Thanks for reviewing. comments inline..
On 22/08/18 15:50, Weijun Wang wrote:
PBES2Core.java:
181 byte[] passwdBytes = key.getEncoded();
182 char[] passwdChars = null;
183 PBEKeySpec pbeSpec;
184 try {
185 if ((passwdBytes == null) ||
186 !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0,
3))) {
187 throw new InvalidKeyException("Missing password");
188 }
....
272 } finally {
273 if (passwdChars != null) Arrays.fill(passwdChars, ' ');
274 Arrays.fill(passwdBytes, (byte)0x00);
275 }
If passwdBytes == null, line 274 would throw an NPE.
Good catch. Corrected.
PBKDF2KeyImpl.java:
87 char[] passwd = keySpec.getPassword();
88 if (passwd == null) {
89 // Should allow an empty password.
90 this.passwd = new char[0];
91 } else {
92 this.passwd = passwd.clone();
93 }
94 // Convert the password from char[] to byte[]
95 byte[] passwdBytes = getPasswordBytes(this.passwd);
96 // remove local copy
97 Arrays.fill(passwd, '0');
If passwd == null, line 97 would throw an NPE.
Another good catch!
updated webrev :
http://cr.openjdk.java.net/~coffeys/webrev.8209129.v3/webrev/
regards,
Sean.
Otherwise fine.
Thanks
Max
On Aug 17, 2018, at 12:53 AM, Seán Coffey <sean.cof...@oracle.com> wrote:
Find new webrev here Max :
http://cr.openjdk.java.net/~coffeys/webrev.8209129.v2/webrev/
regards :
