On Fri, 22 Jan 2021 15:43:05 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Clean up temporary byte array, char array, and keyspec around keys and
>> passwords.
>>
>> No new regression test.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> more wrap, less copy
src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 221:
> 219: if (encodedKey == null) {
> 220: try {
> 221: DerOutputStream tmp = new DerOutputStream();
What is the criteria of using the default constructor vs the one with a initial
size? Here is using the default, are we sure about the key (line 224 below)
will always fit?
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 664:
> 662:
> 663: // Encode secret key in a PKCS#8
> 664: DerOutputStream secretKeyInfo = new DerOutputStream();
Same, using default constructor here and we write encodedKey into it at line
670 below.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
