RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting [v2]

Valerie Peng valeriep at openjdk.java.net
Wed Mar 2 22:36:50 UTC 2022


On Wed, 2 Mar 2022 22:26:45 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java line 56:
>> 
>>> 54:             // Different stale data
>>> 55:             aliceSecret[0] = 0;
>>> 56:             bobSecret[0] = 1;
>> 
>> Instead of only the first byte difference, would it be easier to trigger the bug with completely different buffer value, say FFFFFF vs 000000?
>
> Maybe not. When the generated secret is shorter, the padded bytes are always at the beginning.

With a bigger buffer, i.e. say 80-byte long, instead of 64-byte, I'd expect a difference and higher reproducibility...

-------------

PR: https://git.openjdk.java.net/jdk/pull/7665



More information about the security-dev mailing list