RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting [v2]

Weijun Wang weijun at openjdk.java.net
Wed Mar 2 22:52:04 UTC 2022


On Wed, 2 Mar 2022 22:31:02 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Maybe not. When the generated secret is shorter, the padded bytes are always at the beginning.
>
> With a bigger buffer, i.e. say 80-byte long, instead of 64-byte, I'd expect a difference and higher reproducibility...

After `n = generateSecret(secret, offset)` is called, only `n` bytes from `offset` should be touched, and in this case `n` is 64. Even if you allocate 80 bytes of data, we should not compare those after the 64th byte.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7665



More information about the security-dev mailing list