On Wed, 17 May 2023 18:44:08 GMT, Valerie Peng <[email protected]> wrote:
>> Martin Balao has updated the pull request with a new target base due to a >> merge or a rebase. The incremental webrev excludes the unrelated changes >> brought in by the merge/rebase. The pull request contains three additional >> commits since the last revision: >> >> - Rebase fix after JDK-8306033. Replace called functions with their new >> names. >> - 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #1) >> >> Co-authored-by: Francisco Ferrari <[email protected]> >> Co-authored-by: Martin Balao <[email protected]> >> - 8301553: Support Password-Based Cryptography in SunPKCS11 >> >> Co-authored-by: Francisco Ferrari <[email protected]> >> Co-authored-by: Martin Balao <[email protected]> > > src/java.base/share/classes/com/sun/crypto/provider/HmacPKCS12PBECore.java > line 115: > >> 113: try { >> 114: derivedKey = PKCS12PBECipherCore.derive( >> 115: keySpec.getPassword(), keySpec.getSalt(), > > Comparing to the original impl, this new call of keySpec.getPassword() > produces extra copy of password which needs to be cleared as well. Good. We have some doubts about the effectiveness of this but we will clear them anyways. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1198237296
