RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2]
Valerie Peng
valeriep at openjdk.org
Wed Jul 19 23:35:41 UTC 2023
On Wed, 19 Jul 2023 08:46:53 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> @ferakocz So, with this approach, we are paying the extra cost of encode signature + pad (for the omit null case) even for impls conforming to RFC 8017 spec. Based on the current interoperability testing, do you still feel that this is worthwhile to do?
>
> Well, for conforming implementations we just do the first check and succeed. What I suggested was that we do the encode without null params and pad() *instead* of the fallback to unpad()decodeSignature(). As I said, this part need not be constant time (except for the byte array comparison part), but it can even be made constant time to satisfy the purists :-) at the expense of an extra encode/pad operation which is not that expensive.
If it need not be constant time, I'd prefer to not pay the extra cost for every operation and for all callers.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1268780497
More information about the security-dev
mailing list