Understanding elliptic curve spec limitations
David Blevins
dblevins at tomitribe.com
Mon Sep 27 21:22:26 UTC 2021
I've been putting a significant amount of work into compiling a large set of elliptic curve parameters/names/oids for an open source library and a related closed source security product we have. We need to be able to support any of the curves that OpenSSL/LibreSSL support.
The trick is this is currently impossible due to hardcoding in OpenJDK 16. Though you supply valid parameters via ECParameterSpec, when you attempt to construct an instance of ECPrivateKey or ECPublicKey you hit code in sun.security.util.CurveDB that does a "reverse lookup" of sorts to find the curve name. If it's not a curve CurveDB knows about, you can't use it.
Is there willingness to accept contributions that would remove this limitation?
--
David Blevins
http://twitter.com/dblevins
http://www.tomitribe.com
More information about the security-dev
mailing list