Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
8268525: Some new memory leak after JDK-8248268 and JDK-8255557
Reviewed-by: valeriep, ascarpino
  • Loading branch information
wangweij committed Jun 10, 2021
1 parent 53b6e2c commit 7b2e7d8bab890bd655093976cc9c3b0b6d00c034
@@ -435,50 +435,54 @@ void init(int opmode, Key key, AlgorithmParameterSpec params,

byte[] keyBytes = getKeyBytes(key);
byte[] ivBytes = null;
if (params != null) {
if (params instanceof IvParameterSpec) {
ivBytes = ((IvParameterSpec) params).getIV();
if ((ivBytes == null) || (ivBytes.length != blockSize)) {
try {
if (params != null) {
if (params instanceof IvParameterSpec) {
ivBytes = ((IvParameterSpec) params).getIV();
if ((ivBytes == null) || (ivBytes.length != blockSize)) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
}
} else if (params instanceof RC2ParameterSpec) {
ivBytes = ((RC2ParameterSpec) params).getIV();
if ((ivBytes != null) && (ivBytes.length != blockSize)) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
}
} else {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
("Unsupported parameter: " + params);
}
} else if (params instanceof RC2ParameterSpec) {
ivBytes = ((RC2ParameterSpec) params).getIV();
if ((ivBytes != null) && (ivBytes.length != blockSize)) {
}
if (cipherMode == ECB_MODE) {
if (ivBytes != null) {
throw new InvalidAlgorithmParameterException
("Wrong IV length: must be " + blockSize +
" bytes long");
("ECB mode cannot use IV");
}
} else if (ivBytes == null) {
if (decrypting) {
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}
} else {
throw new InvalidAlgorithmParameterException
("Unsupported parameter: " + params);
}
}
if (cipherMode == ECB_MODE) {
if (ivBytes != null) {
throw new InvalidAlgorithmParameterException
("ECB mode cannot use IV");
}
} else if (ivBytes == null) {
if (decrypting) {
throw new InvalidAlgorithmParameterException("Parameters "
+ "missing");
}

if (random == null) {
random = SunJCE.getRandom();
}
if (random == null) {
random = SunJCE.getRandom();
}

ivBytes = new byte[blockSize];
random.nextBytes(ivBytes);
}
ivBytes = new byte[blockSize];
random.nextBytes(ivBytes);
}

buffered = 0;
diffBlocksize = blockSize;
buffered = 0;
diffBlocksize = blockSize;

String algorithm = key.getAlgorithm();
cipher.init(decrypting, algorithm, keyBytes, ivBytes);
String algorithm = key.getAlgorithm();
cipher.init(decrypting, algorithm, keyBytes, ivBytes);
} finally {
Arrays.fill(keyBytes, (byte)0);
}
}

void init(int opmode, Key key, AlgorithmParameters params,
@@ -25,6 +25,8 @@

package com.sun.crypto.provider;

import jdk.internal.access.SharedSecrets;

import java.security.Key;
import java.security.PublicKey;
import java.security.PrivateKey;
@@ -48,33 +50,25 @@
*/

final class ConstructKeys {
/**
* Construct a public key from its encoding.
*
* @param encodedKey the encoding of a public key.
*
* @param encodedKeyAlgorithm the algorithm the encodedKey is for.
*
* @return a public key constructed from the encodedKey.
*/

private static final PublicKey constructPublicKey(byte[] encodedKey,
String encodedKeyAlgorithm)
int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException {
PublicKey key = null;
byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another
// provider which supports this algorithm
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm);
X509EncodedKeySpec keySpec =
new X509EncodedKeySpec(encodedKey);
key = keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " +
@@ -97,34 +91,24 @@ private static final PublicKey constructPublicKey(byte[] encodedKey,
return key;
}

/**
* Construct a private key from its encoding.
*
* @param encodedKey the encoding of a private key.
*
* @param encodedKeyAlgorithm the algorithm the wrapped key is for.
*
* @return a private key constructed from the encodedKey.
*/
private static final PrivateKey constructPrivateKey(byte[] encodedKey,
String encodedKeyAlgorithm)
int ofs, int len, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException {
PrivateKey key = null;

byte[] keyBytes = (ofs == 0 && encodedKey.length == len)
? encodedKey : Arrays.copyOfRange(encodedKey, ofs, ofs + len);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm,
SunJCE.getInstance());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
return keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae) {
// Try to see whether there is another
// provider which supports this algorithm
try {
KeyFactory keyFactory =
KeyFactory.getInstance(encodedKeyAlgorithm);
PKCS8EncodedKeySpec keySpec =
new PKCS8EncodedKeySpec(encodedKey);
key = keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae2) {
throw new NoSuchAlgorithmException("No installed providers " +
@@ -142,20 +126,16 @@ private static final PrivateKey constructPrivateKey(byte[] encodedKey,
new InvalidKeyException("Cannot construct private key");
ike.initCause(ikse);
throw ike;
} finally {
SharedSecrets.getJavaSecuritySpecAccess().clearEncodedKeySpec(keySpec);
if (keyBytes != encodedKey) {
Arrays.fill(keyBytes, (byte)0);
}
}

