RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v3]

Valerie Peng valeriep at openjdk.org
Mon May 22 22:20:57 UTC 2023


On Sat, 20 May 2023 00:58:05 GMT, Martin Balao <mbalao at openjdk.org> wrote:

>> Good
>
> We discussed this change with @franferrax and have some concerns. The method Key::getEncoded does not document that a copy will be returned, and this would change the current behavior and affect non-PBE cases. In practical terms, it would mean that a key directly or indirectly converted to a P11Key would be destroyed if it does not return a clone in its getEncoded method. We suggest to make the caller responsible and keep the existing behavior. I.e.: if we call with a SecretKeySpec —whose ::getEncoded returns a clone—, the caller will need to (optionally) clear the key. What do you think?

Hmm, so you are aware of a provider whose Key.getEncoded() impl returns the internal key bytes directly? Although the javadoc does NOT state a copy is being returned, it's very likely because an "encoding" is returned. If internal key bytes are returned, it seems bad programming practice, e.g. no protection for internal states/values?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1201228024



More information about the security-dev mailing list