RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting [v3]
Weijun Wang
weijun at openjdk.java.net
Wed Mar 2 23:03:45 UTC 2022
On Wed, 2 Mar 2022 22:48:36 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> With a bigger buffer, i.e. say 80-byte long, instead of 64-byte, I'd expect a difference and higher reproducibility...
>
> After `n = generateSecret(secret, offset)` is called, only `n` bytes from `offset` should be touched, and in this case `n` is 64. Even if you allocate 80 bytes of data, we should not compare those after the 64th byte.
But you remind me I should take it for granted that the return value is always 64 and it should be checked as well. A new commit pushed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7665
More information about the security-dev
mailing list