Code review request 8026119 Regression test DHEKeySizing.java failing intermittently
Xuelei Fan
xuelei.fan at oracle.com
Mon Oct 14 03:19:00 UTC 2013
CC security-dev.
On 10/14/2013 11:04 AM, Xuelei Fan wrote:
> Normally, there are only leading zero of DH keys.
Oops, typo here:
... there are only one leading zero of DH keys.
Xuelei
> By the fix, I suppose
> it should rally happen for 3 bytes leading zeros. The worst cases,
> dh_p, dh_g and dh_Ys each has 3 leading zeros (9 bytes in total) in a
> handshaking message.
>
> It's both OK to me to use 2 (6 in totla) and 3 (9 in total) leading zeros.
>
> Xuelei
>
> On 10/14/2013 10:57 AM, Weijun Wang wrote:
>> Isn't 9 too big here? If I understand correctly, the probability of the
>> bias being up to 9 is (1/256)^9. If this happens, you should really
>> suspect the quality of your RNG.
>>
>> Thanks
>> Max
>>
>> On 10/14/13 10:42 AM, Xuelei Fan wrote:
>>> Hi Max,
>>>
>>> Please review this simple fix of a regression test intermittent failure.
>>>
>>> webrev: http://cr.openjdk.java.net/~xuelei/8026119/webrev.00/
>>>
>>> The cause of the issue is that during TLS handshaking, if the negotiated
>>> DH key starts with zero bytes, the leading zero bytes are stripped in
>>> the communication. As result in that we cannot estimate the DH key size
>>> in handshaking messages exactly. This fix is an effort to minimum the
>>> impact the leading zeros by a length bias. If the message size is
>>> between [dh_key_size - bias, dh_key_size], the message is OK in this
>>> test.
>>>
>>> Thanks,
>>> Xuelei
>>>
>
More information about the security-dev
mailing list