RFR 8206915: XDH TCK issues

Adam Petcher adam.petcher at oracle.com
Wed Jul 11 15:01:00 UTC 2018

On 7/11/2018 10:41 AM, Sean Mullan wrote:

> XDHKeyAgreement.java
> 176         byte[] result = secret;
> Shouldn't this be:
> 176         byte[] result = secret.clone();
> since engineGenerateSecret() says it is returned in a new buffer.

I don't think cloning is necessary. The new array is created in 
engineDoPhase, and it is always set to null in engineGenerateSecret 
after it is returned or copied to the output buffer. In essence, this 
overload of engineDoPhase transfers ownership of the array, and the 
other one destroys it. So this engineDoPhase effectively returns a new 
array, and I don't think it is possible for two clients (in the same 
thread) to get the same array from these methods. Though I would 
appreciate it if you could double-check this and make sure you agree.

More information about the security-dev mailing list