RFR 8206915: XDH TCK issues

Adam Petcher adam.petcher at oracle.com
Wed Jul 11 16:12:12 UTC 2018


On 7/11/2018 12:02 PM, Xuelei Fan wrote:

> Does it make sense if secret is not temporarily stored as a class filed?

I agree that it's a bit strange, but it is organized this way because of 
the zero result check described in the RFC. If the result of the key 
agreement is zero, then that means that the public key is invalid. So we 
compute the shared secret early in engineDoPhase so we can throw an 
InvalidKeyException at the correct time. Then the computed secret is 
kept around so it can be returned by engineGenerateSecret.

>
> Xuelei



More information about the security-dev mailing list