8233884: Avoid looking up standard charsets in security libraries

Reviewed-by: coffeys
2025-08-26 14:24:46 +02:00 · 2019-11-12 01:36:17 -08:00 · 2019-11-12 01:36:17 -08:00 · 8e859259bc
commit 8e859259bc
parent 301e068935
48 changed files with 317 additions and 391 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java
@ -45,6 +45,8 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateException;
 import javax.crypto.SealedObject;

+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
 * This class provides the keystore implementation referred to as "jceks".
 * This implementation strongly protects the keystore private keys using
@ -909,7 +911,8 @@ public final class JceKeyStore extends KeyStoreSpi {
     * hash with a bit of whitener.
     */
    private MessageDigest getPreKeyedHash(char[] password)
-    throws NoSuchAlgorithmException, UnsupportedEncodingException {
+        throws NoSuchAlgorithmException
+    {
        int i, j;

        MessageDigest md = MessageDigest.getInstance("SHA");
@ -921,7 +924,7 @@ public final class JceKeyStore extends KeyStoreSpi {
        md.update(passwdBytes);
        for (i=0; i<passwdBytes.length; i++)
            passwdBytes[i] = 0;
-        md.update("Mighty Aphrodite".getBytes("UTF8"));
+        md.update("Mighty Aphrodite".getBytes(UTF_8));
        return md;
    }

--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,6 @@

 package com.sun.crypto.provider;

-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,7 +25,6 @@

 package com.sun.crypto.provider;

-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
@ -29,7 +29,6 @@ import java.io.ObjectStreamException;
 import java.lang.ref.Reference;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
-import java.nio.charset.Charset;
 import java.util.Arrays;
 import java.util.Locale;
 import java.security.MessageDigest;
@ -41,6 +40,8 @@ import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.PBEKeySpec;

+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import jdk.internal.ref.CleanerFactory;

 /**
@ -66,9 +67,8 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
    private Mac prf;

    private static byte[] getPasswordBytes(char[] passwd) {
-        Charset utf8 = Charset.forName("UTF-8");
        CharBuffer cb = CharBuffer.wrap(passwd);
-        ByteBuffer bb = utf8.encode(cb);
+        ByteBuffer bb = UTF_8.encode(cb);

        int len = bb.limit();
        byte[] passwdBytes = new byte[len];
--- a/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,8 @@ import java.util.Arrays;
 import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;

+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import javax.crypto.*;
 import javax.crypto.spec.SecretKeySpec;

@ -153,7 +155,7 @@ abstract class TlsPrfGenerator extends KeyGeneratorSpi {
        SecretKey key = spec.getSecret();
        byte[] secret = (key == null) ? null : key.getEncoded();
        try {
-            byte[] labelBytes = spec.getLabel().getBytes("UTF8");
+            byte[] labelBytes = spec.getLabel().getBytes(UTF_8);
            int n = spec.getOutputLength();
            byte[] prfBytes = (tls12 ?
                doTLS12PRF(secret, labelBytes, spec.getSeed(), n,
@ -163,8 +165,6 @@ abstract class TlsPrfGenerator extends KeyGeneratorSpi {
            return new SecretKeySpec(prfBytes, "TlsPrf");
        } catch (GeneralSecurityException e) {
            throw new ProviderException("Could not generate PRF", e);
-        } catch (java.io.UnsupportedEncodingException e) {
-            throw new ProviderException("Could not generate PRF", e);
        }
    }