On Thu, 3 Jun 2021 22:30:38 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> A engine is a one time use, so setting originalOut to null isn't necessary. >> engineDoFinal() sets engine = null. > > engine is one time use per encryption/decryption. But 'originalOut' is for > overlap detection/protection which may be used multiple times during > multi-part encryption/decrypion. For each overlapDetection()/restoreOut() > pair, the 'originalOut' value should be cleared, otherwise there may be cases > where the old value of 'originalOut' gets used? Ok. I see what you are saying. I had not consider a situation where an update buffer overlapped and doFinal did not. I'll set originalDst and originalOut to null on their restore methods. ------------- PR: https://git.openjdk.java.net/jdk/pull/4072
