On Wed, 18 Mar 2026 12:39:14 GMT, Mikhail Yankelevich
<[email protected]> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update with Mikhail's comment
>
> src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 282:
>
>> 280: }
>> 281: }
>> 282: if (allZero) {
>
> Is this if statement needed? Do you think returning from line 279 instead of
> breaking would make the code both simpler and use less memory? Then you can
> throw directly after the loop that checks for zeros. Something like this:
>
>
> // RFC 8446 section 7.4.2: checks for all-zero
> // X25519/X448 shared secret.
> if (kaAlgorithm.equals("X25519") ||
> kaAlgorithm.equals("X448")) {
> byte[] s = secret.getEncoded();
> for (byte b : s) {
> if (b != 0) {
> return secret;
> }
> }
> // Trigger ILLEGAL_PARAMETER alert
> throw new IllegalArgumentException(
> "All-zero shared secret");
>
> }
Updated as suggested. Thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30039#discussion_r2955656155
