archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8258915: Temporary buffer cleanup

Browse source 
Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2021-04-22 18:11:43 +00:00
parent 31d8a19e47
commit f834557ae0
79 changed files with 1517 additions and 1039 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/java.base/share/classes/javax/crypto/SealedObject.java
View file

@ -34,6 +34,7 @@ import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
/**
* This class enables a programmer to create an object and protect its
@ -171,10 +172,11 @@ public class SealedObject implements Serializable {
*/
try {
this.encryptedContent = c.doFinal(content);
}
catch (BadPaddingException ex) {
} catch (BadPaddingException ex) {
// if sealing is encryption only
// Should never happen??
} finally {
Arrays.fill(content, (byte)0);
}
// Save the parameters

30
src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,12 @@
package javax.crypto.spec;
import jdk.internal.access.JavaxCryptoSpecAccess;
import jdk.internal.access.SharedSecrets;
import java.security.MessageDigest;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.SecretKey;
@ -66,6 +70,16 @@ public class SecretKeySpec implements KeySpec, SecretKey {
*/
private String algorithm;
static {
SharedSecrets.setJavaxCryptoSpecAccess(
new JavaxCryptoSpecAccess() {
@Override
public void clearSecretKeySpec(SecretKeySpec keySpec) {
keySpec.clear();
}
});
}
/**
* Constructs a secret key from the given byte array.
*
@ -227,7 +241,19 @@ public class SecretKeySpec implements KeySpec, SecretKey {
}
byte[] thatKey = ((SecretKey)obj).getEncoded();
try {
return MessageDigest.isEqual(this.key, thatKey);
} finally {
if (thatKey != null) {
Arrays.fill(thatKey, (byte)0);
}
}
}
return MessageDigest.isEqual(this.key, thatKey);
/**
* Clear the key bytes inside.
*/
void clear() {
Arrays.fill(key, (byte)0);
}
}