RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]

Jamil Nimeh jnimeh at openjdk.java.net
Fri Nov 20 20:25:07 UTC 2020


On Fri, 20 Nov 2020 19:58:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Jamil Nimeh has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:
>> 
>>  - Update test to account for JDK-8202343 fix
>>  - Merge
>>  - Merge
>>  - Applied code review comments to tests
>>  - Fix cut/paste error with ECDH-RSA key exchange
>>  - Merge
>>  - Initial EdDSA/TLS solution
>
> src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 139:
> 
>> 137:                 if (cct.isAvailable) {
>> 138:                     cct.keyAlgorithm.forEach(key -> {
>> 139:                         if (!keyTypes.contains(key)) {
> 
> Can this ever happen? Why not just `addAll`?

I wanted to make sure we didn't end up with duplicates if two different certificate types had the same underlying key type and also to deal with both well-formed certificate request messages or ones that erroneously reiterate the type.  It is definitely an edge case.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1197



More information about the security-dev mailing list