On Wed, 22 Oct 2025 14:02:32 GMT, Artur Barashev <[email protected]> wrote:
>> Weijun Wang has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - do not store key as bytes in XDH
>> - add ECDH and XDH
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 92:
>
>> 90: } finally {
>> 91: if (key != null) {
>> 92: Arrays.fill(key, (byte)0);
>
> It's not immediately obvious to the caller that the key is being cloned in
> `SecretKeySpec` constructor. I think a short comment explaining what we are
> doing would be helpful here and below.
// `key` has been cloned into the `SecretKeySpec` within the
// returned `KEM.Encapsulated`, so it can now be cleared.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27921#discussion_r2452326250
