On Fri, 12 Jan 2024 13:46:43 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> ECDHKeyAgreement should validate the parameters before assigning them to the
>> fields.
>
> src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java line 83:
>
>> 81: privateKey = null;
>> 82: privateKeyOps = null;
>> 83: publicKey = null;
>
> The fields should be initialized to null, so I don't think you need these
> lines.
KeyAgreement ka = KeyAgreement.getInstance("ECDH");
ka.init(key1);
ka.init(key2);
If no those lines, when the second `init` throws exception, and the keys set by
the first `init` are not cleared.
Please consider the test case `testInitWithInvalidKey` in
`ECDHKeyAgreementParamValidation`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17373#discussion_r1450607215
