On Wed, 19 Jul 2023 08:46:53 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
>> @ferakocz So, with this approach, we are paying the extra cost of encode >> signature + pad (for the omit null case) even for impls conforming to RFC >> 8017 spec. Based on the current interoperability testing, do you still feel >> that this is worthwhile to do? > > Well, for conforming implementations we just do the first check and succeed. > What I suggested was that we do the encode without null params and pad() > *instead* of the fallback to unpad()decodeSignature(). As I said, this part > need not be constant time (except for the byte array comparison part), but it > can even be made constant time to satisfy the purists :-) at the expense of > an extra encode/pad operation which is not that expensive. If it need not be constant time, I'd prefer to not pay the extra cost for every operation and for all callers. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1268780497