RFR 8206915: XDH TCK issues
Xuelei Fan
xuelei.fan at oracle.com
Wed Jul 11 19:13:52 UTC 2018
On 7/11/2018 9:12 AM, Adam Petcher wrote:
> On 7/11/2018 12:02 PM, Xuelei Fan wrote:
>
>> Does it make sense if secret is not temporarily stored as a class filed?
>
> I agree that it's a bit strange, but it is organized this way because of
> the zero result check described in the RFC. If the result of the key
> agreement is zero, then that means that the public key is invalid. So we
> compute the shared secret early in engineDoPhase so we can throw an
> InvalidKeyException at the correct time. Then the computed secret is
> kept around so it can be returned by engineGenerateSecret.
>
I see.
Thanks,
Xuelei
More information about the security-dev
mailing list