This is a regression made by 
[JDK-8242068](https://bugs.openjdk.java.net/browse/JDK-8242068). When the 
digest algorithm is not the same as the hash part of the signature algorithm, 
we used to combine the digest algorithm with the key part of the signature 
algorithm into a new signature algorithm and use it when generating a 
signature. The previous code change uses the signature algorithm in the 
SignerInfo directly. This bugfix will revert to the old behavior.

-------------

Commit messages:
 - 8255494: PKCS7 should use digest algorithm to verify the signature

Changes: https://git.openjdk.java.net/jdk/pull/916/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=916&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8255494
  Stats: 126 lines in 3 files changed: 113 ins; 5 del; 8 mod
  Patch: https://git.openjdk.java.net/jdk/pull/916.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/916/head:pull/916

PR: https://git.openjdk.java.net/jdk/pull/916

Reply via email to