RFR: 8368841: X25519 implementation differs from the specification in RFC 7748 [v6]
Weijun Wang
weijun at openjdk.org
Fri Feb 27 13:20:22 UTC 2026
On Fri, 27 Feb 2026 04:22:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Changed params comparison
>
> src/java.base/share/classes/sun/security/ec/XDHPublicKeyImpl.java line 94:
>
>> 92: this.u = (params == XECParameters.X448) ?
>> 93: new BigInteger(1, u_arr) :
>> 94: new BigInteger(1, u_arr).clearBit(255);
>
> Aren't lines 86-89 already doing it?
In fact, `TestXDH` has tests on DER keys which shows this part has been working.
On the other hand, `TestXECOps` only tests on `encodedPointMultiply(byte[], byte[])`. Shall we also cover `encodedPointMultiply(byte[], BigInteger)` there to make sure it's also safe directly calling these internal methods? (I admit that I've encouraged calling them in https://github.com/openjdk/jdk/pull/26032#issuecomment-3152384313).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29750#discussion_r2864304050
More information about the security-dev
mailing list