyBytes, (byte)0);
}
if (cipherMode == ECB_MODE) {
if (ivBytes != null) {
throw new InvalidAlgorithmParameterException
("ECB mode cannot use IV");
}
} else if (ivBytes == null) {
if (decrypting) {
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}
if (random == null) {
random = SunJCE.getRandom();
}
ivBytes = new byte[blockSize];
random.nextBytes(ivBytes);
}
buffered = 0;
diffBlocksize = blockSize;
String algorithm = key.getAlgorithm();
cipher.init(decrypting, algorithm, keyBytes, ivBytes);
}
void init(int opmode, Key key, AlgorithmParameters params,

91
src/java.base/share/classes/com/sun/crypto/provider/ConstructKeys.java
View File

@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import jdk.internal.access.SharedSecrets;
import java.security.Key;
import java.security.PublicKey;
import java.security.PrivateKey;
@ -48,24 +50,18 @@ import javax.crypto.spec.SecretKeySpec;
*/
final class ConstructKeys {
/**
* Construct a public key from its encoding.
*
* @param encodedKey the encoding of a public key.
*
* @param encodedKeyAlgorithm the algorithm the encodedKey is for.
*
* @return a public key constructed from the encodedKey.
*/
private static final PublicKey constructPublicKey(byte[] encodedKey,
String encodedKeyAlgorithm)
int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException {
PublicKey key = null;
byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another
@ -73,8 +69,6 @@ final class ConstructKeys {
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm);
X509EncodedKeySpec keySpec =
new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " +
@ -97,25 +91,17 @@ final class ConstructKeys {
return key;
}
/**
* Construct a private key from its encoding.
*
* @param encodedKey the encoding of a private key.
*
* @param encodedKeyAlgorithm the algorithm the wrapped key is for.
*
* @return a private key constructed from the encodedKey.
*/
private static final PrivateKey constructPrivateKey(byte[] encodedKey,
String encodedKeyAlgorithm)
int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException {
PrivateKey key = null;
byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
return keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another
@ -123,8 +109,6 @@ final class ConstructKeys {
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm);
PKCS8EncodedKeySpec keySpec =
new PKCS8EncodedKeySpec(encodedKey);
key = keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " +
@ -142,20 +126,16 @@ final class ConstructKeys {
new InvalidKeyException("Cannot construct private key");
ike.initCause(ikse);
throw ike;
} finally {
SharedSecrets.getJavaSecuritySpecAccess().clearEncodedKeySpec(keySpec);
if (keyBytes != encodedKey) {
Arrays.fill(keyBytes, (byte)0);
}
}
return key;
}
/**
* Construct a secret key from its encoding.
*
* @param encodedKey the encoding of a secret key.
*
* @param encodedKeyAlgorithm the algorithm the secret key is for.
*
* @return a secret key constructed from the encodedKey.
*/
private static final SecretKey constructSecretKey(byte[] encodedKey,
int ofs, int len, String encodedKeyAlgorithm) {
return (new SecretKeySpec(encodedKey, ofs, len, encodedKeyAlgorithm));
@ -170,35 +150,14 @@ final class ConstructKeys {
static final Key constructKey(byte[] encoding, int ofs, int len,
String keyAlgorithm, int keyType)
throws InvalidKeyException, NoSuchAlgorithmException {
switch (keyType) {
case Cipher.SECRET_KEY:
try {
return ConstructKeys.constructSecretKey(encoding, ofs, len,
keyAlgorithm);
} finally {
Arrays.fill(encoding, ofs, len, (byte)0);
}
case Cipher.PRIVATE_KEY:
byte[] encoding2 = encoding;
try {
if (ofs != 0 || len != encoding.length) {
encoding2 = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPrivateKey(encoding2,
keyAlgorithm);
} finally {
Arrays.fill(encoding, ofs, len, (byte)0);
if (encoding2 != encoding) {
Arrays.fill(encoding2, (byte)0);
}
}
case Cipher.PUBLIC_KEY:
if (ofs != 0 || len != encoding.length) {
encoding = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPublicKey(encoding, keyAlgorithm);
default:
throw new NoSuchAlgorithmException("Unsupported key type");
}
return switch (keyType) {
case Cipher.SECRET_KEY -> ConstructKeys.constructSecretKey(
encoding, ofs, len, keyAlgorithm);
case Cipher.PRIVATE_KEY -> ConstructKeys.constructPrivateKey(
encoding, ofs, len, keyAlgorithm);
case Cipher.PUBLIC_KEY -> ConstructKeys.constructPublicKey(
encoding, ofs, len, keyAlgorithm);
default -> throw new NoSuchAlgorithmException("Unsupported key type");
};
}
}

8
src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
View File

@ -163,7 +163,13 @@ abstract class GaloisCounterMode extends CipherSpi {
reInit = false;
// always encrypt mode for embedded cipher
blockCipher.init(false, key.getAlgorithm(), keyValue);
try {
blockCipher.init(false, key.getAlgorithm(), keyValue);
} finally {
if (!encryption) {
Arrays.fill(keyValue, (byte) 0);
}
}
}
@Override

1
src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java
View File

@ -124,6 +124,7 @@ class KWUtil {
}
}
System.arraycopy(buffer, 0, icvOut, 0, SEMI_BLKSIZE);
Arrays.fill(buffer, (byte)0);
return inLen - SEMI_BLKSIZE;
}
}

19
src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
View File

@ -472,7 +472,11 @@ abstract class KeyWrapCipher extends CipherSpi {
int outLen = engineDoFinal(in, inOfs, inLen, out, 0);
if (outLen < estOutLen) {
return Arrays.copyOf(out, outLen);
try {
return Arrays.copyOf(out, outLen);
} finally {
Arrays.fill(out, (byte)0);
}
} else {
return out;
}
@ -529,6 +533,9 @@ abstract class KeyWrapCipher extends CipherSpi {
return outLen;
}
} finally {
if (dataBuf != null) {
Arrays.fill(dataBuf, (byte)0);
}
dataBuf = null;
dataIdx = 0;
}
@ -559,8 +566,14 @@ abstract class KeyWrapCipher extends CipherSpi {
len += inLen;
}
return (opmode == Cipher.ENCRYPT_MODE?
helperEncrypt(out, len) : helperDecrypt(out, len));
try {
return (opmode == Cipher.ENCRYPT_MODE ?
helperEncrypt(out, len) : helperDecrypt(out, len));
} finally {
if (dataBuf != null && dataBuf != out) {
Arrays.fill(dataBuf, (byte)0);
}
}
}
// helper routine for in-place encryption.