RFR: 8346129: Simplify EdDSA & XDH curve name usage [v5]
Artur Barashev
abarashev at openjdk.org
Tue Mar 18 19:17:12 UTC 2025
On Tue, 11 Mar 2025 16:49:49 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>>
>> thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>
> check for dup
src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java line 210:
> 208: new CertPathConstraintsParameters(trustedPubKey, variant,
> 209: anchor, date);
> 210: dac.permits(KeyUtil.getAlgorithm(trustedPubKey),
Do you plan to have a unit test for `AlgorithmChecker` changes? It looks like certificates using `ED25519` algorithm didn't match that check before. It would be useful to have a test where disable `ED25519` in java.security and then try to use a certificate with `ED25519` algorithm.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r2001818398
More information about the security-dev
mailing list