On Thu, 15 Oct 2020 02:03:13 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> signing time, jarsigner -directsign, and digest algorithm check > > src/java.base/share/classes/sun/security/pkcs/PKCS7.java line 818: > >> 816: DerOutputStream derSigAlg = new DerOutputStream(); >> 817: sigAlgID.derEncode(derSigAlg); >> 818: derAlgs.writeImplicit((byte)0xA1, derSigAlg); > > Are you sure that this context specific tag value is implicit? In RFC 6211, > some other ASN.1 definition uses IMPLICIT > keyword after the [x] which seems to suggest that the default is explicit > unless specified. Besides, the layman's guide > sec2.3 also states "The keyword [class number] alone is the same as explicit > tagging, except when the "module" in which > the ASN.1 type is defined has implicit tagging by default." So, it seems that > explicit tagging should be the default? In the formal definition at https://tools.ietf.org/html/rfc6211#appendix-A, you can see `DEFINITIONS IMPLICIT TAGS` covers from BEGIN to END. Those explicit IMPLICIT tags you see are CMS ASN.1 definitions, and it looks in its own RFC at https://tools.ietf.org/html/rfc5652#section-12, IMPLICIT and EXPLICIT are always written out. I can confirm both OpenSSL and BC use IMPLICIT. ------------- PR: https://git.openjdk.java.net/jdk/pull/322
