JDK-8315944 : SunJCE provider should not zeroize the deserialized key values
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P4
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: generic
  • CPU: generic
  • Submitted: 2023-09-08
  • Updated: 2023-09-22
  • Resolved: 2023-09-22
Related Reports
Relates :  
JDK-8312306 - Add more Reference.reachabilityFence() calls to the security classes using Cleaner
Description
As part of JDK-8312306 fix, the deserialized key values are zeroed out after a copy is made and stored internally. This cleanup may be too aggressive.
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/15848 Date: 2023-09-20 21:56:50 +0000
20-09-2023