Closed jasonkatonica closed 1 month ago
This looks good, but please squash, and then mark as "ready for review" when you're ready.
Jenkins compile aix,zlinux jdknext
Grinder for jdk_security3 https://openj9-jenkins.osuosl.org/job/Grinder/3747 passed except for known failures discussed in https://github.com/eclipse-openj9/openj9/issues/19499.
This update supports both the
ecdsa_brainpoolP512r1tls13_sha512
signature scheme andbrainpoolP512r1tls13
key exchange mechanisms defined inRFC 8734
usingopenssl
.The
NativeECDHKeyAgreement
class was enhanced to allow for a key exchange to take place using the EC named curvebrainpoolP512r1
. This functionality can be enabled by configuring the named groupbrainpoolP512r1tls13
.The
NativeECDSASignature
class was enhanced to allow forECDSA
brainpoolP512r1
signatures to be routed to openssl for execution.The
NativeECKeyPairGenerator
was enhanced to allow forbrainpoolP512r1
based keys to be generated with openssl.Both the
ecdsa_brainpoolP512r1tls13_sha512
signature scheme andbrainpoolP512r1tls13
key exchange mechanism are optionally configured and not enabled by default.Tests were added to exercise both the signature scheme and key exchange along with sign and verify using the
brainpoolP512r1
named curve.Signed-off-by: Jason Katonica katonica@us.ibm.com