RFR: 8258915: Temporary buffer cleanup [v3]
Valerie Peng
valeriep at openjdk.java.net
Sat Jan 23 04:05:42 UTC 2021
On Fri, 22 Jan 2021 15:43:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Clean up temporary byte array, char array, and keyspec around keys and passwords.
>>
>> No new regression test.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> more wrap, less copy
src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 221:
> 219: if (encodedKey == null) {
> 220: try {
> 221: DerOutputStream tmp = new DerOutputStream();
What is the criteria of using the default constructor vs the one with a initial size? Here is using the default, are we sure about the key (line 224 below) will always fit?
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 664:
> 662:
> 663: // Encode secret key in a PKCS#8
> 664: DerOutputStream secretKeyInfo = new DerOutputStream();
Same, using default constructor here and we write encodedKey into it at line 670 below.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list