RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Nov 20 20:43:06 UTC 2020
On Fri, 20 Nov 2020 20:12:47 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 73:
>>
>>> 71: ED448 (0x0808, "ed448", "Ed448",
>>> 72: "EdDSA",
>>> 73: ProtocolVersion.PROTOCOLS_12_13),
>>
>> You may also want to check if EdDSA is available in the following block:
>> - 282 if ("EC".equals(keyAlgorithm)) {
>> + 282 if ("EC".equals(keyAlgorithm) || "EdDSA"... ) {
>> 283 mediator = JsseJce.isEcAvailable();
>> 284 }
>
> JsseJce.isEcAvailable doesn't check for EdDSA availability so I'm not sure we want that second clause. I don't think the EdDSA code is implemented in the same module as the other EC code is so I don't know if we'd want to extend isEcAvailable to include EdDSA. I'll need to go look to see where EdDSA is located relative to the EC code.
Hm, maybe a new isEdDsaAvailable().
-------------
PR: https://git.openjdk.java.net/jdk/pull/1197
More information about the security-dev
mailing list