From 95be3f95205e386ead5286872ac5875c9ca0801c Mon Sep 17 00:00:00 2001 From: Hai-May Chao Date: Fri, 12 Jun 2026 17:08:13 +0000 Subject: [PATCH] 8386600: Fix comparison checks in DHasKEM Reviewed-by: mullan --- .../share/classes/sun/security/ssl/DHasKEM.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/java.base/share/classes/sun/security/ssl/DHasKEM.java b/src/java.base/share/classes/sun/security/ssl/DHasKEM.java index ef5c5b82f06..9f860af101e 100644 --- a/src/java.base/share/classes/sun/security/ssl/DHasKEM.java +++ b/src/java.base/share/classes/sun/security/ssl/DHasKEM.java @@ -268,17 +268,17 @@ public class DHasKEM implements KEMSpi { // RFC 8446 section 7.4.2: checks for all-zero // X25519/X448 shared secret. - if (kaAlgorithm.equals("X25519") || - kaAlgorithm.equals("X448")) { + if (this == X25519 || this == X448) { byte[] s = secret.getEncoded(); + byte data = 0; for (byte b : s) { - if (b != 0) { - return secret; - } + data |= b; + } + if (data == 0) { + // Trigger ILLEGAL_PARAMETER alert + throw new IllegalArgumentException( + "All-zero shared secret"); } - // Trigger ILLEGAL_PARAMETER alert - throw new IllegalArgumentException( - "All-zero shared secret"); } return secret;