On Thu, 7 Nov 2024 00:47:33 GMT, Ben Perez <bpe...@openjdk.org> wrote:
>> Java implementation of ML-KEM, the [FIPS >> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme. >> Depends on https://github.com/openjdk/jdk/pull/21167 > > Ben Perez has updated the pull request incrementally with two additional > commits since the last revision: > > - default random for encaps, supported alg in SunJCE > - copyright header src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 515: > 513: mlKemH.update(encapsKey); > 514: mlKemH.digest(decapsKey, kPkePrivateKey.length + > encapsKey.length, 32); > 515: System.arraycopy(kem_z, 0, decapsKey, kPkePrivateKey.length + > encapsKey.length + 32, 32); Should values be zeroed after this line/before return? src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 568: > 566: var kAndCoins = mlKemG.digest(); > 567: var realResult = Arrays.copyOfRange(kAndCoins, 0, 32); > 568: var coins = Arrays.copyOfRange(kAndCoins, 32, 64); Several copies take place here. Should anything be zeroed? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833027678 PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833030686
