tomaswolf commented on code in PR #639:
URL: https://github.com/apache/mina-sshd/pull/639#discussion_r1910522734
##########
sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java:
##########
@@ -606,99 +609,155 @@ public static RandomFactory getRandomFactory() {
* @return {@code true} if EDDSA curves (e.g., {@code ed25519}) are
supported
*/
public static boolean isEDDSACurveSupported() {
+ return getEdDSASupport().isPresent();
+ }
+
+ public static boolean isNetI2pCryptoEdDSARegistered() {
+ register();
+ return isProviderRegistered(EDDSA);
+ }
+
+ public static Optional<EdDSASupport<?, ?>> getEdDSASupport() {
if (isFipsMode()) {
- return false;
+ return Optional.empty();
Review Comment:
OK. I still see the point, though. A future BC-FIPS might have EdDSA as
"approved algorithm". It _is_ in [NIST SP 800-140C Rev.
2](https://csrc.nist.gov/pubs/sp/800/140/c/r2/final) from 2023-07-25, and is
listed at [SP 800-140C: Approved Security
Functions](https://csrc.nist.gov/projects/cmvp/sp800-140c).
And BC currently has BC FIPS 2.1.0 undergoing validation. So we might have
to refactor this approach in the near future.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
