RFR: 8207775: Better management of CipherCore buffers
Anthony Scarpino
anthony.scarpino at oracle.com
Wed Aug 1 14:55:14 UTC 2018
My only comment is if it makes sense to have the change at 676 to also
only null out on decrypt?
Otherwise I'm fine with the changes
Tony
On 07/31/2018 02:04 AM, Seán Coffey wrote:
> Thanks for review Tony. Comments inline..
>
> On 27/07/18 21:02, Anthony Scarpino wrote:
>> If we are going to add more, here are two more ton consider:
>>
>> - It looks like there is another Arrays.copyOf() on doFinal() line 851
> Good point.
>> - doFinal()
>> at line 897 there might be something that should be done with
>> 'buffer'. In particular as a result of line 963's arraycopy().
> Yes - I've identified two areas where we can be proactive about nulling
> out 'buffer' contents. That's around the same time where we reset
> 'buffered' to 0. See lines 777 and 967
>
> http://cr.openjdk.java.net/~coffeys/webrev.8207775.v3/webrev/
>
> regards,
> Sean.
>>
>> Tony
>>
>>
>> On 07/27/2018 08:29 AM, Seán Coffey wrote:
>>> Thanks Tony. If it's alright with you, I'd like to make one more edit
>>> for this change.
>>>
>>> http://cr.openjdk.java.net/~coffeys/webrev.8207775.v2/webrev/
>>>
>>> There's a condition where we can null out an array early if we're
>>> returning a copy. See lines 671-683
>>>
>>> Regards,
>>> Sean.
>>>
>>> On 26/07/18 17:42, Anthony Scarpino wrote:
>>>> On 07/26/2018 07:36 AM, Seán Coffey wrote:
>>>>> https://bugs.openjdk.java.net/browse/JDK-8207775
>>>>>
>>>>> Simple enough fix to null out some internal buffers once they're no
>>>>> longer required.
>>>>>
>>>>> webrev : http://cr.openjdk.java.net/~coffeys/webrev.8207775/webrev/
>>>>>
>>>>> regards,
>>>>> Sean.
>>>>>
>>>>
>>>> that looks fine..
>>>>
>>>> Tony
>>>
>>
>
More information about the security-dev
mailing list