On Fri, 16 Oct 2020 02:34:35 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 549:
>>
>>> 547: return encAlg;
>>> 548: default:
>>> 549: String digAlg = digAlgId.getName().replace("-", "");
>>
>> This may be incorrect if the digest algorithm is in the SHA3 family. Maybe
>> we should check and apply this conversion
>> only when digest algorithm starts with "SHA-".
>
> Good suggestion. I'll also try some tests.
In fact, since now I directly write the signature algorithm into the
`SignerInfo.digestEncryptionAlgorithmId` field,
the code above is not used at all. The `makeSigAlg` method directly returns the
`encAlgId` argument if it has "with"
inside.
I'll fix it anyway. I've confirmed that if I still write only the key algorithm
there (Ex: "EC") then the verification
process will see a problem without your suggested change.
-------------
PR: https://git.openjdk.java.net/jdk/pull/322
