RFR: 8315944: SunJCE provider should not zeroize the deserialized key values
Bradford Wetmore
wetmore at openjdk.org
Fri Sep 22 00:26:16 UTC 2023
On Wed, 20 Sep 2023 21:56:50 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> This PR reverts part of the changes under JDK-8312306 which zero-out the deserialized key bytes after an internal copy has been made. If considering the deserialized key bytes as input arguments, such cleaning action may be too aggressive. Thus, on second thought, I am reverting to earlier behavior. No regression test since the changes are trivial.
>
> Thanks!
> Valerie
I would like to research/understand the reachabilityFence stuff a bit more, but if you need to get this in, this is ok with me.
-------------
Marked as reviewed by wetmore (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/15848#pullrequestreview-1638900785
More information about the security-dev
mailing list