Fix digest algorithm selection when hash func != cert hash.

Previously, this was deriving the hash to be used in the TSA response from the hash of the cert. But these are not guaranteed to be the same! Signers can choose to use different hash algorithms than their certs - e.g. if my cert is signed with sha384, I can still choose to sign the TSA request w/ sha256. This is typically passed through to the signer via crypto.SignerOpts. This somewhat obfuscated in the pkcs7 encoding, but this ultimately gets pulled out when signed here: https://github.com/digitorus/pkcs7/blob/3a137a8743524b3683ca4e11608d0dde37caee99/sign.go#L214-L217 To fix this, a new func CreateResponseWithOpts that passes in the SignerOpts so that we can encode them to be used in signing later. To keep backwards compatibility with previous behavior before 6c67f27, CreateResponse defaults to SHA256.
digitorus · Aug 30, 2023 · a017bc0 · a017bc0
1 parent d9cccdb
commit a017bc0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/timestamp.go b/timestamp.go
@@ -605,7 +605,7 @@ func (t *Timestamp) populateSigningCertificateV2Ext(certificate *x509.Certificat
 }
 
 // digestAlgorithmToOID converts the hash func to the corresponding OID.
-// This should have parity with [pkcs7.]
+// This should have parity with [pkcs7.getHashForOID].
 func digestAlgorithmToOID(hash crypto.Hash) (asn1.ObjectIdentifier, error) {
 	switch hash {
 	case crypto.SHA1: