Skip to content

12: Use min supported key len when calling EVP_MAC_init to clear sensitive data#8

Open
jon-oracle wants to merge 1 commit into
openjdk:masterfrom
jon-oracle:evp_mac
Open

12: Use min supported key len when calling EVP_MAC_init to clear sensitive data#8
jon-oracle wants to merge 1 commit into
openjdk:masterfrom
jon-oracle:evp_mac

Conversation

@jon-oracle
Copy link
Copy Markdown

@jon-oracle jon-oracle commented May 29, 2026
edited by openjdk Bot
Loading

Use appropriate EvpMacCtx release dummy key size.

Also clear the temporary FFM key segment

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • BRISBANE-12: Use min supported key len when calling EVP_MAC_init to clear sensitive data (Bug - P4)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/brisbane.git pull/8/head:pull/8
$ git checkout pull/8

Update a local copy of the PR:
$ git checkout pull/8
$ git pull https://git.openjdk.org/brisbane.git pull/8/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 8

View PR using the GUI difftool:
$ git pr show -t 8

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/brisbane/pull/8.diff

Using Webrev

Link to Webrev Comment

@jon-oracle
Use appropriate EvpMacCtx release dummy key size
b950d17 
Also clear the temporary FFM key segment
@bridgekeeper
Copy link
Copy Markdown

bridgekeeper Bot commented May 29, 2026

👋 Welcome back jspillett! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link
Copy Markdown

openjdk Bot commented May 29, 2026
edited
Loading

@jon-oracle This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

12: Use min supported key len when calling EVP_MAC_init to clear sensitive data

Reviewed-by: eodea

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been no new commits pushed to the master branch. If another commit should be pushed before you perform the /integrate command, your PR will be automatically rebased. If you prefer to avoid any potential automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk Bot changed the title BRISBANE-12 Use min supported key len when calling EVP_MAC_init to clear sensitive data 12: Use min supported key len when calling EVP_MAC_init to clear sensitive data May 29, 2026
@openjdk openjdk Bot added the rfr Pull request is ready for review label May 29, 2026
@mlbridge
Copy link
Copy Markdown

mlbridge Bot commented May 29, 2026

Webrevs

eodie
eodie approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown

@eodie eodie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed that HMAC performance improved by over 70%

@openjdk openjdk Bot added the ready Pull request is ready to be integrated label May 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@eodie eodie eodie approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ready Pull request is ready to be integrated rfr Pull request is ready for review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jon-oracle @eodie