RFR: 8258915: Temporary buffer cleanup [v8]

Valerie Peng valeriep at openjdk.java.net
Thu Feb 18 05:17:44 UTC 2021

On Sat, 6 Feb 2021 14:40:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Clean up temporary byte array, char array, and keyspec around keys and passwords.
>> No new regression test.
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>   materials

src/java.base/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java line 186:

> 184:             serverMacKey = new SecretKeySpec(tmp, "Mac");
> 185: 
> 186:             Arrays.fill(tmp, (byte)0);

It looks like you can use the SecretKeySpec(byte[], int, int, String) to simplify the code at line 175-186. Essentially, the code block does: 
clientMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");
ofs += macLength;
serverMacKey = new SecretKeySpec(keyBlock, ofs, macLength, "Mac");


PR: https://git.openjdk.java.net/jdk/pull/2070

More information about the security-dev mailing list