On Wed, 17 May 2023 18:44:08 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commits since the last revision:
>>
>> - Rebase fix after JDK-8306033. Replace called functions with their new
>> names.
>> - 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #1)
>>
>> Co-authored-by: Francisco Ferrari <fferr...@redhat.com>
>> Co-authored-by: Martin Balao <mba...@redhat.com>
>> - 8301553: Support Password-Based Cryptography in SunPKCS11
>>
>> Co-authored-by: Francisco Ferrari <fferr...@redhat.com>
>> Co-authored-by: Martin Balao <mba...@redhat.com>
>
> src/java.base/share/classes/com/sun/crypto/provider/HmacPKCS12PBECore.java
> line 115:
>
>> 113: try {
>> 114: derivedKey = PKCS12PBECipherCore.derive(
>> 115: keySpec.getPassword(), keySpec.getSalt(),
>
> Comparing to the original impl, this new call of keySpec.getPassword()
> produces extra copy of password which needs to be cleared as well.
Good. We have some doubts about the effectiveness of this but we will clear
them anyways.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1198237296
