RFR: 8298127: HSS/LMS Signature Verification [v5]
Sean Mullan
mullan at openjdk.org
Mon May 8 16:19:41 UTC 2023
On Mon, 8 May 2023 13:33:01 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/RawKeySpec.java line 37:
>>
>>> 35: */
>>> 36: public RawKeySpec(byte[] key) {
>>> 37: keyArr = key.clone();
>>
>> Does this need to be cloned if it is an internal class?
>
> Yes, I think so. If someone wants to test with several different keys by first creating RawKeySpec objects from an array in which a few bytes are changed between the calls and and then use these KeySpecs to create the actual keys, without the cloning they will end up with the same keys. So an immutable object is better.
Ok. Try to keep your line lengths to about 80 chars.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187577377
More information about the security-dev
mailing list