RFR: 8258915: Temporary buffer cleanup [v6]
Weijun Wang
weijun at openjdk.java.net
Sat Feb 6 17:10:43 UTC 2021
On Fri, 5 Feb 2021 16:34:29 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> drbg
>>
>> only in patch2:
>> unchanged:
>
> src/java.base/share/classes/sun/security/provider/CtrDrbg.java line 507:
>
>> 505: System.arraycopy(out, 0, result, pos, len);
>> 506: Arrays.fill(out, (byte)0);
>> 507: }
>
> No need to handle encryption output?
`out` contains same bytes as the output, and the output is often directly used as key materials.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list