stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8268525: Some new memory leak after JDK-8248268 and JDK-8255557

Browse Source 
Reviewed-by: valeriep, ascarpino
This commit is contained in:
Weijun Wang 2021-06-10 22:18:38 +00:00
parent 53b6e2c85c
commit 7b2e7d8bab
5 changed files with 91 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java
View File

@ -435,6 +435,7 @@ final class CipherCore {
byte[] keyBytes = getKeyBytes(key); byte[] keyBytes = getKeyBytes(key);
byte[] ivBytes = null; byte[] ivBytes = null;
try {
if (params != null) { if (params != null) {
if (params instanceof IvParameterSpec) { if (params instanceof IvParameterSpec) {
ivBytes = ((IvParameterSpec) params).getIV(); ivBytes = ((IvParameterSpec) params).getIV();
@ -479,6 +480,9 @@ final class CipherCore {
String algorithm = key.getAlgorithm(); String algorithm = key.getAlgorithm();
cipher.init(decrypting, algorithm, keyBytes, ivBytes); cipher.init(decrypting, algorithm, keyBytes, ivBytes);
} finally {
Arrays.fill(keyBytes, (byte)0);
}
} }
void init(int opmode, Key key, AlgorithmParameters params, void init(int opmode, Key key, AlgorithmParameters params,

91
src/java.base/share/classes/com/sun/crypto/provider/ConstructKeys.java
View File

@ -25,6 +25,8 @@
package com.sun.crypto.provider; package com.sun.crypto.provider;
import jdk.internal.access.SharedSecrets;
import java.security.Key; import java.security.Key;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.PrivateKey; import java.security.PrivateKey;
@ -48,24 +50,18 @@ import javax.crypto.spec.SecretKeySpec;
*/ */
final class ConstructKeys { final class ConstructKeys {
/**
* Construct a public key from its encoding.
*
* @param encodedKey the encoding of a public key.
*
* @param encodedKeyAlgorithm the algorithm the encodedKey is for.
*
* @return a public key constructed from the encodedKey.
*/
private static final PublicKey constructPublicKey(byte[] encodedKey, private static final PublicKey constructPublicKey(byte[] encodedKey,
String encodedKeyAlgorithm) int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException { throws InvalidKeyException, NoSuchAlgorithmException {
PublicKey key = null; PublicKey key = null;
byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
try { try {
KeyFactory keyFactory = KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm, KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance()); SunJCE.getInstance());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec); key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae) { } catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another // Try to see whether there is another
@ -73,8 +69,6 @@ final class ConstructKeys {
try { try {
KeyFactory keyFactory = KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm); KeyFactory.getInstance(encodedKeyAlgorithm);
X509EncodedKeySpec keySpec =
new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec); key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae2) { } catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " + throw new NoSuchAlgorithmException("No installed providers " +
@ -97,25 +91,17 @@ final class ConstructKeys {
return key; return key;
} }
/**
* Construct a private key from its encoding.
*
* @param encodedKey the encoding of a private key.
*
* @param encodedKeyAlgorithm the algorithm the wrapped key is for.
*
* @return a private key constructed from the encodedKey.
*/
private static final PrivateKey constructPrivateKey(byte[] encodedKey, private static final PrivateKey constructPrivateKey(byte[] encodedKey,
String encodedKeyAlgorithm) int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException { throws InvalidKeyException, NoSuchAlgorithmException {
PrivateKey key = null; PrivateKey key = null;
byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
try { try {
KeyFactory keyFactory = KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm, KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance()); SunJCE.getInstance());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
return keyFactory.generatePrivate(keySpec); return keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae) { } catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another // Try to see whether there is another
@ -123,8 +109,6 @@ final class ConstructKeys {
try { try {
KeyFactory keyFactory = KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm); KeyFactory.getInstance(encodedKeyAlgorithm);
PKCS8EncodedKeySpec keySpec =
new PKCS8EncodedKeySpec(encodedKey);
key = keyFactory.generatePrivate(keySpec); key = keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae2) { } catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " + throw new NoSuchAlgorithmException("No installed providers " +
@ -142,20 +126,16 @@ final class ConstructKeys {
new InvalidKeyException("Cannot construct private key"); new InvalidKeyException("Cannot construct private key");
ike.initCause(ikse); ike.initCause(ikse);
throw ike; throw ike;
} finally {
SharedSecrets.getJavaSecuritySpecAccess().clearEncodedKeySpec(keySpec);
if (keyBytes != encodedKey) {
Arrays.fill(keyBytes, (byte)0);
}
} }
return key; return key;
} }
/**
* Construct a secret key from its encoding.
*
* @param encodedKey the encoding of a secret key.
*
* @param encodedKeyAlgorithm the algorithm the secret key is for.
*
* @return a secret key constructed from the encodedKey.
*/
private static final SecretKey constructSecretKey(byte[] encodedKey, private static final SecretKey constructSecretKey(byte[] encodedKey,
int ofs, int len, String encodedKeyAlgorithm) { int ofs, int len, String encodedKeyAlgorithm) {
return (new SecretKeySpec(encodedKey, ofs, len, encodedKeyAlgorithm)); return (new SecretKeySpec(encodedKey, ofs, len, encodedKeyAlgorithm));
@ -170,35 +150,14 @@ final class ConstructKeys {
static final Key constructKey(byte[] encoding, int ofs, int len, static final Key constructKey(byte[] encoding, int ofs, int len,
String keyAlgorithm, int keyType) String keyAlgorithm, int keyType)
throws InvalidKeyException, NoSuchAlgorithmException { throws InvalidKeyException, NoSuchAlgorithmException {
switch (keyType) { return switch (keyType) {
case Cipher.SECRET_KEY: case Cipher.SECRET_KEY -> ConstructKeys.constructSecretKey(
try { encoding, ofs, len, keyAlgorithm);
return ConstructKeys.constructSecretKey(encoding, ofs, len, case Cipher.PRIVATE_KEY -> ConstructKeys.constructPrivateKey(
keyAlgorithm); encoding, ofs, len, keyAlgorithm);
} finally { case Cipher.PUBLIC_KEY -> ConstructKeys.constructPublicKey(
Arrays.fill(encoding, ofs, len, (byte)0); encoding, ofs, len, keyAlgorithm);
} default -> throw new NoSuchAlgorithmException("Unsupported key type");
case Cipher.PRIVATE_KEY: };
byte[] encoding2 = encoding;
try {
if (ofs != 0 || len != encoding.length) {
encoding2 = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPrivateKey(encoding2,
keyAlgorithm);
} finally {
Arrays.fill(encoding, ofs, len, (byte)0);
if (encoding2 != encoding) {
Arrays.fill(encoding2, (byte)0);
}
}
case Cipher.PUBLIC_KEY:
if (ofs != 0 || len != encoding.length) {
encoding = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPublicKey(encoding, keyAlgorithm);
default:
throw new NoSuchAlgorithmException("Unsupported key type");
}
} }
} }

