On Sat, 4 Oct 2025 18:51:53 GMT, Weijun Wang <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 209:
>>
>>> 207: }
>>> 208: } finally {
>>> 209: destroyPBEKey(pbeKey);
>>
>> The `PBEKeySpec` object created in both cases should also be cleaned up by
>> calling `keySpec.clearPassword()`.
>
> The password in `PBKDF2KeyImpl` is not cleaned. It does have a `clear` method
> but no `destroy`. Consider adding a `destroy` to it.
Both are now fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2409138925
