On Wed, 28 Oct 2020 21:01:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> This is a regression made by > [JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the > digest algorithm is not the same as the hash part of the signature algorithm, > we used to combine the digest algorithm with the key part of the signature > algorithm into a new signature algorithm and use it when generating a > signature. The previous code change uses the signature algorithm in the > SignerInfo directly. This bugfix will revert to the old behavior. This pull request has now been integrated. Changeset: 80380d51 Author: Weijun Wang <wei...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/80380d51 Stats: 129 lines in 3 files changed: 116 ins; 5 del; 8 mod 8255494: PKCS7 should use digest algorithm to verify the signature Reviewed-by: valeriep ------------- PR: https://git.openjdk.java.net/jdk/pull/916
