RFR: 8370082: Intermediate objects clean up in ECDH, XDH, DHKEM, and HKDF [v2]
Artur Barashev
abarashev at openjdk.org
Wed Oct 22 14:05:48 UTC 2025
On Wed, 22 Oct 2025 11:46:20 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Clean up more intermediate objects created during these operations.
>
> Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
>
> - do not store key as bytes in XDH
> - add ECDH and XDH
src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 92:
> 90: } finally {
> 91: if (key != null) {
> 92: Arrays.fill(key, (byte)0);
It's not immediately obvious to the caller that the key is being cloned in `SecretKeySpec` constructor. I think a short comment explaining what we are doing would be helpful here and below.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27921#discussion_r2452216944
More information about the security-dev
mailing list