<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=DE link=blue vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>This should also answer your other Question, if you Register a Provider (like bouncycastle) it should actually provide such curves via the JCE interface. I am not Aware of Bugs in this area (but on the other Hand besides some stupid EA-agency requirements for brainpool curves nobody in their Right mind uses esoteric curves in commercial Settings anyway). Having said that, a security product which „implementes all curves openssl supports“ might not be very secure after all… <span style='font-family:"Segoe UI Emoji",sans-serif'>😊</span> </p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Gruss</p><p class=MsoNormal>Bernd</p><p class=MsoNormal>-- <o:p></o:p></p><p class=MsoNormal>https://bernd.eckenfels.net<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='border:none;padding:0cm'><b>Von: </b><a href="mailto:dblevins@tomitribe.com">David Blevins</a><br><b>Gesendet: </b>Dienstag, 28. September 2021 17:34<br><b>An: </b><a href="mailto:anthony.scarpino@oracle.com">Anthony Scarpino</a><br><b>Cc: </b><a href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br><b>Betreff: </b>Re: Understanding elliptic curve spec limitations</p></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> On Sep 28, 2021, at 12:49 AM, David Blevins <dblevins@tomitribe.com> wrote:</p><p class=MsoNormal>> </p><p class=MsoNormal>>> On Sep 27, 2021, at 3:32 PM, Anthony Scarpino <anthony.scarpino@oracle.com> wrote:</p><p class=MsoNormal>>> </p><p class=MsoNormal>>> On 9/27/21 2:22 PM, David Blevins wrote:</p><p class=MsoNormal>>>> I've been putting a significant amount of work into compiling a large set of elliptic curve parameters/names/oids for an open source library and a related closed source security product we have. We need to be able to support any of the curves that OpenSSL/LibreSSL support.</p><p class=MsoNormal>>>> The trick is this is currently impossible due to hardcoding in OpenJDK 16. Though you supply valid parameters via ECParameterSpec, when you attempt to construct an instance of ECPrivateKey or ECPublicKey you hit code in sun.security.util.CurveDB that does a "reverse lookup" of sorts to find the curve name. If it's not a curve CurveDB knows about, you can't use it.</p><p class=MsoNormal>>>> Is there willingness to accept contributions that would remove this limitation?</p><p class=MsoNormal>>> </p><p class=MsoNormal>>> We haven't heard such issues since native obsolete curves were removed from 16. We are will to take contributions upon review. If you're going to formally contribute the code, you should check out https://openjdk.java.net/contribute/</p><p class=MsoNormal>> </p><p class=MsoNormal>> Thanks, Tony.</p><p class=MsoNormal>> </p><p class=MsoNormal>> It also appears that of the 60 curves supported only 3 of them can be used to sign/verify. Any insight as to why?</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Found my own answer on this second question.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> - https://bugs.openjdk.java.net/browse/JDK-8251547</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-David</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>