Skip to content
This repository has been archived by the owner on Sep 19, 2023. It is now read-only.
/ jdk21 Public archive

Commit

Permalink
8311902: Concurrency regression in the PBKDF2 key impl of SunJCE prov…
Browse files Browse the repository at this point in the history
…ider

Reviewed-by: mullan, ascarpino, xuelei
Backport-of: 28c4d196cff8576b69cf115cda538ab1dad978d2
  • Loading branch information
Valerie Peng committed Jul 20, 2023
1 parent fde53fc commit 6786fa4
Showing 1 changed file with 52 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
package com.sun.crypto.provider;

import java.io.ObjectStreamException;
import java.lang.ref.Reference;
import java.lang.ref.Cleaner;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
Expand Down Expand Up @@ -205,7 +206,12 @@ public boolean equals(Object obj) {
}

public byte[] getEncoded() {
return key.clone();
try {
return key.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

public String getAlgorithm() {
Expand All @@ -221,7 +227,12 @@ public void clear() {
}

public char[] getPassword() {
return passwd.clone();
try {
return passwd.clone();
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

public byte[] getSalt() {
Expand All @@ -237,30 +248,45 @@ public String getFormat() {
* Objects that are equal will also have the same hashcode.
*/
public int hashCode() {
int retval = 0;
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
try {
int retval = 0;
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return (retval ^= getAlgorithm().toLowerCase
(Locale.ENGLISH).hashCode());
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
}

public boolean equals(Object obj) {
if (obj == this)
return true;
try {
if (obj == this) {
return true;
}

if (!(obj instanceof SecretKey))
return false;
if (!(obj instanceof SecretKey)) {
return false;
}

SecretKey that = (SecretKey) obj;
SecretKey that = (SecretKey) obj;

if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm())))
return false;
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(key, thatEncoded);
Arrays.fill(thatEncoded, (byte)0x00);
return ret;
if (!(that.getAlgorithm().equalsIgnoreCase(getAlgorithm()))) {
return false;
}
if (!(that.getFormat().equalsIgnoreCase("RAW"))) {
return false;
}
byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(key, thatEncoded);
Arrays.fill(thatEncoded, (byte)0x00);
return ret;
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}

/**
Expand All @@ -273,7 +299,12 @@ public boolean equals(Object obj) {
*/
@java.io.Serial
private Object writeReplace() throws ObjectStreamException {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), key);
try {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), key);
} finally {
// prevent this from being cleaned for the above block
Reference.reachabilityFence(this);
}
}
}

1 comment on commit 6786fa4

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.