On 10/17/2018 4:45 PM, Adam Petcher wrote:
Webrev: http://cr.openjdk.java.net/~apetcher/8205476/webrev.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8205476
CSR: https://bugs.openjdk.java.net/browse/JDK-8212051
Please review the following change for a conformance bug in the ECDH
service. The KeyAgreement is supposed to reset itself after the call
to generateSecret, but it is not doing that. I'm also clarifying the
spec, and this change has the new wording. The CSR was just submitted,
and it will also need to be approved before this code change is pushed.
In ECDHKeyAgreement.java, suggest instead using a try-catch-finally
construct and place the nulling of the publicValue in the final block
rather than adding the two additional steps of assigning the result to a
temp array and nulling publicValue before returning the result. AFAICT,
there is no instance on which you would not erase the publicValue even
on error.
Mike