RFR: 8302233: HSS/LMS: keytool and jarsigner changes [v2]
Weijun Wang
weijun at openjdk.org
Thu Nov 16 16:45:03 UTC 2023
> Code changes for HSS/LMS that's related to keytool and jarsigner:
>
> 1. No need to add `-sigalg` for both tools when HSS/LMS key is involved, it can only be `HSS/LMS`.
> 2. The `digestAlgorithm` field in a PKCS7 `SignerInfo`. It must be the same as the hash algorithm used by the HSS/LMS key. This needs to be enforced both at signing and verification.
> 3. HSS/LMS reuses `.DSA` as the signature block file extension inside a signed JAR file
Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:
- small change on copyright year and method modifier
- Merge branch 'master' into 8302233
- test change
- always DSA for new algorithms
- the fix
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/14254/files
- new: https://git.openjdk.org/jdk/pull/14254/files/2864f5f5..e3b1a7c1
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=14254&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=14254&range=00-01
Stats: 1086491 lines in 9725 files changed: 320140 ins; 622324 del; 144027 mod
Patch: https://git.openjdk.org/jdk/pull/14254.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/14254/head:pull/14254
PR: https://git.openjdk.org/jdk/pull/14254
More information about the security-dev
mailing list