RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v7]

Vicente Romero vromero at openjdk.java.net
Thu Oct 15 18:18:10 UTC 2020


On Tue, 13 Oct 2020 13:29:39 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Add support for [RFC 6211: Cryptographic Message Syntax (CMS) Algorithm Identifier Protection
>> Attribute](https://tools.ietf.org/html/rfc6211) to protect against algorithm substitution attacks. This attribute is
>> signed and it contains copies of digestAlgorithm and signatureAlgorithm which are unprotected in SignerInfo. Before
>> this enhancement, the two algorithms can be implied from the signature itself (i.e. if you change any of them the
>> signature size would not match or the key will not decrypt). However, with the introduction of RSASSA-PSS, the
>> signature algorithm can be modified and it still looks like the signature is valid. This particular case is [described
>> in the RFC](https://tools.ietf.org/html/rfc6211#page-5):
>>    signatureAlgorithm  has been protected by implication in the past.
>>       The use of an RSA public key implied that the RSA v1.5 signature
>>       algorithm was being used.  The hash algorithm and this fact could
>>       be checked by the internal padding defined.  This is no longer
>>       true with the addition of the RSA-PSS signature algorithms.
>
> A force push to fix the RFC number typo in the latest commit. No content update.

this one has nothing to do with javac so the `compiler` label should be removed

-------------

PR: https://git.openjdk.java.net/jdk/pull/322



More information about the security-dev mailing list