8258915: More temporary buffer cleanup

8258915: More temporary buffer cleanup

Author: wangweij

src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,7 @@
 import java.security.ProviderException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
 
 /**
  * This class implements the AES algorithm in its various modes
@@ -163,9 +164,12 @@ static final void checkKeySize(Key key, int fixedKeySize)
             byte[] value = key.getEncoded();
             if (value == null) {
                 throw new InvalidKeyException("Key encoding must not be null");
-            } else if (value.length != fixedKeySize) {
-                throw new InvalidKeyException("The key must be " +
-                    fixedKeySize + " bytes");
+            } else {
+                Arrays.fill(value, (byte)0);
+                if (value.length != fixedKeySize) {
+                    throw new InvalidKeyException("The key must be " +
+                            fixedKeySize + " bytes");
+                }
             }
         }
     }
@@ -515,6 +519,7 @@ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
      */
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
         byte[] encoded = key.getEncoded();
+        Arrays.fill(encoded, (byte)0);
         if (!AESCrypt.isKeySizeValid(encoded.length)) {
             throw new InvalidKeyException("Invalid AES key length: " +
                                           encoded.length + " bytes");

src/java.base/share/classes/com/sun/crypto/provider/AESCrypt.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -94,6 +94,9 @@ void init(boolean decrypting, String algorithm, byte[] key)
         if (!MessageDigest.isEqual(key, lastKey)) {
             // re-generate session key 'sessionK' when cipher key changes
             makeSessionKey(key);
+            if (lastKey != null) {
+                Arrays.fill(lastKey, (byte)0);
+            }
             lastKey = key.clone();  // save cipher key
         }
 

src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -198,7 +198,12 @@ protected void engineInit(int opmode, Key key, SecureRandom random)
                 "only be used for key wrapping and unwrapping");
         }
         AESCipher.checkKeySize(key, fixedKeySize);
-        cipher.init(decrypting, key.getAlgorithm(), key.getEncoded());
+        byte[] encoded = key.getEncoded();
+        try {
+            cipher.init(decrypting, key.getAlgorithm(), encoded);
+        } finally {
+            Arrays.fill(encoded, (byte)0);
+        }
     }
 
     /**
@@ -374,6 +379,7 @@ protected AlgorithmParameters engineGetParameters() {
      */
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
         byte[] encoded = key.getEncoded();
+        Arrays.fill(encoded, (byte)0);
         if (!AESCrypt.isKeySizeValid(encoded.length)) {
             throw new InvalidKeyException("Invalid key length: " +
                                           encoded.length + " bytes");
@@ -404,38 +410,42 @@ protected byte[] engineWrap(Key key)
             throw new InvalidKeyException("Cannot get an encoding of " +
                                           "the key to be wrapped");
         }
-        byte[] out = new byte[Math.addExact(keyVal.length, 8)];
+        try {
+            byte[] out = new byte[Math.addExact(keyVal.length, 8)];
 
-        if (keyVal.length == 8) {
-            System.arraycopy(IV, 0, out, 0, IV.length);
-            System.arraycopy(keyVal, 0, out, IV.length, 8);
-            cipher.encryptBlock(out, 0, out, 0);
-        } else {
-            if (keyVal.length % 8 != 0) {
-                throw new IllegalBlockSizeException("length of the " +
-                    "to be wrapped key should be multiples of 8 bytes");
-            }
-            System.arraycopy(IV, 0, out, 0, IV.length);
-            System.arraycopy(keyVal, 0, out, IV.length, keyVal.length);
-            int N = keyVal.length/8;
-            byte[] buffer = new byte[blksize];
-            for (int j = 0; j < 6; j++) {
-                for (int i = 1; i <= N; i++) {
-                    int T = i + j*N;
-                    System.arraycopy(out, 0, buffer, 0, IV.length);
-                    System.arraycopy(out, i*8, buffer, IV.length, 8);
-                    cipher.encryptBlock(buffer, 0, buffer, 0);
-                    for (int k = 1; T != 0; k++) {
-                        byte v = (byte) T;
-                        buffer[IV.length - k] ^= v;
-                        T >>>= 8;
+            if (keyVal.length == 8) {
+                System.arraycopy(IV, 0, out, 0, IV.length);
+                System.arraycopy(keyVal, 0, out, IV.length, 8);
+                cipher.encryptBlock(out, 0, out, 0);
+            } else {
+                if (keyVal.length % 8 != 0) {
+                    throw new IllegalBlockSizeException("length of the " +
+                            "to be wrapped key should be multiples of 8 bytes");
+                }
+                System.arraycopy(IV, 0, out, 0, IV.length);
+                System.arraycopy(keyVal, 0, out, IV.length, keyVal.length);
+                int N = keyVal.length / 8;
+                byte[] buffer = new byte[blksize];
+                for (int j = 0; j < 6; j++) {
+                    for (int i = 1; i <= N; i++) {
+                        int T = i + j * N;
+                        System.arraycopy(out, 0, buffer, 0, IV.length);
+                        System.arraycopy(out, i * 8, buffer, IV.length, 8);
+                        cipher.encryptBlock(buffer, 0, buffer, 0);
+                        for (int k = 1; T != 0; k++) {
+                            byte v = (byte) T;
+                            buffer[IV.length - k] ^= v;
+                            T >>>= 8;
+                        }
+                        System.arraycopy(buffer, 0, out, 0, IV.length);
+                        System.arraycopy(buffer, 8, out, 8 * i, 8);
                     }
-                    System.arraycopy(buffer, 0, out, 0, IV.length);
-                    System.arraycopy(buffer, 8, out, 8*i, 8);
                 }
             }
+            return out;
+        } finally {
+            Arrays.fill(keyVal, (byte)0);
         }
-        return out;
     }
 
