RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v3]
Martin Balao
mbalao at openjdk.org
Thu May 18 19:48:04 UTC 2023
On Wed, 17 May 2023 18:44:08 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>>
>> - Rebase fix after JDK-8306033. Replace called functions with their new names.
>> - 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #1)
>>
>> Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>> - 8301553: Support Password-Based Cryptography in SunPKCS11
>>
>> Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> src/java.base/share/classes/com/sun/crypto/provider/HmacPKCS12PBECore.java line 115:
>
>> 113: try {
>> 114: derivedKey = PKCS12PBECipherCore.derive(
>> 115: keySpec.getPassword(), keySpec.getSalt(),
>
> Comparing to the original impl, this new call of keySpec.getPassword() produces extra copy of password which needs to be cleared as well.
Good. We have some doubts about the effectiveness of this but we will clear them anyways.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1198237296
More information about the security-dev
mailing list