On Tue, 21 Oct 2025 15:33:14 GMT, Weijun Wang <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 315: >> >>> 313: } >>> 314: byte[] result = pkcs8Key.generateEncoding().clone(); >>> 315: pkcs8Key.clear(); >> >> Put this in a finally block so it gets cleared even if `generateEncoding` >> throws an exception. You should also clear the return value of >> `generateEncoding` (before you clone it). Although I don't think you need >> the clone, since `generateEncoding` returns a new array each time. > > Unfortunately `generateEncoding` also assigned the result to the internal > field `encodedKey`. @wangweij is correct, `generateEncoding()` is setting the instance variable `encodedKey`. A finally-block is likely necessary if an exception happens after `privateKeyMaterial` is set in `generateEncoding()` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2450411177
