On Mon, 27 Oct 2025 03:59:03 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
>> Hai-May Chao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Revert changes to UseStrongDHSizes test as ffdhe6144/8192 added back
>> - Updated comment in ServerHello and hybrid to upper-case in NamedGroup
>
> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 71:
>
>> 69: public static final Provider PROVIDER = new ProviderImpl();
>> 70:
>> 71: private static class ProviderImpl extends Provider {
>
> Why not expose the Provider to public?
We introduce DH Provider that implements DH as a KEM, and DH is wrapped as a
KEM for encapsulate and decapsulate. It is an internal translation layer, not a
real new public algorithm, so it is not exposed to public.
> src/java.base/share/classes/sun/security/util/Hybrid.java line 197:
>
>> 195: } catch (Exception e) {
>> 196: leftKey = left.generatePublic(new
>> X509EncodedKeySpec(
>> 197: leftKeyBytes));
>
> Fall-back is not good for performance. Does it have to support two key spec?
Remove unneeded fallback.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2554958187
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2554958351