return key;
}

/**
* Construct a secret key from its encoding.
*
* @param encodedKey the encoding of a secret key.
*
* @param encodedKeyAlgorithm the algorithm the secret key is for.
*
* @return a secret key constructed from the encodedKey.
*/
private static final SecretKey constructSecretKey(byte[] encodedKey,
int ofs, int len, String encodedKeyAlgorithm) {
return (new SecretKeySpec(encodedKey, ofs, len, encodedKeyAlgorithm));
@@ -170,35 +150,14 @@ static final Key constructKey(byte[] encoding, String keyAlgorithm,
static final Key constructKey(byte[] encoding, int ofs, int len,
String keyAlgorithm, int keyType)
throws InvalidKeyException, NoSuchAlgorithmException {
switch (keyType) {
case Cipher.SECRET_KEY:
try {
return ConstructKeys.constructSecretKey(encoding, ofs, len,
keyAlgorithm);
} finally {
Arrays.fill(encoding, ofs, len, (byte)0);
}
case Cipher.PRIVATE_KEY:
byte[] encoding2 = encoding;
try {
if (ofs != 0 || len != encoding.length) {
encoding2 = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPrivateKey(encoding2,
keyAlgorithm);
} finally {
Arrays.fill(encoding, ofs, len, (byte)0);
if (encoding2 != encoding) {
Arrays.fill(encoding2, (byte)0);
}
}
case Cipher.PUBLIC_KEY:
if (ofs != 0 || len != encoding.length) {
encoding = Arrays.copyOfRange(encoding, ofs, ofs + len);
}
return ConstructKeys.constructPublicKey(encoding, keyAlgorithm);
default:
throw new NoSuchAlgorithmException("Unsupported key type");
}
return switch (keyType) {
case Cipher.SECRET_KEY -> ConstructKeys.constructSecretKey(
encoding, ofs, len, keyAlgorithm);
case Cipher.PRIVATE_KEY -> ConstructKeys.constructPrivateKey(
encoding, ofs, len, keyAlgorithm);
case Cipher.PUBLIC_KEY -> ConstructKeys.constructPublicKey(
encoding, ofs, len, keyAlgorithm);
default -> throw new NoSuchAlgorithmException("Unsupported key type");
};
}
}
@@ -163,7 +163,13 @@ void init(int opmode, Key key, GCMParameterSpec spec)
reInit = false;
// always encrypt mode for embedded cipher
blockCipher.init(false, key.getAlgorithm(), keyValue);
try {
blockCipher.init(false, key.getAlgorithm(), keyValue);
} finally {
if (!encryption) {
Arrays.fill(keyValue, (byte) 0);
}
}
}
@Override
@@ -124,6 +124,7 @@ static final int W_INV(byte[] in, int inLen, byte[] icvOut,
}
}
System.arraycopy(buffer, 0, icvOut, 0, SEMI_BLKSIZE);
Arrays.fill(buffer, (byte)0);
return inLen - SEMI_BLKSIZE;
}
}
@@ -472,7 +472,11 @@ private void implUpdate(byte[] in, int inOfs, int inLen) {
int outLen = engineDoFinal(in, inOfs, inLen, out, 0);

if (outLen < estOutLen) {
return Arrays.copyOf(out, outLen);
try {
return Arrays.copyOf(out, outLen);
} finally {
Arrays.fill(out, (byte)0);
}
} else {
return out;
}
@@ -529,6 +533,9 @@ protected int engineDoFinal(byte[] in, int inOfs, int inLen,
return outLen;
}
} finally {
if (dataBuf != null) {
Arrays.fill(dataBuf, (byte)0);
}
dataBuf = null;
dataIdx = 0;
}
@@ -559,8 +566,14 @@ private int implDoFinal(byte[] in, int inOfs, int inLen, byte[] out)
len += inLen;
}

return (opmode == Cipher.ENCRYPT_MODE?
helperEncrypt(out, len) : helperDecrypt(out, len));
try {
return (opmode == Cipher.ENCRYPT_MODE ?
helperEncrypt(out, len) : helperDecrypt(out, len));
} finally {
if (dataBuf != null && dataBuf != out) {
Arrays.fill(dataBuf, (byte)0);
}
}
}

// helper routine for in-place encryption.

1 comment on commit 7b2e7d8

@openjdk-notifier

This comment has been minimized.

Copy link

@openjdk-notifier openjdk-notifier bot commented on 7b2e7d8 Jun 10, 2021

Please sign in to comment.