jtnord commented on code in PR #639:
URL: https://github.com/apache/mina-sshd/pull/639#discussion_r1901108351
##########
sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java:
##########
@@ -606,99 +609,155 @@ public static RandomFactory getRandomFactory() {
* @return {@code true} if EDDSA curves (e.g., {@code ed25519}) are
supported
*/
public static boolean isEDDSACurveSupported() {
+ return getEdDSASupport().isPresent();
+ }
+
+ public static boolean isNetI2pCryptoEdDSARegistered() {
+ register();
+ return isProviderRegistered(EDDSA);
+ }
+
+ public static Optional<EdDSASupport<?, ?>> getEdDSASupport() {
if (isFipsMode()) {
- return false;
+ return Optional.empty();
Review Comment:
I think this is incorrect as before there was only a single EDSA provider
which was never FIPS compliant, now there is a FIPS compliant (bouncycastle)
one (when using the FIPS variant) so it should be up to the provider to perform
the `isFipsMode` check and return an empty optional if their EDDSA support is
not compliant.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
