RFR: 8298127: HSS/LMS Signature Verification [v5]
Weijun Wang
weijun at openjdk.org
Mon May 8 16:02:29 UTC 2023
On Mon, 8 May 2023 13:32:21 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 94:
>>
>>> 92: result &= lmsVerify(lmsPubKey, sig.siglist[sig.Nspk], messageStream.toByteArray());
>>> 93: return result;
>>> 94: } catch (Exception e) {
>>
>> If all exceptions thrown are already `SignatureException`, we can let them thrown out instead of returning false. According to the `engineVerify` spec, any problem inside the signature should throw a `SignatureException`. False is returned when the public key cannot verify the exception.
>
> Done.
`new HSSSignature` and `lmsVerify` are already throwing `SignatureExceptions` and they needn't be wrapped again into a new `SignatureException`.
In fact, it seems `SignatureException` is the only checked exception that can be thrown in these lines. Is your `catch (Exception e)` block trying to catch unchecked exceptions? Unchecked exceptions like `NumberFormatException` or `NullPointerException` might indicate input errors and should be rewrapped, but `ProviderException` are well-defined as internal errors and can be exposed to the final user.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187614920
More information about the security-dev
mailing list