-
Type:
Enhancement
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: None
-
Component/s: security-libs
-
b19
Invocations of readCipher.dispose and disposeWriteCipher come with a comment:
> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
This call is not needed for AEAD ciphers; these ciphers call doFinal every time they encrypt or decrypt data, similar to MAC's in the above comment. Dispose method for the relevant classes should be empty
> Dispose of any intermediate state in the underlying cipher. For PKCS11 ciphers, this will release any attached sessions, and thus make finalization faster.
> Since MAC's doFinal() is called for every SSL/TLS packet, it's not necessary to do the same with MAC's.
Typical non-empty implementation of dispose is a call to cipher.doFinal, which internally releases PKCS11 native resources.
This call is not needed for AEAD ciphers; these ciphers call doFinal every time they encrypt or decrypt data, similar to MAC's in the above comment. Dispose method for the relevant classes should be empty
