Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9959:0e9efa336f00
8238804: Enhance key handling process
Reviewed-by: rriggs, mullan, ahgross, rhalade, mbalao, andrew
author | weijun |
---|---|
date | Sun, 12 Jul 2020 16:07:29 +0100 |
parents | ce29e542f3fa |
children | 7eb3f5dc208a |
files | src/share/classes/java/security/MessageDigest.java |
diffstat | 1 files changed, 19 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/security/MessageDigest.java Wed Jul 15 21:15:05 2020 +0100 +++ b/src/share/classes/java/security/MessageDigest.java Sun Jul 12 16:07:29 2020 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -433,6 +433,12 @@ /** * Compares two digests for equality. Does a simple byte compare. * + * @implNote + * All bytes in {@code digesta} are examined to determine equality. + * The calculation time depends only on the length of {@code digesta}. + * It does not depend on the length of {@code digestb} or the contents + * of {@code digesta} and {@code digestb}. + * * @param digesta one of the digests to compare. * * @param digestb the other digest to compare. @@ -444,14 +450,22 @@ if (digesta == null || digestb == null) { return false; } - if (digesta.length != digestb.length) { - return false; + + int lenA = digesta.length; + int lenB = digestb.length; + + if (lenB == 0) { + return lenA == 0; } int result = 0; + result |= lenA - lenB; + // time-constant comparison - for (int i = 0; i < digesta.length; i++) { - result |= digesta[i] ^ digestb[i]; + for (int i = 0; i < lenA; i++) { + // If i >= lenB, indexB is 0; otherwise, i. + int indexB = ((i - lenB) >>> 31) * i; + result |= digesta[i] ^ digestb[indexB]; } return result == 0; }