From 1d1ad7ac05f4a12e93100e0f9f7ce77222272dfc Mon Sep 17 00:00:00 2001 From: Kostas Tsiounis Date: Thu, 19 Oct 2023 13:16:17 -0400 Subject: [PATCH] Zero out previous key in native ChaCha20 cipher init --- .../classes/com/sun/crypto/provider/NativeChaCha20Cipher.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java b/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java index 0a2ed87908d..5d4fec94360 100644 --- a/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java +++ b/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java @@ -561,6 +561,9 @@ private void init(int opmode, Key key, byte[] newNonce) // assigning them to the object. byte[] newKeyBytes = getEncodedKey(key); checkKeyAndNonce(newKeyBytes, newNonce); + if (this.keyBytes != null) { + Arrays.fill(this.keyBytes, (byte)0); + } this.keyBytes = newKeyBytes; nonce = newNonce;