RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2]
Valerie Peng
valeriep at openjdk.org
Mon Jul 17 23:43:12 UTC 2023
On Thu, 13 Jul 2023 11:31:40 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before.
>
> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223:
>
>> 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
>> 222:
>> 223: boolean status = MessageDigest.isEqual(padded, decrypted);
>
> You should compare only the relevant parts (mask out the random padding bytes).
Good catch, I wonder why this isn't caught by the regression tests...
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1266010309
More information about the security-dev
mailing list