RFR: 8347596: Update HSS/LMS public key encoding [v2]
Weijun Wang
weijun at openjdk.org
Tue Jan 14 00:21:37 UTC 2025
On Mon, 13 Jan 2025 22:48:34 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> Does this interoperate with BC?
It will, once BC 1.80 is out.
> src/java.base/share/classes/sun/security/provider/HSS.java line 782:
>
>> 780: protected void parseKeyBits() throws InvalidKeyException {
>> 781: byte[] keyArray = getKey().toByteArray();
>> 782: // Check less than minimum length to make sure this method works as expected
>
> s/Check less/Check if less/
>
> or just delete the comment since it adds no useful information
OK. My intent was to say this check is not final (because minimal length of an HSS/LMS public key is more than 12) but it is still necessary to prevent OOIBE in this method. I can see it is not very useful.
> src/java.base/share/classes/sun/security/provider/HSS.java line 788:
>
>> 786: if (keyArray[0] == DerValue.tag_OctetString
>> 787: && keyArray[1] == keyArray.length - 2) {
>> 788: // pre-8347596 format that has an inner OCTET STRING.
>
> I think I would delete the "pre-8347596 format" part of the comment.
Why? Curious people can further check out what happened from here.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23083#issuecomment-2588468016
PR Review Comment: https://git.openjdk.org/jdk/pull/23083#discussion_r1913941196
PR Review Comment: https://git.openjdk.org/jdk/pull/23083#discussion_r1913939707
More information about the security-dev
mailing list