On Thu, 21 Jan 2021 16:23:21 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Clean up temporary byte array, char array, and keyspec around keys and >> passwords. >> >> No new regression test. > > Weijun Wang has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains three commits: > > - rsa > - Merge > - 8258915: More temporary buffer cleanup > > 8258915: More temporary buffer cleanup src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 234: > 232: encodedKey = out.toByteArray(); > 233: // Copy the actual bytes > 234: System.arraycopy(key, 0, encodedKey, encodedKey.length - > key.length, key.length); I think this can now be updated with the newer DerValue.wrap(....) then DerValue.clear() approach? src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 676: > 674: // effectively once required. > 675: secretKeyInfo.putOctetString(new byte[encoded.length]); > 676: pkcs8.write(DerValue.tag_Sequence, secretKeyInfo); Same as earlier comment - can switch to DerValue.wrap() and then clear() approach? ------------- PR: https://git.openjdk.java.net/jdk/pull/2070
