RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Fri Nov 20 20:43:06 UTC 2020


On Fri, 20 Nov 2020 20:12:47 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 73:
>> 
>>> 71:     ED448                   (0x0808, "ed448", "Ed448",
>>> 72:                                     "EdDSA",
>>> 73:                                     ProtocolVersion.PROTOCOLS_12_13),
>> 
>> You may also want to check if EdDSA is available in the following block:
>> - 282         if ("EC".equals(keyAlgorithm)) {
>> + 282         if ("EC".equals(keyAlgorithm) || "EdDSA"... ) {
>> 283             mediator = JsseJce.isEcAvailable();
>> 284         }
>
> JsseJce.isEcAvailable doesn't check for EdDSA availability so I'm not sure we want that second clause.  I don't think the EdDSA code is implemented in the same module as the other EC code is so I don't know if we'd want to extend isEcAvailable to include EdDSA.  I'll need to go look to see where EdDSA is located relative to the EC code.

Hm, maybe a new isEdDsaAvailable().

-------------

PR: https://git.openjdk.java.net/jdk/pull/1197



More information about the security-dev mailing list