RFR: 8314323: TLS 1.3 Hybrid Key Exchange [v2]
Hai-May Chao
hchao at openjdk.org
Sun Oct 5 12:27:26 UTC 2025
On Fri, 3 Oct 2025 17:22:36 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updates with review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 138:
>
>> 136: private final PublicKey pkR;
>> 137: private final PrivateKey skR;
>> 138: private final AlgorithmParameterSpec spec;
>
> This variable is not being used, it can be removed together with the constructor parameter.
Removed variable spec.
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 316:
>
>> 314: // Skip AlgorithmParameters for KEMs (not supported)
>> 315: if (namedGroupSpec == NamedGroupSpec.NAMED_GROUP_KEM) {
>> 316: if (defaultProviderName == null) {
>
> We assume that if provider is not null then it must be DH without doing any checks to confirm that. It would be cleaner to call getProvider() instead.
>
>> Provider p = getProvider();
> if (p == null) {
> KeyFactory.getInstance(name);
> } else {
> KeyFactory.getInstance(name, p);
> }
Done.
> src/java.base/share/classes/sun/security/util/Hybrid.java line 100:
>
>> 98: private static KEM getKEM(String name) throws NoSuchAlgorithmException {
>> 99: if (name.startsWith("secp") || name.equals("X25519") ||
>> 100: name.equals("X448")) {
>
> Do we need `X448` here? Also, please provide a comment for this method with functionality description.
X448 removed, and comment added.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404458729
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404458518
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404458608
More information about the security-dev
mailing list