On Tue, 14 Jun 2022 17:57:17 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Clearing buffers and temporary arrays to avoid data leaks in cipher
> operations.
src/java.base/share/classes/com/sun/crypto/provider/GCTR.java line 242:
> 240: dst.put(in, 0, processed);
> 241: } finally {
> 242: Arrays.fill(in, (byte)0);
The same handling should be applied to the 'out' buffer allocated on line 177
assuming the idea is to not leaving copies of user data lying around on the
heap. Recovered text may contain the same bytes as plain text, so arguably the
same handling should be applied to both input/output?
-------------
PR: https://git.openjdk.org/jdk/pull/9158
