On Tue, 18 May 2021 20:33:22 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> cleanup
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
> line 133:
>
>> 131: throw new InvalidKeyException("The key must be " +
>> 132: keySize + " bytes");
>> 133: }
>
> Set the keyValue to all 0s before throwing exception, i.e. try-finally.
If the key is not valid and never used, I don't see why it needs to be cleared.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4072
