RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting

Weijun Wang weijun at openjdk.java.net
Wed Mar 2 22:30:07 UTC 2022


On Wed, 2 Mar 2022 21:47:06 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> The comment said "pad it w/ leading 0s". So let's pad it.
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java line 347:
> 
>> 345:             // Array too short, pad it w/ leading 0s
>> 346:             if (secret.length < expectedLen) {
>> 347:                 Arrays.fill(sharedSecret, offset, offset + (expectedLen - secret.length), (byte)0);
> 
> nit: longer than 80 chars?

I'll wrap it.

> test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java line 28:
> 
>> 26:  * @bug 8281628
>> 27:  * @library /test/lib
>> 28:  * @summary KeyAgreement : generateSecret intermittently not resetting
> 
> nit: describe the fix instead of just using the bug synopsis.

OK.

> test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java line 56:
> 
>> 54:             // Different stale data
>> 55:             aliceSecret[0] = 0;
>> 56:             bobSecret[0] = 1;
> 
> Instead of only the first byte difference, would it be easier to trigger the bug with completely different buffer value, say FFFFFF vs 000000?

Maybe not. When the generated secret is shorter, the padded bytes are always at the beginning.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7665



More information about the security-dev mailing list