[JDK-8217344] Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret() - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P4
Resolution: Fixed
Affects Version/s: 8, 11, 12
Fix Version/s: 13
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto
Resolved In Build:
b05
Verification:
Not verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8253163	11.0.10-oracle	Prajwal Kumaraswamy	P4	Resolved	Fixed	b01
JDK-8225728	11.0.5	Ivan Gerasimov	P4	Resolved	Fixed	b01

Description

This is analogous to what was done in XDHKeyAgreement::engineGenerateSecret via ~~JDK-8201317~~.

- if (offset + secretLen > sharedSecret.length) {
+ if (secretLen > sharedSecret.length - offset) {

Attachments

Issue Links

backported by

JDK-8225728 Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret()

Resolved

JDK-8253163 Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret()

Resolved

Activity

People

Assignee:: Ivan Gerasimov

Reporter:: Ivan Gerasimov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-01-17 13:22

Updated:: 2020-09-15 04:05

Resolved:: 2019-01-18 15:47