RFR 8206915: XDH TCK issues
Adam Petcher
adam.petcher at oracle.com
Wed Jul 11 15:01:00 UTC 2018
On 7/11/2018 10:41 AM, Sean Mullan wrote:
> XDHKeyAgreement.java
>
> 176 byte[] result = secret;
>
> Shouldn't this be:
>
> 176 byte[] result = secret.clone();
>
> since engineGenerateSecret() says it is returned in a new buffer.
I don't think cloning is necessary. The new array is created in
engineDoPhase, and it is always set to null in engineGenerateSecret
after it is returned or copied to the output buffer. In essence, this
overload of engineDoPhase transfers ownership of the array, and the
other one destroys it. So this engineDoPhase effectively returns a new
array, and I don't think it is possible for two clients (in the same
thread) to get the same array from these methods. Though I would
appreciate it if you could double-check this and make sure you agree.
More information about the security-dev
mailing list