Someone else can review the 7u6 part? I need two reviewers.
Thanks
Max
On 07/06/2012 02:44 PM, Xuelei Fan wrote:
On 7/6/2012 1:03 PM, Weijun Wang wrote:
Hi All
I have two fixes for this bug:
For 7u6: http://cr.openjdk.java.net/~weijun/7180907/7u/webrev.00/
Looks fine to me, except a very minor copyright date: you may want to
use 2012 for SignerInfo.java.
This simply makes the name recognizable. It's safe and I don't want
anything broken in 7u6.
Thanks
Max
[1]
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html
-------- Original Message --------
=== *Description*
============================================================
SHORT SUMMARY:
If a signature block (.RSA, a PKCS#7 object) contains authenticated
attributes
and uses a SHA-256 digest, verification will fail. The digest
algorithm is
stored in the PKCS7 using the correct OID (2.16.840.1.101.3.4.2.1) but
sun.security.x509.AlgorithmId maps this back to an algorithm with name
"SHA256". This is not a valid MessageDigest name - the correct version is
SHA-256.
The debug output from:
jarsigner -J-Djava.security.debug=all -verbose -verify i3.jar
debug.txt and i3.jar available here:
ftp://bugftp.us.oracle.com/upload/bug_13/bug13941476
INDICATORS:
COUNTER INDICATORS:
TRIGGERS:
KNOWN WORKAROUND:
PRESENT SINCE:
N/A
HOW TO VERIFY:
Run attached test case
NOTES FOR SE:
None
REGRESSION:
