RFR: 8258915: Temporary buffer cleanup [v2]
Valerie Peng
valeriep at openjdk.java.net
Fri Jan 22 07:50:54 UTC 2021
On Thu, 21 Jan 2021 16:23:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Clean up temporary byte array, char array, and keyspec around keys and passwords.
>>
>> No new regression test.
>
> Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>
> - rsa
> - Merge
> - 8258915: More temporary buffer cleanup
>
> 8258915: More temporary buffer cleanup
src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 234:
> 232: encodedKey = out.toByteArray();
> 233: // Copy the actual bytes
> 234: System.arraycopy(key, 0, encodedKey, encodedKey.length - key.length, key.length);
I think this can now be updated with the newer DerValue.wrap(....) then DerValue.clear() approach?
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 676:
> 674: // effectively once required.
> 675: secretKeyInfo.putOctetString(new byte[encoded.length]);
> 676: pkcs8.write(DerValue.tag_Sequence, secretKeyInfo);
Same as earlier comment - can switch to DerValue.wrap() and then clear() approach?
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list