     /**
@@ -474,38 +484,43 @@ protected Key engineUnwrap(byte[] wrappedKey,
         }
         byte[] out = new byte[wrappedKeyLen - 8];
         byte[] buffer = new byte[blksize];
-        if (wrappedKeyLen == 16) {
-            cipher.decryptBlock(wrappedKey, 0, buffer, 0);
-            for (int i = 0; i < IV.length; i++) {
-                if (IV[i] != buffer[i]) {
-                    throw new InvalidKeyException("Integrity check failed");
+        try {
+            if (wrappedKeyLen == 16) {
+                cipher.decryptBlock(wrappedKey, 0, buffer, 0);
+                for (int i = 0; i < IV.length; i++) {
+                    if (IV[i] != buffer[i]) {
+                        throw new InvalidKeyException("Integrity check failed");
+                    }
                 }
-            }
-            System.arraycopy(buffer, IV.length, out, 0, out.length);
-        } else {
-            System.arraycopy(wrappedKey, 0, buffer, 0, IV.length);
-            System.arraycopy(wrappedKey, IV.length, out, 0, out.length);
-            int N = out.length/8;
-            for (int j = 5; j >= 0; j--) {
-                for (int i = N; i > 0; i--) {
-                    int T = i + j*N;
-                    System.arraycopy(out, 8*(i-1), buffer, IV.length, 8);
-                    for (int k = 1; T != 0; k++) {
-                        byte v = (byte) T;
-                        buffer[IV.length - k] ^= v;
-                        T >>>= 8;
+                System.arraycopy(buffer, IV.length, out, 0, out.length);
+            } else {
+                System.arraycopy(wrappedKey, 0, buffer, 0, IV.length);
+                System.arraycopy(wrappedKey, IV.length, out, 0, out.length);
+                int N = out.length / 8;
+                for (int j = 5; j >= 0; j--) {
+                    for (int i = N; i > 0; i--) {
+                        int T = i + j * N;
+                        System.arraycopy(out, 8 * (i - 1), buffer, IV.length, 8);
+                        for (int k = 1; T != 0; k++) {
+                            byte v = (byte) T;
+                            buffer[IV.length - k] ^= v;
+                            T >>>= 8;
+                        }
+                        cipher.decryptBlock(buffer, 0, buffer, 0);
+                        System.arraycopy(buffer, IV.length, out, 8 * (i - 1), 8);
                     }
-                    cipher.decryptBlock(buffer, 0, buffer, 0);
-                    System.arraycopy(buffer, IV.length, out, 8*(i-1), 8);
                 }
-            }
-            for (int i = 0; i < IV.length; i++) {
-                if (IV[i] != buffer[i]) {
-                    throw new InvalidKeyException("Integrity check failed");
+                for (int i = 0; i < IV.length; i++) {
+                    if (IV[i] != buffer[i]) {
+                        throw new InvalidKeyException("Integrity check failed");
+                    }
                 }
             }
+            return ConstructKeys.constructKey(out, wrappedKeyAlgorithm,
+                    wrappedKeyType);
+        } finally {
+            Arrays.fill(out, (byte)0);
+            Arrays.fill(buffer, (byte)0);
         }
-        return ConstructKeys.constructKey(out, wrappedKeyAlgorithm,
-                                          wrappedKeyType);
     }
 }

src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
 
 import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
 
 import javax.crypto.*;
 