6
src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
View File

@ -163,7 +163,13 @@ abstract class GaloisCounterMode extends CipherSpi {
reInit = false; reInit = false;
// always encrypt mode for embedded cipher // always encrypt mode for embedded cipher
try {
blockCipher.init(false, key.getAlgorithm(), keyValue); blockCipher.init(false, key.getAlgorithm(), keyValue);
} finally {
if (!encryption) {
Arrays.fill(keyValue, (byte) 0);
}
}
} }
@Override @Override

1
src/java.base/share/classes/com/sun/crypto/provider/KWUtil.java
View File

@ -124,6 +124,7 @@ class KWUtil {
} }
} }
System.arraycopy(buffer, 0, icvOut, 0, SEMI_BLKSIZE); System.arraycopy(buffer, 0, icvOut, 0, SEMI_BLKSIZE);
Arrays.fill(buffer, (byte)0);
return inLen - SEMI_BLKSIZE; return inLen - SEMI_BLKSIZE;
} }
} }

13
src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
View File

@ -472,7 +472,11 @@ abstract class KeyWrapCipher extends CipherSpi {
int outLen = engineDoFinal(in, inOfs, inLen, out, 0); int outLen = engineDoFinal(in, inOfs, inLen, out, 0);
if (outLen < estOutLen) { if (outLen < estOutLen) {
try {
return Arrays.copyOf(out, outLen); return Arrays.copyOf(out, outLen);
} finally {
Arrays.fill(out, (byte)0);
}
} else { } else {
return out; return out;
} }
@ -529,6 +533,9 @@ abstract class KeyWrapCipher extends CipherSpi {
return outLen; return outLen;
} }
} finally { } finally {
if (dataBuf != null) {
Arrays.fill(dataBuf, (byte)0);
}
dataBuf = null; dataBuf = null;
dataIdx = 0; dataIdx = 0;
} }
@ -559,8 +566,14 @@ abstract class KeyWrapCipher extends CipherSpi {
len += inLen; len += inLen;
} }
try {
return (opmode == Cipher.ENCRYPT_MODE ? return (opmode == Cipher.ENCRYPT_MODE ?
helperEncrypt(out, len) : helperDecrypt(out, len)); helperEncrypt(out, len) : helperDecrypt(out, len));
} finally {
if (dataBuf != null && dataBuf != out) {
Arrays.fill(dataBuf, (byte)0);
}
}
} }
// helper routine for in-place encryption. // helper routine for in-place encryption.