RFR: 8323999: KeyAgreement cannot be initiated again after a failed initialization
Mikhail Yankelevich
myankelevich at openjdk.org
Mon Nov 3 10:49:13 UTC 2025
On Mon, 27 Oct 2025 16:23:14 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
> This PR updates KeyAgreement to re-initialize the `serviceIterator` field when chooseProvider() is called and serviceIterator.hasNext() returns false. This can happen if KeyAgreement object has been initialized with an invalid key and then initialized with a valid key. (See accompanying test.)
src/java.base/share/classes/javax/crypto/KeyAgreement.java line 377:
> 375:
> 376: if (!serviceIterator.hasNext()) {
> 377: serviceIterator = GetInstance.getServices("KeyAgreement", algorithm);
Wouldn't it cause a change in behaviour of this method unnecessarily? It seems to me it might be a bit better to do this in the `init` methods calling `chooseProvider`. What do you think?
test/jdk/java/security/KeyAgreement/KeyAgreementReinit.java line 26:
> 24: /*
> 25: * @test
> 26: * @run main KeyAgreementReinit
Minor: Could you please add a summary here and `@bugid`, as this is a product issue.
Also, `@run` doesn't seem to be doing anything here.
test/jdk/java/security/KeyAgreement/KeyAgreementReinit.java line 63:
> 61: }
> 62:
> 63:
Nit: double new lines and a new line in the end of the file :)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28004#discussion_r2486049211
PR Review Comment: https://git.openjdk.org/jdk/pull/28004#discussion_r2486036655
PR Review Comment: https://git.openjdk.org/jdk/pull/28004#discussion_r2486038277
More information about the security-dev
mailing list