On Fri, 21 May 2021 02:51:05 GMT, Anthony Scarpino <[email protected]>
wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
>> line 402:
>>
>>> 400: }
>>> 401: try {
>>> 402: ArrayUtil.nullAndBoundsCheck(input, inputOffset, inputLen);
>>
>> Why is only this ArrayUtil.nullAndBoundsCheck(...) present in this
>> engineDoFinal(...)? There are other engineUpdate/engineDoFinal() calls which
>> also have input array, offset, and length. Shouldn't this check be added
>> there as well? If the crypto engine check is separated out into a separate
>> method, e.g. checkEngine(), then you don't have to explicitly release the
>> crypto engine (as on line 405) and can just call checkEngine() after all the
>> input validation has passed.
>
> yeah these checks are a bit all over the place.. I'll rework them
So I think I only need to add a check to the engineDoFinal() that did not have
a check before.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4072
