RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v3]
Martin Balao
mbalao at openjdk.org
Sat May 20 01:01:12 UTC 2023
On Thu, 18 May 2023 20:07:37 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 345:
>>
>>> 343: throw new InvalidKeyException("Encoded format must be RAW");
>>> 344: }
>>> 345: byte[] encoded = key.getEncoded();
>>
>> Would be nice to clear out "encoded" bytes afterwards.
>
> Good
We discussed this change with @franferrax and have some concerns. The method Key::getEncoded does not document that a copy will be returned, and this would change the current behavior and affect non-PBE cases. In practical terms, it would mean that a key directly or indirectly converted to a P11Key would be destroyed if it does not return a clone in its getEncoded method. We suggest to make the caller responsible and keep the existing behavior. I.e.: if we call with a SecretKeySpec —whose ::getEncoded returns a clone—, the caller will need to (optionally) clear the key. What do you think?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1199513839
More information about the security-dev
mailing list