On Tue, 13 Oct 2020 13:29:39 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Add support for [RFC 6211: Cryptographic Message Syntax (CMS) Algorithm >> Identifier Protection >> Attribute](https://tools.ietf.org/html/rfc6211) to protect against algorithm >> substitution attacks. This attribute is >> signed and it contains copies of digestAlgorithm and signatureAlgorithm >> which are unprotected in SignerInfo. Before >> this enhancement, the two algorithms can be implied from the signature >> itself (i.e. if you change any of them the >> signature size would not match or the key will not decrypt). However, with >> the introduction of RSASSA-PSS, the >> signature algorithm can be modified and it still looks like the signature is >> valid. This particular case is [described >> in the RFC](https://tools.ietf.org/html/rfc6211#page-5): >> signatureAlgorithm has been protected by implication in the past. >> The use of an RSA public key implied that the RSA v1.5 signature >> algorithm was being used. The hash algorithm and this fact could >> be checked by the internal padding defined. This is no longer >> true with the addition of the RSA-PSS signature algorithms. > > A force push to fix the RFC number typo in the latest commit. No content > update. this one has nothing to do with javac so the `compiler` label should be removed ------------- PR: https://git.openjdk.java.net/jdk/pull/322