archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider

Browse source 
Reviewed-by: ascarpino, xuelei, mullan
This commit is contained in:
Valerie Peng 2023-07-18 21:35:41 +00:00
parent 5c4623b360
commit 28c4d196cf
1 changed files with 52 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

73
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View file

@ -26,6 +26,7 @@
package com.sun.crypto.provider; package com.sun.crypto.provider;
import java.io.ObjectStreamException; import java.io.ObjectStreamException;
import java.lang.ref.Reference;
import java.lang.ref.Cleaner; import java.lang.ref.Cleaner;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.CharBuffer; import java.nio.CharBuffer;
@ -205,7 +206,12 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
} }
public byte[] getEncoded() { public byte[] getEncoded() {
return key.clone(); try {
return key.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
} }
public String getAlgorithm() { public String getAlgorithm() {
@ -221,7 +227,12 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
} }
public char[] getPassword() { public char[] getPassword() {
return passwd.clone(); try {
return passwd.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
} }
public byte[] getSalt() { public byte[] getSalt() {
@ -237,30 +248,45 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
* Objects that are equal will also have the same hashcode. * Objects that are equal will also have the same hashcode.
*/ */
public int hashCode() { public int hashCode() {
int retval = 0; try {
for (int i = 1; i < this.key.length; i++) { int retval = 0;
retval += this.key[i] * i; for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return (retval ^= getAlgorithm().toLowerCase
(Locale.ENGLISH).hashCode());
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
} }
return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
} }
public boolean equals(Object obj) { public boolean equals(Object obj) {
if (obj == this) try {
return true; if (obj == this) {
return true;
}
if (!(obj instanceof SecretKey)) if (!(obj instanceof SecretKey)) {
return false; return false;
}
SecretKey that = (SecretKey) obj; SecretKey that = (SecretKey) obj;
if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm()))) if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm()))) {
return false; return false;
if (!(that.getFormat().equalsIgnoreCase("RAW"))) }
return false; if (!(that.getFormat().equalsIgnoreCase("RAW"))) {
byte[] thatEncoded = that.getEncoded(); return false;
boolean ret = MessageDigest.isEqual(key, thatEncoded); }
Arrays.fill(thatEncoded, (byte)0x00); byte[] thatEncoded = that.getEncoded();
return ret; boolean ret = MessageDigest.isEqual(key, thatEncoded);
Arrays.fill(thatEncoded, (byte)0x00);
return ret;
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
} }
/** /**
@ -273,7 +299,12 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
*/ */
@java.io.Serial @java.io.Serial
private Object writeReplace() throws ObjectStreamException { private Object writeReplace() throws ObjectStreamException {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), try {
getFormat(), key); return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), key);
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
} }
} }