Re: RFR: 8375275: Error handling to raise illegal_parameter or internal_error alert in hybrid key exchange [v2]

Wed, 18 Mar 2026 12:14:46 -0700 

> This change implements behavior required by the specification Post-quantum 
> hybrid ECDHE-MLKEM Key Agreement for TLSv1.3. The specification defines 
> several validation checks during the hybrid key exchange that require 
> aborting the connection with either an illegal_parameter alert or an 
> internal_error alert.
> 
> In 4.2. Server share section specifies the following checks:
> For all groups, the server MUST perform the encapsulation key check described 
> in Section 7.2 of [NIST-FIPS-203] on the client’s encapsulation key, and 
> abort with an illegal_parameter alert if it fails.
> 
> For all groups, the client MUST check if the ciphertext length matches the 
> selected group, and abort with an illegal_parameter alert if it fails. If 
> ML-KEM decapsulation fails for any other reason, the connection MUST be 
> aborted with an internal_error alert.
> 
> For all groups, both client and server MUST process the ECDH part as 
> described in Section 4.2.8.2 of [RFC8446], including all validity checks, and 
> abort with an illegal_parameter alert if it fails.
> 
> In 4.3. Shared secret section specifies the following check:
> For all groups, both client and server MUST calculate the ECDH part of the 
> shared secret as described in Section 7.4.2 of [RFC8446], including the 
> all-zero shared secret check for X25519, and abort the connection with an 
> illegal_parameter alert if it fails.
> 
> This implementation propagates exceptions raised during ECDH and ML-KEM 
> operations in client and server sides from the Hybrid and DHasKEM classes 
> (which implement KEMSpi) to the TLS handshake layer, where they are mapped to 
> the corresponding TLS fatal alerts.

Hai-May Chao has updated the pull request incrementally with one additional 
commit since the last revision:

  Update with Mikhail's comment

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/30039/files
  - new: https://git.openjdk.org/jdk/pull/30039/files/d084602e..2d9bf42b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=30039&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=30039&range=00-01

  Stats: 9 lines in 1 file changed: 0 ins; 5 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/30039.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/30039/head:pull/30039

PR: https://git.openjdk.org/jdk/pull/30039

Reply via email to