On Fri, 4 Oct 2024 20:59:45 GMT, Ben Perez <bpe...@openjdk.org> wrote:
> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme > https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on > https://github.com/openjdk/jdk/pull/21167 src/java.base/share/classes/sun/security/provider/ML_DSA.java line 659: > 657: > 658: //Check verify conditions > 659: boolean hashEq = Arrays.equals(sig.commitmentHash(), > cTildePrime); Do we want a constant-time array check here and use `MessageDigest.isEqual()` instead? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21364#discussion_r1792184664
