RFR: 8368841: X25519 implementation differs from the specification in RFC 7748 [v3]
Ben Perez
bperez at openjdk.org
Thu Feb 19 20:03:25 UTC 2026
> Our implementation of X25519 does not zero the MSB of the `u` coordinate as required by RFC 7748. Currently the test `jdk/sun/security/ec/xec/TestXDH.java` zeroes the bit manually while parsing test vectors, which is likely why this went uncaught.
Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
removed parsing functionality in TestXDH that manually clears MSB
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/29750/files
- new: https://git.openjdk.org/jdk/pull/29750/files/a56b506f..0dd0c9d3
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=29750&range=02
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=29750&range=01-02
Stats: 6 lines in 2 files changed: 0 ins; 4 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/29750.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29750/head:pull/29750
PR: https://git.openjdk.org/jdk/pull/29750
More information about the security-dev
mailing list