On Wed, 22 Oct 2025 11:46:20 GMT, Weijun Wang <[email protected]> wrote:
>> Clean up more intermediate objects created during these operations.
>
> Weijun Wang has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - do not store key as bytes in XDH
> - add ECDH and XDH
src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 92:
> 90: } finally {
> 91: if (key != null) {
> 92: Arrays.fill(key, (byte)0);
It's not immediately obvious to the caller that the key is being cloned in
`SecretKeySpec` constructor. I think a short comment explaining what we are
doing would be helpful here and below.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27921#discussion_r2452216944
