RFR: 8368841: X25519 implementation differs from the specification in RFC 7748 [v4]
Ben Perez
bperez at openjdk.org
Thu Feb 26 22:32:11 UTC 2026
> Our implementation of X25519 does not zero the MSB of the `u` coordinate as required by RFC 7748. Currently the test `jdk/sun/security/ec/xec/TestXDH.java` zeroes the bit manually while parsing test vectors, which is likely why this went uncaught.
Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
moved hexStringToBigInteger from Convert.java to TestXDH.java, no longer clears MSB
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/29750/files
- new: https://git.openjdk.org/jdk/pull/29750/files/0dd0c9d3..e00bd0fe
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=29750&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=29750&range=02-03
Stats: 37 lines in 2 files changed: 16 ins; 19 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/29750.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29750/head:pull/29750
PR: https://git.openjdk.org/jdk/pull/29750
More information about the security-dev
mailing list