JDK-8163896 : Finalizing one key of a KeyPair invalidates the other key
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 9
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: windows
- Submitted: 2016-08-11
- Updated: 2019-04-27
- Resolved: 2016-08-15
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 | JDK 7 | JDK 8 | JDK 9 |
|---|---|---|---|
| 6u141Fixed | 7u131Fixed | 8u152Fixed  |
9 b133Fixed |
Related Reports
|
Relates :
|
Description
Here's the reproducer:
-------------------
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
public class Main {
public static void main(String[] args) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
KeyPair pair = generator.generateKeyPair();
Key publicKey = pair.getPublic();
pair = null;
for (int i = 0; i < 1024; ++i) {
System.gc();
}
publicKey.getEncoded(); // <<< throws KeyException: The parameter is incorrect
}
}
-------------------
This is because when a KeyPair is created both keys share the same native handles.
Thus, when one of them is destroyed (i.e. finalized), the handles become invalid.
Comments
|