Skip to content

Commit

Permalink
8311902: Concurrency regression in the PBKDF2 key impl of SunJCE prov…
Browse files Browse the repository at this point in the history
…ider

Reviewed-by: ascarpino, xuelei, mullan
  • Loading branch information
Valerie Peng committed Jul 18, 2023
1 parent 5c4623b commit 28c4d19
Showing 1 changed file with 52 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
package com.sun.crypto.provider;

import java.io.ObjectStreamException;
import java.lang.ref.Reference;
import java.lang.ref.Cleaner;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
Expand Down Expand Up @@ -205,7 +206,12 @@ public boolean equals(Object obj) {
}

public byte[] getEncoded() {
return key.clone();
try {
return key.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

public String getAlgorithm() {
Expand All @@ -221,7 +227,12 @@ public void clear() {
}

public char[] getPassword() {
return passwd.clone();
try {
return passwd.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

public byte[] getSalt() {
Expand All @@ -237,30 +248,45 @@ public String getFormat() {
* Objects that are equal will also have the same hashcode.
*/
public int hashCode() {
int retval = 0;
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
try {
int retval = 0;
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return (retval ^= getAlgorithm().toLowerCase
(Locale.ENGLISH).hashCode());
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
}

public boolean equals(Object obj) {
if (obj == this)
return true;
try {
if (obj == this) {
return true;
}

if (!(obj instanceof SecretKey))
return false;
if (!(obj instanceof SecretKey)) {
return false;
}

SecretKey that = (SecretKey) obj;
SecretKey that = (SecretKey) obj;

if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm())))
return false;
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(key, thatEncoded);
Arrays.fill(thatEncoded, (byte)0x00);
return ret;
if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm()))) {
return false;
}
if (!(that.getFormat().equalsIgnoreCase("RAW"))) {
return false;
}
byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(key, thatEncoded);
Arrays.fill(thatEncoded, (byte)0x00);
return ret;
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

/**
Expand All @@ -273,7 +299,12 @@ public boolean equals(Object obj) {
*/
@java.io.Serial
private Object writeReplace() throws ObjectStreamException {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), key);
try {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), key);
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}
}

3 comments on commit 28c4d19

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@valeriepeng
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk21

@openjdk
Copy link

@openjdk openjdk bot commented on 28c4d19 Jul 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@valeriepeng the backport was successfully created on the branch valeriepeng-backport-28c4d196 in my personal fork of openjdk/jdk21. To create a pull request with this backport targeting openjdk/jdk21:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 28c4d196 from the openjdk/jdk repository.

The commit being backported was authored by Valerie Peng on 18 Jul 2023 and was reviewed by Anthony Scarpino, Xue-Lei Andrew Fan and Sean Mullan.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk21:

$ git fetch https://github.com/openjdk-bots/jdk21.git valeriepeng-backport-28c4d196:valeriepeng-backport-28c4d196
$ git checkout valeriepeng-backport-28c4d196
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk21.git valeriepeng-backport-28c4d196

Please sign in to comment.