On Sat, 20 May 2023 00:58:05 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> Good > > We discussed this change with @franferrax and have some concerns. The method > Key::getEncoded does not document that a copy will be returned, and this > would change the current behavior and affect non-PBE cases. In practical > terms, it would mean that a key directly or indirectly converted to a P11Key > would be destroyed if it does not return a clone in its getEncoded method. We > suggest to make the caller responsible and keep the existing behavior. I.e.: > if we call with a SecretKeySpec —whose ::getEncoded returns a clone—, the > caller will need to (optionally) clear the key. What do you think? Hmm, so you are aware of a provider whose Key.getEncoded() impl returns the internal key bytes directly? Although the javadoc does NOT state a copy is being returned, it's very likely because an "encoding" is returned. If internal key bytes are returned, it seems bad programming practice, e.g. no protection for internal states/values? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1201228024
