RFR: JDK-8209129 :Further improvements to cipher buffer management
Seán Coffey
sean.coffey at oracle.com
Thu Aug 23 10:35:32 UTC 2018
I made those minor edits in the end and pushed the changes. We should
examine usage of Arrays.fill(passwd, '0') in other parts of the JDK as a
follow up.
regards,
Sean.
On 22/08/2018 23:01, Seán Coffey wrote:
>
> On 22 August 2018 19:22:49 IST, Ivan Gerasimov <ivan.gerasimov at oracle.com> wrote:
>> Hi Seán!
>>
>> Just a minor comment.
>>
>> I don't know if it's even measurable in this context, but I was under
>> impression that filling memory with zero *bytes* might be a slightly
>> more efficient then filling with any other constant.
>>
>> Maybe it is better to use Arrays.fill(passwd, '\0') instead of
>> Arrays.fill(passwd, '0') to give the JVM a chance to optimize filling
>> if
>> it's possible?
> Interesting comment Ivan. I was not aware of such an effect! If you've further references on that, I'd appreciate it. '0' is used in other, similar, fill operations IIRC. Perhaps we can optimize such code across all security libs code via another JBS issue.
>
> Regards,
> Sean.
More information about the security-dev
mailing list