On Wed, 27 Sep 2023 19:31:53 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Fix JDK-8295919 by updating the javadoc to explain that a null or
>> zero-length `digestb` will also result in a short-circuit response
>
> src/java.base/share/classes/java/security/MessageDigest.java line 464:
>
>> 462: * It does not depend on the length of {@code digestb} or the
>> contents
>> 463: * of {@code digesta} and {@code digestb}, unless {@code digestb}
>> is null
>> 464: * or has a length of zero bytes.
>
> I think this new text should be moved earlier to the first sentence, since
> that first sentence is not always true given this condition. I suggest
> rewording the first two sentences as:
>
> "All bytes in {@code digesta} are examined to determine equality, unless
> {@code digestb} is {@code null}
> or has a length of zero bytes. If {@code digestb} is not {@code null} and
> does not have a length of zero bytes,
> then the calculation time depends only on the length of {@code digesta}."
Yeah, I wondered about that. Will do.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15933#discussion_r1339147293
