RFR: 8281628: KeyAgreement : generateSecret intermittently not resetting [v3]
Valerie Peng
valeriep at openjdk.java.net
Wed Mar 2 23:37:06 UTC 2022
On Wed, 2 Mar 2022 23:00:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> After `n = generateSecret(secret, offset)` is called, only `n` bytes from `offset` should be touched, and in this case `n` is 64. Even if you allocate 80 bytes of data, we should not compare those after the 64th byte.
>
> But you remind me I should take it for granted that the return value is always 64 and it should be checked as well. A new commit pushed.
Hmm, I see, I confused the actual length with the buffer length. In the case where the generated bytes are shorter, the difference is only one byte, so setting other bytes do not matter.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7665
More information about the security-dev
mailing list