On Sat, 7 Jan 2023 08:26:12 GMT, Sergey Bylokhov <s...@openjdk.org> wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line
> 199:
>
>> 197: it.remove();
>> 198: try {
>> 199: k.key.destroy();
>
> Is it safe to assume that "key.destroy()" is threadsafe?
First of all, this isn't a change with regards to the old implementation.
But in general I don't think this is a problem because the current
implementation is using "AES" keys which are generated by `AESKeyGenerator` and
are actually plain `SecretKeySpec` keys. These keys don't even implement a
`destroy()` method so they will throw `DestroyFailedException` anyway (that's
the default implementation of `Destroyable::destroy()`).
-------------
PR: https://git.openjdk.org/jdk/pull/11590
