RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v4]
Bradford Wetmore
wetmore at openjdk.org
Sat May 10 02:30:04 UTC 2025
On Thu, 8 May 2025 18:04:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Or in the meantime:
>>
>> } finally {
>> // Best effort
>> if (eae_prk instanceof SecretKeySpec s) {
>> SharedSecrets.getJavaxCryptoSpecAccess()
>> .clearSecretKeySpec(s);
>> } else {
>> try {
>> eae_prk.destroy();
>> } catch (DestroyFailedException e) {
>> // swallow
>> }
>> }
>> }
>
> Sounds good, thanks for the suggestion.
This is what I did in my Exporter code. Assuming you go in first, I'll update mine to use your Util method.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2082763358
More information about the security-dev
mailing list