RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2]
Ferenc Rakoczi
duke at openjdk.org
Thu Jul 13 11:35:16 UTC 2023
On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure.
>>
>> Thanks in advance for review~
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before.
src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223:
> 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
> 222:
> 223: boolean status = MessageDigest.isEqual(padded, decrypted);
You should compare only the relevant parts (mask out the random padding bytes).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1262427325
More information about the security-dev
mailing list