Code review request 8026119 Regression test DHEKeySizing.java failing intermittently

Xuelei Fan xuelei.fan at oracle.com
Mon Oct 14 04:00:16 UTC 2013


9 is really huge.  I will use 6 instead.  Thanks for the code review.

Xuelei

On 10/14/2013 11:45 AM, Weijun Wang wrote:
> On 10/14/13 11:19 AM, Xuelei Fan wrote:
>> CC security-dev.
>>
>> On 10/14/2013 11:04 AM, Xuelei Fan wrote:
>>> Normally, there are only leading zero of DH keys.
>> Oops, typo here:
>> ... there are only one leading zero of DH keys.
>>
>> Xuelei
>>
>>> By the fix, I suppose
>>> it should rally happen for 3 bytes leading zeros.  The worst cases,
>>> dh_p, dh_g and dh_Ys each has 3 leading zeros (9 bytes in total) in a
>>> handshaking message.
> 
> I guess they are independent? So the probably of all 3 having 3 leading
> zeroes is still (256^3)^3.
> 
>>>
>>> It's both OK to me to use 2 (6 in totla) and 3 (9 in total) leading
>>> zeros.
>>>
> 
> Any is OK, since the expected differences are big enough. Your code
> change is fine.
> 
> Thanks
> Max
> 
>>> Xuelei
>>>
>>> On 10/14/2013 10:57 AM, Weijun Wang wrote:
>>>> Isn't 9 too big here? If I understand correctly, the probability of the
>>>> bias being up to 9 is (1/256)^9. If this happens, you should really
>>>> suspect the quality of your RNG.
>>>>
>>>> Thanks
>>>> Max
>>>>
>>>> On 10/14/13 10:42 AM, Xuelei Fan wrote:
>>>>> Hi Max,
>>>>>
>>>>> Please review this simple fix of a regression test intermittent
>>>>> failure.
>>>>>
>>>>> webrev: http://cr.openjdk.java.net/~xuelei/8026119/webrev.00/
>>>>>
>>>>> The cause of the issue is that during TLS handshaking, if the
>>>>> negotiated
>>>>> DH key starts with zero bytes, the leading zero bytes are stripped in
>>>>> the communication. As result in that we cannot estimate the DH key
>>>>> size
>>>>> in handshaking messages exactly.  This fix is an effort to minimum the
>>>>> impact the leading zeros by a length bias. If the message size is
>>>>> between [dh_key_size - bias, dh_key_size], the message is OK in this
>>>>> test.
>>>>>
>>>>> Thanks,
>>>>> Xuelei
>>>>>
>>>
>>




More information about the security-dev mailing list