RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v7]
Weijun Wang
weijun at openjdk.org
Tue Oct 21 15:35:54 UTC 2025
On Tue, 21 Oct 2025 15:08:19 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - fix non-pbe
>> - doc updates, zeroing, fix unencrypted keypair encoding, exception mods
>
> src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 315:
>
>> 313: }
>> 314: byte[] result = pkcs8Key.generateEncoding().clone();
>> 315: pkcs8Key.clear();
>
> Put this in a finally block so it gets cleared even if `generateEncoding` throws an exception. You should also clear the return value of `generateEncoding` (before you clone it). Although I don't think you need the clone, since `generateEncoding` returns a new array each time.
Unfortunately `generateEncoding` also assigned the result to the internal field `encodedKey`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2448790083
More information about the security-dev
mailing list