JDK-8255494 : PKCS7 should use digest algorithm to verify the signature
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 16
- Priority: P2
- Status: Closed
- Resolution: Fixed
- Submitted: 2020-10-28
- Updated: 2021-01-26
- Resolved: 2020-10-31
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 16 |
|---|
16 b23Fixed  |
Related Reports
|
Relates :
|
Description
PKCS7 SignerInfo contains both a digest algorithm and a signature algorithm. When verifying a signature, it should use the digest algorithm and the key algorithm part of the signature algorithm to derive the actual signature algorithm. We used to do it this way but JDK-8242068 modified this behavior and use the signature algorithm directly.
Comments
|