On Mon, 8 May 2023 13:32:38 GMT, Ferenc Rakoczi <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 823:
>>
>>> 821: index += siglist[i].sigArrayLength();
>>> 822: pubList[i] = new LMSPublicKey(sigArr, index,
>>> false);
>>> 823: if
>>> (!pubList[i].getDigestAlgorithm().equals(pubKeyHashAlg)) {
>>
>> Comparing hash algorithm is not enough. Length (`m`) should also be compared.
>
> Compared.
How about we create a dedicated method for this `hasSameHash(LMParams,
LMParams)`? Looks like the `getDigestAlgorithm` methods on lines 228 and 699
have no more other usages.
We can also create a new `hasSameHash(LMOTSParams, LMParams)` for the check in
`new LMSPublicKey`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187628910
