infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-21 12:20:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

8074865: General crypto resilience changes

Browse Source 
Replaced Arrays.equals() with MessageDigest.isEqual() when comparing sensitive values

Reviewed-by: mullan, xuelei
This commit is contained in:
Valerie Peng 2015-04-06 20:24:27 +00:00
parent aadda7f118
commit baceaab271
18 changed files with 40 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jdk/src/java.base/share/classes/com/sun/crypto/provider/AESCrypt.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -37,6 +37,7 @@
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Objects;
@ -91,7 +92,7 @@ final class AESCrypt extends SymmetricCipher implements AESConstants
key.length + " bytes");
}
if (!Arrays.equals(key, lastKey)) {
if (!MessageDigest.isEqual(key, lastKey)) {
// re-generate session key 'sessionK' when cipher key changes
makeSessionKey(key);
lastKey = key.clone(); // save cipher key

4
jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -568,7 +568,7 @@ final class CipherCore {
// check key+iv for encryption in GCM mode
requireReinit =
Arrays.equals(ivBytes, lastEncIv) &&
Arrays.equals(keyBytes, lastEncKey);
MessageDigest.isEqual(keyBytes, lastEncKey);
if (requireReinit) {
throw new InvalidAlgorithmParameterException
("Cannot reuse iv for GCM encryption");

5
jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@ -113,7 +114,7 @@ final class DESKey implements SecretKey {
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
boolean ret = java.util.Arrays.equals(this.key, thatKey);
boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}

5
jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@ -114,7 +115,7 @@ final class DESedeKey implements SecretKey {
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
boolean ret = java.util.Arrays.equals(this.key, thatKey);
boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}

5
jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,7 @@
package com.sun.crypto.provider;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
import java.util.Locale;
@ -108,7 +109,7 @@ final class PBEKey implements SecretKey {
return false;
byte[] thatEncoded = that.getEncoded();
boolean ret = java.util.Arrays.equals(this.key, thatEncoded);
boolean ret = MessageDigest.isEqual(this.key, thatEncoded);
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}

7
jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@ import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Locale;
import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
@ -153,7 +154,7 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
SecretKey sk = (SecretKey)obj;
return prf.getAlgorithm().equalsIgnoreCase(
sk.getAlgorithm()) &&
Arrays.equals(password, sk.getEncoded());
MessageDigest.isEqual(password, sk.getEncoded());
}
};
prf.init(macKey);
@ -239,7 +240,7 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
boolean ret = Arrays.equals(key, that.getEncoded());
boolean ret = MessageDigest.isEqual(key, that.getEncoded());
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}

4
jdk/src/java.base/share/classes/java/security/Identity.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -261,7 +261,7 @@ public abstract class Identity implements Principal, Serializable {
certificates.addElement(certificate);
}
private boolean keyEquals(Key aKey, Key anotherKey) {
private boolean keyEquals(PublicKey aKey, PublicKey anotherKey) {
String aKeyFormat = aKey.getFormat();
String anotherKeyFormat = anotherKey.getFormat();
if ((aKeyFormat == null) ^ (anotherKeyFormat == null))

6
jdk/src/java.base/share/classes/java/security/MessageDigest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -440,6 +440,10 @@ public abstract class MessageDigest extends MessageDigestSpi {
* @return true if the digests are equal, false otherwise.
*/
public static boolean isEqual(byte[] digesta, byte[] digestb) {
if (digesta == digestb) return true;
if (digesta == null || digestb == null) {
return false;
}
if (digesta.length != digestb.length) {
return false;
}

4
jdk/src/java.base/share/classes/java/security/Signature.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -1324,7 +1324,7 @@ public abstract class Signature extends SignatureSpi {
byte[] out = cipher.doFinal(sigBytes);
byte[] dataBytes = data.toByteArray();
data.reset();
return Arrays.equals(out, dataBytes);
return MessageDigest.isEqual(out, dataBytes);
} catch (BadPaddingException e) {
// e.g. wrong public key used
// return false rather than throwing exception

