RFR: 8295919: java.security.MessageDigest.isEqual does not adhere to @implNote [v2]
Sean Mullan
mullan at openjdk.org
Thu Sep 28 13:52:28 UTC 2023
On Wed, 27 Sep 2023 20:15:35 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Fix JDK-8295919 by updating the javadoc to explain that a null or zero-length `digestb` will also result in a short-circuit response
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> rephrased per code review
src/java.base/share/classes/java/security/MessageDigest.java line 461:
> 459: * @implNote
> 460: * All bytes in {@code digesta} are examined to determine equality, unless
> 461: * {@code digestb} is null or has a length of zero bytes. If {@code digestb}
Use code font around "null" : `{@code null}`
src/java.base/share/classes/java/security/MessageDigest.java line 463:
> 461: * {@code digestb} is null or has a length of zero bytes. If {@code digestb}
> 462: * is not {@code null} and does not have a length of zero bytes, then the
> 463: * calculation time depends only on the length of {@code digesta}.
Sorry, my last comment may have been not specific enough but I don't think you should remove the last sentence - I think that is still important to explain how it is implemented:
"It does not depend on the length of {@code digestb} or the contents of {@code digesta} and {@code digestb}."
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15933#discussion_r1340188913
PR Review Comment: https://git.openjdk.org/jdk/pull/15933#discussion_r1340161981
More information about the security-dev
mailing list