JDK-8358451 : SunJCE PBEKey impl should throw IllegalStateException when getEncoded() is called
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 22
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2025-06-03
  • Updated: 2025-07-16
Related Reports
Relates :  
JDK-8312306 - Add more Reference.reachabilityFence() calls to the security classes using Cleaner
Relates :  
JDK-8160206 - SecretKeySpec should implement destroy()
Description
See synopsis.
Comments
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/25632 Date: 2025-06-04 03:10:29 +0000
04-06-2025
The cleaner in PBEKey class will zero out the key bytes when destroy() is called. Thus the current impl returns an all-0 byte[] when getEncoded() is called after the key object is destroyed. However, according to the javadoc of javax.security.auth.Destroyable interface, getEncoded() should throw IllegalStateException after the key bytes are destroyed.
03-06-2025