On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> This change refactors the RSAPadding class to return an output record >> containing the status instead of relying on exception object to indicate a >> failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as > before. src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223: > 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); > 222: > 223: boolean status = MessageDigest.isEqual(padded, decrypted); You should compare only the relevant parts (mask out the random padding bytes). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1262427325
