RFR: 8302233: HSS/LMS: keytool and jarsigner changes [v6]
Weijun Wang
weijun at openjdk.org
Thu Nov 30 16:25:30 UTC 2023
On Thu, 30 Nov 2023 16:13:09 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> reword comment
>
> src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 526:
>
>> 524: break;
>> 525: case "HSS/LMS":
>> 526: // RFC 8708 requires the same hash algorithm used as in the HSS/LMS algorithm
>
> Actually it is RFC 8554 that requires it, RFC 8708 just references RFC 8554
I mean, RFC 8708 requires that the hash algorithm used by the HSS/LMS signature (which should be a single one used in every corner of HSS/LMS, as required by RFC 8554) should be the same as the `digestAlgorithm` in the CMS `SignerInfo` object. See RFC 8708 Section 5:
> digestAlgorithm MUST contain the one-way hash function used in the HSS/LMS tree.
https://www.rfc-editor.org/rfc/rfc8708.html#name-signed-data-conventions
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14254#discussion_r1410918418
More information about the security-dev
mailing list