RFR: 8258915: Temporary buffer cleanup [v8]
Valerie Peng
valeriep at openjdk.java.net
Thu Feb 18 05:17:44 UTC 2021
On Sat, 6 Feb 2021 14:40:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Clean up temporary byte array, char array, and keyspec around keys and passwords.
>>
>> No new regression test.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> materials
src/java.base/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java line 186:
> 184: serverMacKey = new SecretKeySpec(tmp, "Mac");
> 185:
> 186: Arrays.fill(tmp, (byte)0);
It looks like you can use the SecretKeySpec(byte[], int, int, String) to simplify the code at line 175-186. Essentially, the code block does:
clientMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");
ofs += macLength;
serverMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list