On Tue, 13 Oct 2020 13:24:50 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Note: I force pushed a new commit to correct a typo in the summary line. > > Add support for [RFC 6211: Cryptographic Message Syntax (CMS) Algorithm > Identifier Protection > Attribute](https://tools.ietf.org/html/rfc6211) to protect against algorithm > substitution attacks. This attribute is > signed and it contains copies of digestAlgorithm and signatureAlgorithm which > are unprotected in SignerInfo. Before > this enhancement, the two algorithms can be implied from the signature itself > (i.e. if you change any of them the > signature size would not match or the key will not decrypt). However, with > the introduction of RSASSA-PSS, the > signature algorithm can be modified and it still looks like the signature is > valid. This particular case is [described > in the RFC](https://tools.ietf.org/html/rfc6211#page-5): > signatureAlgorithm has been protected by implication in the past. > The use of an RSA public key implied that the RSA v1.5 signature > algorithm was being used. The hash algorithm and this fact could > be checked by the internal padding defined. This is no longer > true with the addition of the RSA-PSS signature algorithms. A force push to fix the RFC number typo in the latest commit. No content update. ------------- PR: https://git.openjdk.java.net/jdk/pull/322
