RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v11]
Weijun Wang
weijun at openjdk.org
Fri Oct 3 20:55:52 UTC 2025
On Thu, 2 Oct 2025 18:49:53 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> more review comments from Weijun and Sean
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 209:
> 207: }
> 208: } finally {
> 209: destroyPBEKey(pbeKey);
The `PBEKeySpec` object created in both cases should also be cleaned up by calling `keySpec.clearPassword()`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2403323256
More information about the security-dev
mailing list