Re: RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v4]

Bradford Wetmore Tue, 06 May 2025 22:04:17 -0700

On Fri, 25 Apr 2025 18:23:14 GMT, Valerie Peng <valer...@openjdk.org> wrote:


>> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 260:
>> 
>>> 258:                 if (eae_prk instanceof SecretKeySpec s) {
>>> 259:                     SharedSecrets.getJavaxCryptoSpecAccess()
>>> 260:                             .clearSecretKeySpec(s);
>> 
>> I wish we could use `s.destroy()` here instead.
>
> Yes, it'd be nice. I reopened https://bugs.openjdk.org/browse/JDK-8160206 and 
> we can address this separately.

Or in the meantime:

    } finally {
        // Best effort
        if (eae_prk instanceof SecretKeySpec) {
            SharedSecrets.getJavaxCryptoSpecAccess()
                    .clearSecretKeySpec(eae_prk);
        } else {
            try {
                eae_prk.destroy();
            } catch (DestroyFailedException e) {
                // swallow
            }
        }
    }

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2076790901

Re: RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v4]

Reply via email to