RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v3]

Martin Balao mbalao at openjdk.org
Thu May 18 20:30:58 UTC 2023


On Wed, 17 May 2023 19:00:47 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>> 
>>  - Rebase fix after JDK-8306033. Replace called functions with their new names.
>>  - 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #1)
>>    
>>    Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at redhat.com>
>>  - 8301553: Support Password-Based Cryptography in SunPKCS11
>>    
>>    Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 444:
> 
>> 442:         int keyLength = 0;
>> 443:         if ("RAW".equalsIgnoreCase(pbeKey.getFormat())) {
>> 444:             byte[] encoded = pbeKey.getEncoded();
> 
> Should clear out "encoded" afterwards.

Good

> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 450:
> 
>> 448:         }
>> 449:         int ic = pbeKey.getIterationCount();
>> 450:         char[] pwd = pbeKey.getPassword();
> 
> Should clear out "pwd" afterwards.

Good

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1198271443
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1198273022



More information about the security-dev mailing list