On Tue, 21 Jun 2022 22:06:23 GMT, Weijun Wang wrote:
>> Sounds good. Rest of changes look fine.
>
> I cannot reproduce this leak, but I found more by mixing the calls on byte
> array and `ByteBuffer`, and data length of whole block and half block. I'll
> study more and maybe some sort of fuzzy
On Wed, 15 Jun 2022 22:27:27 GMT, Valerie Peng wrote:
>> Seems so. BTW, I was using a test-driven programming model and have not
>> observed a leak here. I'll see if I can trigger one.
>
> Sounds good. Rest of changes look fine.
I cannot reproduce this leak, but I found more by mixing the calls
On Wed, 15 Jun 2022 20:17:47 GMT, Mark Powers wrote:
>> Clearing buffers and temporary arrays to avoid data leaks in cipher
>> operations.
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
> line 1014:
>
>> 1012: dst.flip();
>> 1013: origina
On Wed, 15 Jun 2022 19:58:41 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GCTR.java line 242:
>>
>>> 240: dst.put(in, 0, processed);
>>> 241: } finally {
>>> 242: Arrays.fill(in, (byte)0);
>>
>> The same handling should be applie
On Tue, 14 Jun 2022 17:57:17 GMT, Weijun Wang wrote:
> Clearing buffers and temporary arrays to avoid data leaks in cipher
> operations.
src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line
1014:
> 1012: dst.flip();
> 1013: originalDst.put(ds
On Wed, 15 Jun 2022 19:37:31 GMT, Valerie Peng wrote:
>> Clearing buffers and temporary arrays to avoid data leaks in cipher
>> operations.
>
> src/java.base/share/classes/com/sun/crypto/provider/GCTR.java line 242:
>
>> 240: dst.put(in, 0, processed);
>> 241: } finally {
>>
On Tue, 14 Jun 2022 17:57:17 GMT, Weijun Wang wrote:
> Clearing buffers and temporary arrays to avoid data leaks in cipher
> operations.
src/java.base/share/classes/com/sun/crypto/provider/GCTR.java line 242:
> 240: dst.put(in, 0, processed);
> 241: } finally {
> 242:
