RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v16]
Hai-May Chao
hchao at openjdk.org
Sun Dec 7 01:55:14 UTC 2025
On Sat, 6 Dec 2025 17:39:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updates with Brad's comments
>
> src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 38:
>
>> 36: import javax.crypto.KeyAgreement;
>> 37: import javax.crypto.SecretKey;
>> 38: import javax.crypto.spec.SecretKeySpec;
>
> Useless import.
Removed.
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 41:
>
>> 39: import java.security.InvalidAlgorithmParameterException;
>> 40: import java.security.InvalidKeyException;
>> 41: import java.security.InvalidParameterException;
>
> Useless import.
Removed.
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 144:
>
>> 142: throw new ProviderException("Failed to initialize hybrid " +
>> 143: "keypair generator", e);
>> 144: }
>
> No need to catch either of the exceptions.
Removed.
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 363:
>
>> 361: @Override
>> 362: public SecretKey engineDecapsulate(byte[] encapsulation, int from,
>> 363: int to, String algorithm) throws DecapsulateException {
>
> You might want to check the length of `encapsulation`.
Checkings added to decapsulate and encapsulate.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595801566
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595801594
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595801547
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595801747
More information about the security-dev
mailing list