RFR: 8315944: SunJCE provider should not zeroize the deserialized key values
Weijun Wang
weijun at openjdk.org
Thu Sep 21 14:34:40 UTC 2023
On Wed, 20 Sep 2023 21:56:50 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> This PR reverts part of the changes under JDK-8312306 which zero-out the deserialized key bytes after an internal copy has been made. If considering the deserialized key bytes as input arguments, such cleaning action may be too aggressive. Thus, on second thought, I am reverting to earlier behavior. No regression test since the changes are trivial.
>
> Thanks!
> Valerie
Marked as reviewed by weijun (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/15848#pullrequestreview-1637998897
More information about the security-dev
mailing list