diff -r bfdf2926cebc src/java.base/share/classes/javax/crypto/KeyAgreement.java --- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java Tue Oct 16 11:47:33 2018 -0700 +++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java Tue Oct 16 14:50:28 2018 -0400 @@ -582,16 +582,22 @@ /** * Generates the shared secret and returns it in a new buffer. * - *

This method resets this {@code KeyAgreement} object, so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the {@code init} methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreement} object to the state that + * it was in after the most recent call to one of the {@code init} methods. + * After a call to {@code generateSecret}, the object can be reused for + * further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @return the new buffer with the shared secret * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement */ public final byte[] generateSecret() throws IllegalStateException { chooseFirstProvider(); @@ -606,11 +612,16 @@ * result, a {@code ShortBufferException} is thrown. * In this case, this call should be repeated with a larger output buffer. * - *

This method resets this {@code KeyAgreement} object, so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the {@code init} methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreement} object to the state that + * it was in after the most recent call to one of the {@code init} methods. + * After a call to {@code generateSecret}, the object can be reused for + * further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @param sharedSecret the buffer for the shared secret * @param offset the offset in {@code sharedSecret} where the @@ -619,7 +630,8 @@ * @return the number of bytes placed into {@code sharedSecret} * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement * @exception ShortBufferException if the given output buffer is too small * to hold the secret */ @@ -634,18 +646,24 @@ * Creates the shared secret and returns it as a {@code SecretKey} * object of the specified algorithm. * - *

This method resets this {@code KeyAgreement} object, so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the {@code init} methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreement} object to the state that + * it was in after the most recent call to one of the {@code init} methods. + * After a call to {@code generateSecret}, the object can be reused for + * further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @param algorithm the requested secret-key algorithm * * @return the shared secret key * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement * @exception NoSuchAlgorithmException if the specified secret-key * algorithm is not available * @exception InvalidKeyException if the shared secret-key material cannot diff -r bfdf2926cebc src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java --- a/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java Tue Oct 16 11:47:33 2018 -0700 +++ b/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java Tue Oct 16 14:50:28 2018 -0400 @@ -130,17 +130,22 @@ /** * Generates the shared secret and returns it in a new buffer. * - *

This method resets this KeyAgreementSpi object, - * so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the engineInit methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreementSpi} object to the state + * that it was in after the most recent call to one of the {@code init} + * methods. After a call to {@code generateSecret}, the object can be reused + * for further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @return the new buffer with the shared secret * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement */ protected abstract byte[] engineGenerateSecret() throws IllegalStateException; @@ -153,12 +158,16 @@ * result, a ShortBufferException is thrown. * In this case, this call should be repeated with a larger output buffer. * - *

This method resets this KeyAgreementSpi object, - * so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the engineInit methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreementSpi} object to the state + * that it was in after the most recent call to one of the {@code init} + * methods. After a call to {@code generateSecret}, the object can be reused + * for further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @param sharedSecret the buffer for the shared secret * @param offset the offset in sharedSecret where the @@ -167,7 +176,8 @@ * @return the number of bytes placed into sharedSecret * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement * @exception ShortBufferException if the given output buffer is too small * to hold the secret */ @@ -179,19 +189,24 @@ * Creates the shared secret and returns it as a secret key object * of the requested algorithm type. * - *

This method resets this KeyAgreementSpi object, - * so that it - * can be reused for further key agreements. Unless this key agreement is - * reinitialized with one of the engineInit methods, the same - * private information and algorithm parameters will be used for - * subsequent key agreements. + *

This method resets this {@code KeyAgreementSpi} object to the state + * that it was in after the most recent call to one of the {@code init} + * methods. After a call to {@code generateSecret}, the object can be reused + * for further key agreement operations by calling {@code doPhase} to supply + * new keys, and then calling {@code generateSecret} to produce a new + * secret. In this case, the private information and algorithm parameters + * supplied to {@code init} will be used for multiple key agreement + * operations. The {@code init} method can be called after + * {@code generateSecret} to change the private information used in + * subsequent operations. * * @param algorithm the requested secret key algorithm * * @return the shared secret key * * @exception IllegalStateException if this key agreement has not been - * completed yet + * initialized or if {@code doPhase} has not been called to supply the + * keys for all parties in the agreement * @exception NoSuchAlgorithmException if the requested secret key * algorithm is not available * @exception InvalidKeyException if the shared secret key material cannot