On Sat, 27 Mar 2021 03:51:40 GMT, Greg Rubin <github.com+829871+salusasecon...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Refactor code to reduce code duplication >> Address review comments >> Add more test vectors > > src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java > line 71: > >> 69: match &= (ivAndLen[i] == iv[i]); >> 70: } >> 71: if (!match) { > > True nitpick (thus ignorable): I believe that using bitwise math is slightly > more resistant to compiler and/or CPU optimization to defend against > timing-attacks. (Since I haven't even seen an attack against KW or KWP, this > is simply a note in general rather than something which needs to be fixed.) Sure, I can change to below: Suggestion: int match = 0; for (int i = 0; i < ICV2.length; i++) { match |= (ivAndLen[i] ^ iv[i]); } if (match != 0) { throw new IllegalBlockSizeException("Integrity check failed"); } Is this what you have in mind? ------------- PR: https://git.openjdk.java.net/jdk/pull/2404