> On Sep 28, 2021, at 12:49 AM, David Blevins <[email protected]> wrote: > >> On Sep 27, 2021, at 3:32 PM, Anthony Scarpino <[email protected]> >> wrote: >> >> On 9/27/21 2:22 PM, David Blevins wrote: >>> I've been putting a significant amount of work into compiling a large set >>> of elliptic curve parameters/names/oids for an open source library and a >>> related closed source security product we have. We need to be able to >>> support any of the curves that OpenSSL/LibreSSL support. >>> The trick is this is currently impossible due to hardcoding in OpenJDK 16. >>> Though you supply valid parameters via ECParameterSpec, when you attempt to >>> construct an instance of ECPrivateKey or ECPublicKey you hit code in >>> sun.security.util.CurveDB that does a "reverse lookup" of sorts to find the >>> curve name. If it's not a curve CurveDB knows about, you can't use it. >>> Is there willingness to accept contributions that would remove this >>> limitation? >> >> We haven't heard such issues since native obsolete curves were removed from >> 16. We are will to take contributions upon review. If you're going to >> formally contribute the code, you should check out >> https://openjdk.java.net/contribute/ > > Thanks, Tony. > > It also appears that of the 60 curves supported only 3 of them can be used to > sign/verify. Any insight as to why?
Found my own answer on this second question. - https://bugs.openjdk.java.net/browse/JDK-8251547 -David
