RFR: 8368841: X25519 implementation differs from the specification in RFC 7748 [v6]
Weijun Wang
weijun at openjdk.org
Fri Feb 27 04:25:21 UTC 2026
On Thu, 26 Feb 2026 23:05:55 GMT, Ben Perez <bperez at openjdk.org> wrote:
>> Our implementation of X25519 does not zero the MSB of the `u` coordinate as required by RFC 7748. Currently the test `jdk/sun/security/ec/xec/TestXDH.java` zeroes the bit manually while parsing test vectors, which is likely why this went uncaught.
>
> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
>
> Changed params comparison
src/java.base/share/classes/sun/security/ec/XDHPublicKeyImpl.java line 94:
> 92: this.u = (params == XECParameters.X448) ?
> 93: new BigInteger(1, u_arr) :
> 94: new BigInteger(1, u_arr).clearBit(255);
Aren't lines 86-89 already doing it?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29750#discussion_r2862439402
More information about the core-libs-dev
mailing list