5
jdk/src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,7 @@
package javax.crypto.spec;
import java.security.MessageDigest;
import java.security.spec.KeySpec;
import java.util.Locale;
import javax.crypto.SecretKey;
@ -228,6 +229,6 @@ public class SecretKeySpec implements KeySpec, SecretKey {
byte[] thatKey = ((SecretKey)obj).getEncoded();
return java.util.Arrays.equals(this.key, thatKey);
return MessageDigest.isEqual(this.key, thatKey);
}
}

2
jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
View File

@ -2059,7 +2059,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
"(MAC algorithm: " + m.getAlgorithm() + ")");
}
if (!Arrays.equals(macData.getDigest(), macResult)) {
if (!MessageDigest.isEqual(macData.getDigest(), macResult)) {
throw new SecurityException("Failed PKCS12" +
" integrity checking");
}

3
jdk/src/java.base/share/classes/sun/security/rsa/RSASignature.java
View File

@ -27,7 +27,6 @@ package sun.security.rsa;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.security.*;
import java.security.interfaces.*;
@ -194,7 +193,7 @@ public abstract class RSASignature extends SignatureSpi {
byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
byte[] unpadded = padding.unpad(decrypted);
byte[] decodedDigest = decodeSignature(digestOID, unpadded);
return Arrays.equals(digest, decodedDigest);
return MessageDigest.isEqual(digest, decodedDigest);
} catch (javax.crypto.BadPaddingException e) {
// occurs if the app has used the wrong RSA public key
// or if sigBytes is invalid

2
jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
View File

@ -542,7 +542,7 @@ final class ClientHandshaker extends Handshaker {
0, clientVerifyData.length);
System.arraycopy(serverVerifyData, 0, verifyData,
clientVerifyData.length, serverVerifyData.length);
if (!Arrays.equals(verifyData,
if (!MessageDigest.isEqual(verifyData,
serverHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ServerHello " +

2
jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
View File

@ -2040,7 +2040,7 @@ static final class Finished extends HandshakeMessage {
*/
boolean verify(HandshakeHash handshakeHash, int sender, SecretKey master) {
byte[] myFinished = getFinished(handshakeHash, sender, master);
return Arrays.equals(myFinished, verifyData);
return MessageDigest.isEqual(myFinished, verifyData);
}
/*

2
jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
View File

@ -407,7 +407,7 @@ final class ServerHandshaker extends Handshaker {
}
// verify the client_verify_data value
if (!Arrays.equals(clientVerifyData,
if (!MessageDigest.isEqual(clientVerifyData,
clientHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ClientHello " +

4
jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Key.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -165,7 +165,7 @@ abstract class P11Key implements Key, Length {
} else {
otherEnc = other.getEncoded();
}
return Arrays.equals(thisEnc, otherEnc);
return MessageDigest.isEqual(thisEnc, otherEnc);
}
public int hashCode() {

20
jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/wrapper/Functions.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@ -444,22 +444,6 @@ public class Functions {
return getId(objectClassIds, name);
}
/**
* Check the given arrays for equalitiy. This method considers both arrays as
* equal, if both are <code>null</code> or both have the same length and
* contain exactly the same byte values.
*
* @param array1 The first array.
* @param array2 The second array.
* @return True, if both arrays are <code>null</code> or both have the same
* length and contain exactly the same byte values. False, otherwise.
* @preconditions
* @postconditions
*/
public static boolean equals(byte[] array1, byte[] array2) {
return Arrays.equals(array1, array2);
}
/**
* Check the given arrays for equalitiy. This method considers both arrays as
* equal, if both are <code>null</code> or both have the same length and
@ -472,7 +456,7 @@ public class Functions {
* @preconditions
* @postconditions
*/
public static boolean equals(char[] array1, char[] array2) {
private static boolean equals(char[] array1, char[] array2) {
return Arrays.equals(array1, array2);
}

2
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
View File

@ -206,7 +206,7 @@ class NativeGCMCipher extends NativeCipher {
}
if (doEncrypt) {
requireReinit = Arrays.equals(ivBytes, lastEncIv) &&
Arrays.equals(keyBytes, lastEncKey);
MessageDigest.isEqual(keyBytes, lastEncKey);
if (requireReinit) {
throw new InvalidAlgorithmParameterException
("Cannot reuse iv for GCM encryption");