On Thu, 4 Dec 2025 14:41:34 GMT, Weijun Wang <[email protected]> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Remove null check to not assume key is returned
>
> src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 214:
>
>> 212: if (from == 0 && to == params.secretLen) {
>> 213: return key;
>> 214: } else if ("RAW".equalsIgnoreCase(key.getFormat())) {
>
> I think it's not worth supporting key slicing because it should never happen.
> Otherwise there might be a programming error. Throw an AssertionError here.
Removed key slicing.
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 406:
>
>> 404: // getFormat() returns "RAW" if both keys are X509Key;
>> otherwise null.
>> 405: @Override
>> 406: public String getFormat() {
>
> My understanding is that this will always return "RAW" even if `left` or
> `right` comes from 3rd-party providers and is not `X509Key`.
Fixed.
> src/java.base/share/classes/sun/security/ssl/Hybrid.java line 420:
>
>> 418: if (left instanceof X509Key xk1 && right instanceof X509Key
>> xk2) {
>> 419: return concat(xk1.getKeyAsBytes(), xk2.getKeyAsBytes());
>> 420: } else {
>
> Here, we should be prepared for 3rd-party providers -- just call `getEncoded`
> and strip the ASN.1 headers of algorithm identifiers.
Fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2591211285
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2591211533
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2591211933
