RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting [v3]

Weijun Wang weijun at openjdk.java.net
Wed Mar 2 23:03:45 UTC 2022


On Wed, 2 Mar 2022 22:48:36 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> With a bigger buffer, i.e. say 80-byte long, instead of 64-byte, I'd expect a difference and higher reproducibility...
>
> After `n = generateSecret(secret, offset)` is called, only `n` bytes from `offset` should be touched, and in this case `n` is 64. Even if you allocate 80 bytes of data, we should not compare those after the 64th byte.

But you remind me I should take it for granted that the return value is always 64 and it should be checked as well. A new commit pushed.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7665



More information about the security-dev mailing list