On Fri, 21 May 2021 02:51:05 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java >> line 402: >> >>> 400: } >>> 401: try { >>> 402: ArrayUtil.nullAndBoundsCheck(input, inputOffset, inputLen); >> >> Why is only this ArrayUtil.nullAndBoundsCheck(...) present in this >> engineDoFinal(...)? There are other engineUpdate/engineDoFinal() calls which >> also have input array, offset, and length. Shouldn't this check be added >> there as well? If the crypto engine check is separated out into a separate >> method, e.g. checkEngine(), then you don't have to explicitly release the >> crypto engine (as on line 405) and can just call checkEngine() after all the >> input validation has passed. > > yeah these checks are a bit all over the place.. I'll rework them So I think I only need to add a check to the engineDoFinal() that did not have a check before. ------------- PR: https://git.openjdk.java.net/jdk/pull/4072