RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v4]
Anthony Scarpino
ascarpino at openjdk.org
Mon Oct 13 19:20:38 UTC 2025
On Fri, 3 Oct 2025 14:42:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>>
>> missed some decoder comments
>
> src/java.base/share/classes/sun/security/ec/ECPrivateKeyImpl.java line 252:
>
>> 250: int version = seq.data.getInteger();
>> 251: if (version == 1) { // EC
>> 252: byte[] oct = seq.data.getOctetString(); // private key
>
> If you call `seq.data.getDerValue()` then the return value uses the original array with an offset and a length. So there is no need to call `Arrays.fill` next.
cool, thanks.. I didn't realize it didn't make a`getDerValue` didn't make a copy.
> src/java.base/share/classes/sun/security/util/Pem.java line 376:
>
>> 374: SharedSecrets.getJavaSecuritySpecAccess().
>> 375: clearEncodedKeySpec(p8KeySpec);
>> 376: keySpec.clearPassword();
>
> Why are the lines above indented? Were you trying to add a try-finally here?
Yes, I fixed that.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2423026619
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2423065762
More information about the security-dev
mailing list