On Thu, 13 Jul 2023 11:31:40 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as >> before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223: > >> 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); >> 222: >> 223: boolean status = MessageDigest.isEqual(padded, decrypted); > > You should compare only the relevant parts (mask out the random padding > bytes). Good catch, I wonder why this isn't caught by the regression tests... ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1266010309