diff --git a/src/java.base/share/classes/com/sun/crypto/provider/GCTR.java b/src/java.base/share/classes/com/sun/crypto/provider/GCTR.java
index 7aaec3d6c1ae1..e00302599682d 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/GCTR.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/GCTR.java
@@ -228,15 +228,19 @@ public int update(ByteBuffer src, ByteBuffer dst) {
len = src.remaining() - (src.remaining() % blockSize);
int processed = len;
byte[] in = new byte[Math.min(MAX_LEN, len)];
- while (processed > MAX_LEN) {
- src.get(in, 0, MAX_LEN);
- encrypt(in, 0, MAX_LEN, in, 0);
- dst.put(in, 0, MAX_LEN);
- processed -= MAX_LEN;
+ try {
+ while (processed > MAX_LEN) {
+ src.get(in, 0, MAX_LEN);
+ encrypt(in, 0, MAX_LEN, in, 0);
+ dst.put(in, 0, MAX_LEN);
+ processed -= MAX_LEN;
+ }
+ src.get(in, 0, processed);
+ encrypt(in, 0, processed, in, 0);
+ dst.put(in, 0, processed);
+ } finally {
+ Arrays.fill(in, (byte)0);
}
- src.get(in, 0, processed);
- encrypt(in, 0, processed, in, 0);
- dst.put(in, 0, processed);
return len;
}
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java b/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
index e639a016ff117..b7e9b98983c55 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
@@ -1011,6 +1011,7 @@ void restoreDst(ByteBuffer dst) {
dst.flip();
originalDst.put(dst);
+ dst.clear().put(new byte[dst.capacity()]);
originalDst = null;
}
diff --git a/src/java.base/share/classes/javax/crypto/CipherSpi.java b/src/java.base/share/classes/javax/crypto/CipherSpi.java
index 6b21c16712ddb..1314fc9c90322 100644
--- a/src/java.base/share/classes/javax/crypto/CipherSpi.java
+++ b/src/java.base/share/classes/javax/crypto/CipherSpi.java
@@ -28,6 +28,7 @@
import java.nio.ByteBuffer;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
/**
* This class defines the Service Provider Interface (SPI)
@@ -785,6 +786,7 @@ private int bufferCrypt(ByteBuffer input, ByteBuffer output,
}
if (useTempOut) {
output.put(outArray, outOfs, total);
+ Arrays.fill(outArray, (byte)0);
} else {
// adjust output position manually
output.position(outPos + total);
@@ -798,6 +800,7 @@ private int bufferCrypt(ByteBuffer input, ByteBuffer output,
if (outArray != null && outArray.length != 0) {
output.put(outArray);
total = outArray.length;
+ Arrays.fill(outArray, (byte)0);
}
}
// adjust input position manually
@@ -809,23 +812,28 @@ private int bufferCrypt(ByteBuffer input, ByteBuffer output,
int outOfs = 0;
byte[] tempIn = new byte[getTempArraySize(inLen)];
- do {
- int chunk = Math.min(inLen, tempIn.length);
- if (chunk > 0) {
- input.get(tempIn, 0, chunk);
+ try {
+ do {
+ int chunk = Math.min(inLen, tempIn.length);
+ if (chunk > 0) {
+ input.get(tempIn, 0, chunk);
+ }
+ int n;
+ if (isUpdate || (inLen > chunk)) {
+ n = engineUpdate(tempIn, 0, chunk, tempOut, outOfs);
+ } else {
+ n = engineDoFinal(tempIn, 0, chunk, tempOut, outOfs);
+ }
+ outOfs += n;
+ total += n;
+ inLen -= chunk;
+ } while (inLen > 0);
+ if (total > 0) {
+ output.put(tempOut, 0, total);
}
- int n;
- if (isUpdate || (inLen > chunk)) {
- n = engineUpdate(tempIn, 0, chunk, tempOut, outOfs);
- } else {
- n = engineDoFinal(tempIn, 0, chunk, tempOut, outOfs);
- }
- outOfs += n;
- total += n;
- inLen -= chunk;
- } while (inLen > 0);
- if (total > 0) {
- output.put(tempOut, 0, total);
+ } finally {
+ Arrays.fill(tempOut, (byte) 0);
+ Arrays.fill(tempIn, (byte) 0);
}
}