On Sat, 6 Dec 2025 17:24:55 GMT, Hai-May Chao <[email protected]> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three >> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and >> SecP384r1MLKEM1024. >> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this >> change. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Updates with Brad's comments src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 38: > 36: import javax.crypto.KeyAgreement; > 37: import javax.crypto.SecretKey; > 38: import javax.crypto.spec.SecretKeySpec; Useless import. src/java.base/share/classes/sun/security/ssl/Hybrid.java line 41: > 39: import java.security.InvalidAlgorithmParameterException; > 40: import java.security.InvalidKeyException; > 41: import java.security.InvalidParameterException; Useless import. src/java.base/share/classes/sun/security/ssl/Hybrid.java line 144: > 142: throw new ProviderException("Failed to initialize hybrid > " + > 143: "keypair generator", e); > 144: } No need to catch either of the exceptions. src/java.base/share/classes/sun/security/ssl/Hybrid.java line 363: > 361: @Override > 362: public SecretKey engineDecapsulate(byte[] encapsulation, int > from, > 363: int to, String algorithm) throws DecapsulateException { You might want to check the length of `encapsulation`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595183964 PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595195602 PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595182671 PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2595203845
