On Thu, 13 Jul 2023 18:27:08 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> This change adds back the Reference.ReachabilityFence(Object) call removed >> by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: > >> 1: /* > > I also think the change which moved the registering of the `Cleaner` outside > the `finally` block in the constructor is not correct, as the passwd is no > longer zero-ed out if the code after that throws an Exception. Per my reading of the code. the cleaner is only used when the PBKDF2 key constructor succeeds. If an exception occurred, then the passwd cleanup is handled by the if (key == null) condition in the finally block. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263049090
