RFR: 8255494: PKCS7 should use digest algorithm to verify the signature [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Oct 29 18:37:06 UTC 2020
> This is a regression made by [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the digest algorithm is not the same as the hash part of the signature algorithm, we used to combine the digest algorithm with the key part of the signature algorithm into a new signature algorithm and use it when generating a signature. The previous code change uses the signature algorithm in the SignerInfo directly. This bugfix will revert to the old behavior.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
more comment to the test, and full DER encoding
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/916/files
- new: https://git.openjdk.java.net/jdk/pull/916/files/bc354142..19aa3f4d
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=916&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=916&range=00-01
Stats: 9 lines in 1 file changed: 3 ins; 0 del; 6 mod
Patch: https://git.openjdk.java.net/jdk/pull/916.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/916/head:pull/916
PR: https://git.openjdk.java.net/jdk/pull/916
More information about the security-dev
mailing list