RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider
Sean Mullan
mullan at openjdk.org
Thu Jul 13 21:17:13 UTC 2023
On Thu, 13 Jul 2023 20:58:45 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1:
>>
>>> 1: /*
>>
>> I also think the change which moved the registering of the `Cleaner` outside the `finally` block in the constructor is not correct, as the passwd is no longer zero-ed out if the code after that throws an Exception.
>
> Per my reading of the code. the cleaner is only used when the PBKDF2 key constructor succeeds. If an exception occurred, then the passwd cleanup is handled by the if (key == null) condition in the finally block.
Yes, took another closer look at the code and you are right. So, never mind this comment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263060330
More information about the security-dev
mailing list