Integrated: 8255494: PKCS7 should use digest algorithm to verify the signature
Weijun Wang
weijun at openjdk.java.net
Sat Oct 31 03:26:59 UTC 2020
On Wed, 28 Oct 2020 21:01:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> This is a regression made by [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the digest algorithm is not the same as the hash part of the signature algorithm, we used to combine the digest algorithm with the key part of the signature algorithm into a new signature algorithm and use it when generating a signature. The previous code change uses the signature algorithm in the SignerInfo directly. This bugfix will revert to the old behavior.
This pull request has now been integrated.
Changeset: 80380d51
Author: Weijun Wang <weijun at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/80380d51
Stats: 129 lines in 3 files changed: 116 ins; 5 del; 8 mod
8255494: PKCS7 should use digest algorithm to verify the signature
Reviewed-by: valeriep
-------------
PR: https://git.openjdk.java.net/jdk/pull/916
More information about the security-dev
mailing list