On Thu, 13 Jul 2023 04:35:31 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as >> before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: > >> 229: RSAUtil.decodeSignature(digestOID, >> unpadded)); >> 230: } >> 231: } > > I understand where the fallback code came from. As the padding code is > exactly the same as engineSign(), the risk may be minimal. With the fallback > code, the security concern (time-constant) we cared about will come back. > Did you run into testing failure without the fallback doe? @XueleiFan No failure observed in regression tests as well as Max's preliminary interop testing. However, it is suggested to ensure max compatibility as you know. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267137659