Re: RFR: 8255494: PKCS7 should use digest algorithm to verify the signature [v2]
On Thu, 29 Oct 2020 18:37:06 GMT, Weijun Wang wrote: >> This is a regression made by >> [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the >> digest algorithm is not the same as the hash part of the signature >> algorithm, we used to combine the digest algorithm with the key part of the >> signature algorithm into a new signature algorithm and use it when >> generating a signature. The previous code change uses the signature >> algorithm in the SignerInfo directly. This bugfix will revert to the old >> behavior. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > more comment to the test, and full DER encoding Marked as reviewed by valeriep (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/916
Re: RFR: 8255494: PKCS7 should use digest algorithm to verify the signature
On Thu, 29 Oct 2020 18:57:45 GMT, Hai-May Chao wrote: >> This is a regression made by >> [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the >> digest algorithm is not the same as the hash part of the signature >> algorithm, we used to combine the digest algorithm with the key part of the >> signature algorithm into a new signature algorithm and use it when >> generating a signature. The previous code change uses the signature >> algorithm in the SignerInfo directly. This bugfix will revert to the old >> behavior. > > Looks good! Looks good to me. - PR: https://git.openjdk.java.net/jdk/pull/916
Re: RFR: 8255494: PKCS7 should use digest algorithm to verify the signature
On Wed, 28 Oct 2020 21:01:44 GMT, Weijun Wang wrote: > This is a regression made by > [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the > digest algorithm is not the same as the hash part of the signature algorithm, > we used to combine the digest algorithm with the key part of the signature > algorithm into a new signature algorithm and use it when generating a > signature. The previous code change uses the signature algorithm in the > SignerInfo directly. This bugfix will revert to the old behavior. Looks good! - PR: https://git.openjdk.java.net/jdk/pull/916
Re: RFR: 8255494: PKCS7 should use digest algorithm to verify the signature [v2]
> This is a regression made by > [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the > digest algorithm is not the same as the hash part of the signature algorithm, > we used to combine the digest algorithm with the key part of the signature > algorithm into a new signature algorithm and use it when generating a > signature. The previous code change uses the signature algorithm in the > SignerInfo directly. This bugfix will revert to the old behavior. Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: more comment to the test, and full DER encoding - Changes: - all: https://git.openjdk.java.net/jdk/pull/916/files - new: https://git.openjdk.java.net/jdk/pull/916/files/bc354142..19aa3f4d Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=916=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=916=00-01 Stats: 9 lines in 1 file changed: 3 ins; 0 del; 6 mod Patch: https://git.openjdk.java.net/jdk/pull/916.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/916/head:pull/916 PR: https://git.openjdk.java.net/jdk/pull/916
RFR: 8255494: PKCS7 should use digest algorithm to verify the signature
This is a regression made by [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the digest algorithm is not the same as the hash part of the signature algorithm, we used to combine the digest algorithm with the key part of the signature algorithm into a new signature algorithm and use it when generating a signature. The previous code change uses the signature algorithm in the SignerInfo directly. This bugfix will revert to the old behavior. - Commit messages: - 8255494: PKCS7 should use digest algorithm to verify the signature Changes: https://git.openjdk.java.net/jdk/pull/916/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=916=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8255494 Stats: 126 lines in 3 files changed: 113 ins; 5 del; 8 mod Patch: https://git.openjdk.java.net/jdk/pull/916.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/916/head:pull/916 PR: https://git.openjdk.java.net/jdk/pull/916