@@ -180,6 +181,9 @@ protected void engineInit(int opmode, Key key,
 
     // init method. Check opmode and key, then call init(byte[]).
     private void init(int opmode, Key key) throws InvalidKeyException {
+        if (lastKey != null) {
+            Arrays.fill(lastKey, (byte)0);
+        }
         if ((opmode < Cipher.ENCRYPT_MODE) || (opmode > Cipher.UNWRAP_MODE)) {
             throw new InvalidKeyException("Unknown opmode: " + opmode);
         }
@@ -199,6 +203,7 @@ private static byte[] getEncodedKey(Key key) throws InvalidKeyException {
         }
         byte[] encodedKey = key.getEncoded();
         if ((encodedKey.length < 5) || (encodedKey.length > 128)) {
+            Arrays.fill(encodedKey, (byte)0);
             throw new InvalidKeyException
                 ("Key length must be between 40 and 1024 bit");
         }
@@ -244,19 +249,31 @@ protected byte[] engineWrap(Key key) throws IllegalBlockSizeException,
         if ((encoded == null) || (encoded.length == 0)) {
             throw new InvalidKeyException("Could not obtain encoded key");
         }
-        return engineDoFinal(encoded, 0, encoded.length);
+        try {
+            return engineDoFinal(encoded, 0, encoded.length);
+        } finally {
+            Arrays.fill(encoded, (byte)0);
+        }
     }
 
     // see JCE spec
     protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
             int type) throws InvalidKeyException, NoSuchAlgorithmException {
-        byte[] encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length);
-        return ConstructKeys.constructKey(encoded, algorithm, type);
+        byte[] encoded = null;
+        try {
+            encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length);
+            return ConstructKeys.constructKey(encoded, algorithm, type);
+        } finally {
+            if (encoded != null) {
+                Arrays.fill(encoded, (byte) 0);
+            }
+        }
     }
 
     // see JCE spec
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
         byte[] encodedKey = getEncodedKey(key);
+        Arrays.fill(encodedKey, (byte)0);
         return Math.multiplyExact(encodedKey.length, 8);
     }
 

src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import java.security.*;
 import java.security.spec.*;
+import java.util.Arrays;
+
 import sun.security.util.*;
 import javax.crypto.*;
 import javax.crypto.spec.*;
@@ -373,7 +375,9 @@ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
      * @exception InvalidKeyException if <code>key</code> is invalid.
      */
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
-        return Math.multiplyExact(key.getEncoded().length, 8);
+        byte[] encodedKey = key.getEncoded();
+        Arrays.fill(encodedKey, (byte)0);
+        return Math.multiplyExact(encodedKey.length, 8);
     }
 
     /**

src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
 import java.nio.ByteOrder;
 import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
 import java.util.Objects;
 import javax.crypto.*;
 import javax.crypto.spec.ChaCha20ParameterSpec;
@@ -546,6 +547,9 @@ private void init(int opmode, Key key, byte[] newNonce)
         // assigning them to the object.
         byte[] newKeyBytes = getEncodedKey(key);
         checkKeyAndNonce(newKeyBytes, newNonce);
+        if (this.keyBytes != null) {
+            Arrays.fill(this.keyBytes, (byte)0);
+        }
         this.keyBytes = newKeyBytes;
         nonce = newNonce;
 
@@ -612,6 +616,9 @@ private static byte[] getEncodedKey(Key key) throws InvalidKeyException {
         }
         byte[] encodedKey = key.getEncoded();
         if (encodedKey == null || encodedKey.length != 32) {
+            if (encodedKey != null) {
+                Arrays.fill(encodedKey, (byte)0);
+            }
             throw new InvalidKeyException("Key length must be 256 bits");
         }
         return encodedKey;
@@ -790,6 +797,7 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
     @Override
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
         byte[] encodedKey = getEncodedKey(key);
+        Arrays.fill(encodedKey, (byte)0);
         return encodedKey.length << 3;
     }