RFR: 8298127: HSS/LMS Signature Verification [v7]

Ferenc Rakoczi duke at openjdk.org
Tue May 9 12:45:33 UTC 2023


On Mon, 8 May 2023 16:13:01 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Addressing more review comments from @wangweij and @seanjmullan
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 99:
> 
>> 97:             result &= lmsVerify(lmsPubKey, sig.siglist[sig.Nspk], messageStream.toByteArray());
>> 98:             return result;
>> 99:         } catch (Exception e) {
> 
> Do we need this `catch`? I think only `SignatureException` can be thrown inside the `try` block.

No, we don't. Removed.

> src/java.base/share/classes/sun/security/provider/HSS.java line 383:
> 
>> 381:         final byte[] sigArr;
>> 382: 
>> 383:         public LMSignature(byte[] sigArray, int offset, boolean checkExactLen) throws SignatureException {
> 
> The methods of `LMSignature` can be package-private.

Changed.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1188534132
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1188534269


More information about the security-dev mailing list