RFR: 8346129: Simplify EdDSA & XDH curve name usage [v3]
Sean Mullan
mullan at openjdk.org
Wed Feb 26 21:10:53 UTC 2025
On Fri, 21 Feb 2025 22:34:25 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> `permits()` are used in situations for jdk[tls|certpath|jar].disabledAlgorithms, and the SSLAlgorithmConstraints. It's not called for APIs like KPG, Signature, etc.
>
> That's what I meant. Suppose in TLS when you verify a signature and you call `permits` on both the signature algorithm name and the key used to init the signature, it's OK if only one fails.
Yes, it should check both the signature algorithm and key algorithm in one permits call for signatures.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1972412345
More information about the security-dev
mailing list