RFR: 8349732: Add support for JARs signed with ML-DSA [v8]
Sean Mullan
mullan at openjdk.org
Tue Nov 4 20:16:27 UTC 2025
On Tue, 4 Nov 2025 18:05:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Add support for ML-DSA signing of JAR files.
>>
>> Note: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-ml-dsa/ is not finalized.
>>
>> Update: it is published as https://datatracker.ietf.org/doc/rfc9882/.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> rewrite fetcher to open ZipFile only once
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 546:
> 544: && !digAlgId.equalsOID(AlgorithmId.SHAKE128_256_oid)
> 545: && !digAlgId.equalsOID(AlgorithmId.SHAKE256_512_oid)) {
> 546: throw new NoSuchAlgorithmException("Incompatible digest algorithm" + digAlgId);
Need space after "algorithm".
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 555:
> 553: && !digAlgId.equalsOID(AlgorithmId.SHA3_512_oid)
> 554: && !digAlgId.equalsOID(AlgorithmId.SHAKE256_512_oid)) {
> 555: throw new NoSuchAlgorithmException("Incompatible digest algorithm");
Also include `digAlgId` in exception msg like on line 546. Same comment on line 562.
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 575:
> 573: * algorithm can be in any of the 3 forms:
> 574: *
> 575: * 1. Simply key algorithm like RSA, DSA, EC, this method returns
s/Simply/Simple/
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2491917463
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2491916896
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2491920116
More information about the security-dev
mailing list