src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyAgreement.java

@@ -67,19 +67,21 @@
                               SecureRandom random) throws InvalidKeyException,
         InvalidAlgorithmParameterException {
 
         initImpl(key);
 
-        // the private key parameters must match params
+        // the private key parameters must match params, if present
+        if (params != null) {
         XECParameters xecParams = XECParameters.get(
             InvalidAlgorithmParameterException::new, params);
         if (!xecParams.oidEquals(this.ops.getParameters())) {
             throw new InvalidKeyException(
                 "Incorrect private key parameters"
             );
         }
     }
+    }
 
     private
     <T extends Throwable>
     void checkLockedParams(Function<String, T> exception,
                            XECParameters params) throws T {

@@ -169,11 +171,13 @@
     protected byte[] engineGenerateSecret() throws IllegalStateException {
         if (secret == null) {
             throw new IllegalStateException("Not initialized correctly");
         }
 
-        return secret.clone();
+        byte[] result = secret;
+        secret = null;
+        return result;
     }
 
     @Override
     protected int engineGenerateSecret(byte[] sharedSecret, int offset)
         throws IllegalStateException, ShortBufferException {

@@ -187,11 +191,12 @@
                 + " bytes, only " + (sharedSecret.length - offset)
                 + " available");
         }
 
         System.arraycopy(this.secret, 0, sharedSecret, offset, secretLen);
-        return secret.length;
+        secret = null;
+        return secretLen;
     }
 
     @Override
     protected SecretKey engineGenerateSecret(String algorithm)
             throws IllegalStateException, NoSuchAlgorithmException,