[Bug crypto/28204] PBEKeySpec incorrectly deletes the originally passed password array

[mwringe at redhat dot com]

------- Comment #7 from mwringe at redhat dot com  2006-07-05 19:29 -------
After looking into the issue more, the salt also must be cloned.
There are also a lot of other issues with this class that need to be addressed.
There are no checks for invalid parameters, and it allows for some invalid
behavior.

An upated patch can be found here:
http://developer.classpath.org/pipermail/classpath-patches/attachments/20060705/1f52b6af/Crypto-PBEKeySpec.bin

This patch should bring PBEKeySpec upto spec. The major changes in this patch
include:
1) password and salt are now correctly stored as copies. The javadoc has been
updated to reflect this
2) method arguments are now checked for correctness. Incorrect arguments
include: null salts, empty salts, negative iterationCounts, and negative
keyLengths
3) an illegalStateException is now properly thrown when calling getPassword
after calling clearPassword()

I also have a mauve testlet that checks for the proper behaviour of PBEKeySpec,
it can be found here:
http://developer.classpath.org/pipermail/classpath-patches/attachments/20060705/1f52b6af/TestOfPBEKeySpec.java
It should go under gnu/testlet/javax/crypto/spec (this directory does not yet
exist in cvs)

I do not have mauve or classpath commit access, so if these are deemed
acceptable, could someone please commit them for me on my behalf.

Comments?


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28204