RFR 8206915: XDH TCK issues
Adam Petcher
adam.petcher at oracle.com
Wed Jul 11 16:12:12 UTC 2018
On 7/11/2018 12:02 PM, Xuelei Fan wrote:
> Does it make sense if secret is not temporarily stored as a class filed?
I agree that it's a bit strange, but it is organized this way because of
the zero result check described in the RFC. If the result of the key
agreement is zero, then that means that the public key is invalid. So we
compute the shared secret early in engineDoPhase so we can throw an
InvalidKeyException at the correct time. Then the computed secret is
kept around so it can be returned by engineGenerateSecret.
>
> Xuelei
More information about the security-dev
mailing list