RFR: 8258915: Temporary buffer cleanup [v4]
Valerie Peng
valeriep at openjdk.java.net
Mon Jan 25 11:37:47 UTC 2021
On Sat, 23 Jan 2021 16:32:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> I'll take a look. The test does not show it. Maybe because of the reversing?
>
> I found out the reason. This method is called during key pair generation but my test only deals with manually crafted keys (so that I know what special bytes to search for). I think I'll need to find out a different test method. This might reveal other leaks in key generation.
Yes, your approach is based on the test and the code path it exercised. I manually code inspected the files that you touched. Even with both approaches, it's still not gonna be 100%.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list