fixed: hardcoded signature algo

fullsailor / pkcs7

Implements a subset of PKCS#7/Crytpographic Message Syntax (rfc2315, rfc5652)

MIT License

123 stars 201 forks source link

fixed: hardcoded signature algo #27

Closed primalmotion closed 6 years ago

primalmotion commented 6 years ago

This patch removes the hardcoded value of the signature verification ago. This fixes an error that starts to appear in go1.10

fullsailor commented 6 years ago

This patch is incomplete, the signature algorithm of the certificate is not always the same one that is used for the actual signature. We'll need to merge the hash algorithm with the encryption algorithm.

For example, I can sign a with an RSA key, my cert's signature is in SHA256, but the signer info may have a SHA1 digest. Always using the cert's algorithm will cause some usages to fail. I'm pretty sure this is why the tests are failing,

primalmotion commented 6 years ago

ok then I'm not sure how to do it :/

fullsailor commented 6 years ago

That's fine, I'm working on a fix now using some of the code from crypto/x509 to figure out which x509.SignatureAlgorithm to use for the given pkix.AlgorithmIdentifier.