RFC 8017 8.2.2 Step 4 requires encoding the digest and then comparing it with the decrypted copy. The current implementation decodes the decrypted copy and compares the content with the digest. We should follow the RFC.

*Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. The check is relaxed to only requiring the digest value be DER encoded.