On Thu, 18 May 2023 20:07:37 GMT, Martin Balao <[email protected]> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 345:
>>
>>> 343: throw new InvalidKeyException("Encoded format must be
>>> RAW");
>>> 344: }
>>> 345: byte[] encoded = key.getEncoded();
>>
>> Would be nice to clear out "encoded" bytes afterwards.
>
> Good
We discussed this change with @franferrax and have some concerns. The method
Key::getEncoded does not document that a copy will be returned, and this would
change the current behavior and affect non-PBE cases. In practical terms, it
would mean that a key directly or indirectly converted to a P11Key would be
destroyed if it does not return a clone in its getEncoded method. We suggest to
make the caller responsible and keep the existing behavior. I.e.: if we call
with a SecretKeySpec —whose ::getEncoded returns a clone—, the caller will need
to (optionally) clear the key. What do you think?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1199513839
