> On Sep 27, 2021, at 3:32 PM, Anthony Scarpino <[email protected]> > wrote: > > On 9/27/21 2:22 PM, David Blevins wrote: >> I've been putting a significant amount of work into compiling a large set of >> elliptic curve parameters/names/oids for an open source library and a >> related closed source security product we have. We need to be able to >> support any of the curves that OpenSSL/LibreSSL support. >> The trick is this is currently impossible due to hardcoding in OpenJDK 16. >> Though you supply valid parameters via ECParameterSpec, when you attempt to >> construct an instance of ECPrivateKey or ECPublicKey you hit code in >> sun.security.util.CurveDB that does a "reverse lookup" of sorts to find the >> curve name. If it's not a curve CurveDB knows about, you can't use it. >> Is there willingness to accept contributions that would remove this >> limitation? > > We haven't heard such issues since native obsolete curves were removed from > 16. We are will to take contributions upon review. If you're going to > formally contribute the code, you should check out > https://openjdk.java.net/contribute/
Thanks, Tony. It also appears that of the 60 curves supported only 3 of them can be used to sign/verify. Any insight as to why? -David
