RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting
Weijun Wang
weijun at openjdk.java.net
Wed Mar 2 22:30:07 UTC 2022
On Wed, 2 Mar 2022 21:47:06 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> The comment said "pad it w/ leading 0s". So let's pad it.
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java line 347:
>
>> 345: // Array too short, pad it w/ leading 0s
>> 346: if (secret.length < expectedLen) {
>> 347: Arrays.fill(sharedSecret, offset, offset + (expectedLen - secret.length), (byte)0);
>
> nit: longer than 80 chars?
I'll wrap it.
> test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java line 28:
>
>> 26: * @bug 8281628
>> 27: * @library /test/lib
>> 28: * @summary KeyAgreement : generateSecret intermittently not resetting
>
> nit: describe the fix instead of just using the bug synopsis.
OK.
> test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java line 56:
>
>> 54: // Different stale data
>> 55: aliceSecret[0] = 0;
>> 56: bobSecret[0] = 1;
>
> Instead of only the first byte difference, would it be easier to trigger the bug with completely different buffer value, say FFFFFF vs 000000?
Maybe not. When the generated secret is shorter, the padded bytes are always at the beginning.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7665
More information about the security-dev
mailing list