--- old/src/java.base/share/classes/java/security/cert/X509CRL.java	2019-04-10 18:51:47.065780200 -0400
+++ new/src/java.base/share/classes/java/security/cert/X509CRL.java	2019-04-10 18:51:46.145688200 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -239,15 +239,16 @@
     public void verify(PublicKey key, Provider sigProvider)
         throws CRLException, NoSuchAlgorithmException,
         InvalidKeyException, SignatureException {
-        String sigAlgName = getSigAlgName();
         Signature sig = (sigProvider == null)
-            ? Signature.getInstance(sigAlgName)
-            : Signature.getInstance(sigAlgName, sigProvider);
+            ? Signature.getInstance(getSigAlgName())
+            : Signature.getInstance(getSigAlgName(), sigProvider);
 
+        sig.initVerify(key);
+
+        // set parameters after Signature.initSign/initVerify call,
+        // so the deferred provider selections occur when key is set
         try {
-            byte[] paramBytes = getSigAlgParams();
-            SignatureUtil.initVerifyWithParam(sig, key,
-                SignatureUtil.getParamSpec(sigAlgName, paramBytes));
+            SignatureUtil.specialSetParameter(sig, getSigAlgParams());
         } catch (ProviderException e) {
             throw new CRLException(e.getMessage(), e.getCause());
         } catch (InvalidAlgorithmParameterException e) {