On Thu, 13 Jul 2023 20:58:45 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line >> 1: >> >>> 1: /* >> >> I also think the change which moved the registering of the `Cleaner` outside >> the `finally` block in the constructor is not correct, as the passwd is no >> longer zero-ed out if the code after that throws an Exception. > > Per my reading of the code. the cleaner is only used when the PBKDF2 key > constructor succeeds. If an exception occurred, then the passwd cleanup is > handled by the if (key == null) condition in the finally block. Yes, took another closer look at the code and you are right. So, never mind this comment. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263060330
