simpler spec creation, and one more clean

wangweij · wangweij · commit 83eb7dcc006f · 2021-02-19T17:16:19.000-05:00
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java b/src/java.base/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java
@@ -172,18 +172,11 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
 
         int ofs = 0;
         if (macLength != 0) {
-            byte[] tmp = new byte[macLength];
-
             // mac keys
-            System.arraycopy(keyBlock, ofs, tmp, 0, macLength);
+            clientMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");
             ofs += macLength;
-            clientMacKey = new SecretKeySpec(tmp, "Mac");
-
-            System.arraycopy(keyBlock, ofs, tmp, 0, macLength);
+            serverMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");
             ofs += macLength;
-            serverMacKey = new SecretKeySpec(tmp, "Mac");
-
-            Arrays.fill(tmp, (byte)0);
         }
 
         if (keyLength == 0) { // SSL_RSA_WITH_NULL_* ciphersuites
@@ -209,15 +202,10 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
 
                 // IV keys if needed.
                 if (ivLength != 0) {
-                    byte[] tmp = new byte[ivLength];
-
-                    System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
+                    clientIv = new IvParameterSpec(keyBlock, ofs, ivLength);
                     ofs += ivLength;
-                    clientIv = new IvParameterSpec(tmp);
-
-                    System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
+                    serverIv = new IvParameterSpec(keyBlock, ofs, ivLength);
                     ofs += ivLength;
-                    serverIv = new IvParameterSpec(tmp);
                 }
             } else {
                 // if exportable suites, calculate the alternate
@@ -242,13 +230,10 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
                     Arrays.fill(tmp, (byte) 0);
 
                     if (ivLength != 0) {
-                        tmp = new byte[ivLength];
                         byte[] block = doTLS10PRF(null, LABEL_IV_BLOCK, seed,
                                 ivLength << 1, md5, sha);
-                        System.arraycopy(block, 0, tmp, 0, ivLength);
-                        clientIv = new IvParameterSpec(tmp);
-                        System.arraycopy(block, ivLength, tmp, 0, ivLength);
-                        serverIv = new IvParameterSpec(tmp);
+                        clientIv = new IvParameterSpec(block, 0, ivLength);
+                        serverIv = new IvParameterSpec(block, ivLength, ivLength);
                     }
                 } else {
                     // SSLv3
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java b/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java
@@ -369,6 +369,7 @@ private static void expand(MessageDigest digest, int hmacSize,
             }
             remaining -= k;
         }
+        Arrays.fill(tmp, (byte)0);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -369,6 +369,7 @@ private static void expand(MessageDigest digest, int hmacSize,`
`369`	`369`	`}`
`370`	`370`	`remaining -= k;`
`371`	`371`	`}`
	`372`	`+ Arrays.fill(tmp, (byte)0);`
`372`	`373`	`}`
`373`	`374`
`374`	`375`	`/**`