RFR: 8368841: X25519 implementation differs from the specification in RFC 7748 [v3]
Ben Perez
bperez at openjdk.org
Thu Feb 26 23:05:56 UTC 2026
On Thu, 26 Feb 2026 22:46:14 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ec/XDHPublicKeyImpl.java line 59:
>>
>>> 57:
>>> 58: // RFC 7748 Section 5 requires the MSB of `u` to be zeroed for X25519
>>> 59: this.u = params.getName().equals("X448") ? u.mod(params.getP()) :
>>
>> I think it would cleaner to compare `NamedParameterSpec` instead of the String. `(paramSpec == NamedParameterSpec.X448) ?`. For here an the other constructor.
>
> But `paramSpec` is newly created and it won't be the same as the one defined in the class.
>
> On the other hand, I do think we can compare `params` itself. It's only useful internally and these are only 2 instances.
Good catch. You're correct that comparing `paramSpec` won't work but `params` does.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29750#discussion_r2861725599
More information about the core-libs-dev
mailing list