On Fri, 12 Jan 2024 15:30:33 GMT, John Jiang <jji...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java line 83:
>>
>>> 81: privateKey = null;
>>> 82: privateKeyOps = null;
>>> 83: publicKey = null;
>>
>> The fields should be initialized to null, so I don't think you need these
>> lines.
>
> KeyAgreement ka = KeyAgreement.getInstance("ECDH");
> ka.init(key1);
> ka.init(key2);
>
> If no those lines, when the second `init` throws exception, and the keys set
> by the first `init` are not cleared.
> Please consider the test case `testInitWithInvalidKey` in
> `ECDHKeyAgreementParamValidation`.
Yes, you are right.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17373#discussion_r1450907385
