-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use appropriate digest algorithm during signature creation #97
base: main
Are you sure you want to change the base?
Conversation
Pass the public key instead of the marshalled public key to `digestAlgorithmForPublicKey` in `SignedData.AddSignerInfo`. Previously, the marshalled public key was passed instead of the actual public key. The result is that always SHA256 was being selected, even for ECDSA where the hash algorithm should be selected based on the curve.
Hi @lgarron What can I do to move this forward? |
I'm not qualified to review this, but @vcsjones may be! |
I see: smimesign/ietf-cms/protocol/protocol.go Lines 755 to 766 in e650daf
Since we're passing in something that is not an I think this change looks good, but it would be great to get some test coverage that indeed the right digest algorithm is used for the curve. Would you be able to add some test coverage for this, @oncilla? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look reasonable as I previously mentioned, but hoping we can get some test coverage for this.
@vcsjones sure. I will have look tomorrow |
Pass the public key instead of the marshalled public key to
digestAlgorithmForPublicKey
inSignedData.AddSignerInfo
.Previously, the marshalled public key was passed instead of the actual
public key. The result is that always SHA256 was being selected, even
for ECDSA where the hash algorithm should be selected based on the curve.