On Tue, 21 Oct 2025 15:08:19 GMT, Sean Mullan <[email protected]> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two >> additional commits since the last revision: >> >> - fix non-pbe >> - doc updates, zeroing, fix unencrypted keypair encoding, exception mods > > src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 315: > >> 313: } >> 314: byte[] result = pkcs8Key.generateEncoding().clone(); >> 315: pkcs8Key.clear(); > > Put this in a finally block so it gets cleared even if `generateEncoding` > throws an exception. You should also clear the return value of > `generateEncoding` (before you clone it). Although I don't think you need the > clone, since `generateEncoding` returns a new array each time. Unfortunately `generateEncoding` also assigned the result to the internal field `encodedKey`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2448790083
