From 1b956e2db0ca77e5c9cd46eb24833fdfd9b869aa Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Thu, 9 Mar 2023 15:07:17 +0800
Subject: [PATCH] pkcs7: de-support dsa

---
 pkcs7/sign.go      | 44 +++++-------------------------
 pkcs7/sign_test.go | 67 ----------------------------------------------
 2 files changed, 7 insertions(+), 104 deletions(-)

diff --git a/pkcs7/sign.go b/pkcs7/sign.go
index 79a5165..658ac0f 100644
--- a/pkcs7/sign.go
+++ b/pkcs7/sign.go
@@ -3,7 +3,6 @@ package pkcs7
 import (
 	"bytes"
 	"crypto"
-	"crypto/dsa"
 	"crypto/rand"
 	"crypto/x509/pkix"
 	"encoding/asn1"
@@ -245,27 +244,13 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
 	h := newHash(hasher, sd.digestOid)
 	h.Write(sd.data)
 	sd.messageDigest = h.Sum(nil)
-	switch pkey := pkey.(type) {
-	case *dsa.PrivateKey:
-		// dsa doesn't implement crypto.Signer so we make a special case
-		// https://github.com/golang/go/issues/27889
-		r, s, err := dsa.Sign(rand.Reader, pkey, sd.messageDigest)
-		if err != nil {
-			return err
-		}
-		signature, err = asn1.Marshal(dsaSignature{r, s})
-		if err != nil {
-			return err
-		}
-	default:
-		key, ok := pkey.(crypto.Signer)
-		if !ok {
-			return errors.New("pkcs7: private key does not implement crypto.Signer")
-		}
-		signature, err = key.Sign(rand.Reader, sd.messageDigest, nil)
-		if err != nil {
-			return err
-		}
+	key, ok := pkey.(crypto.Signer)
+	if !ok {
+		return errors.New("pkcs7: private key does not implement crypto.Signer")
+	}
+	signature, err = key.Sign(rand.Reader, sd.messageDigest, nil)
+	if err != nil {
+		return err
 	}
 	var ias issuerAndSerial
 	ias.SerialNumber = ee.SerialNumber
@@ -404,17 +389,6 @@ func signAttributes(attrs []attribute, pkey crypto.PrivateKey, hasher crypto.Has
 	h.Write(attrBytes)
 	hash := h.Sum(nil)
 
-	// dsa doesn't implement crypto.Signer so we make a special case
-	// https://github.com/golang/go/issues/27889
-	switch pkey := pkey.(type) {
-	case *dsa.PrivateKey:
-		r, s, err := dsa.Sign(rand.Reader, pkey, hash)
-		if err != nil {
-			return nil, err
-		}
-		return asn1.Marshal(dsaSignature{r, s})
-	}
-
 	key, ok := pkey.(crypto.Signer)
 	if !ok {
 		return nil, errors.New("pkcs7: private key does not implement crypto.Signer")
@@ -422,10 +396,6 @@ func signAttributes(attrs []attribute, pkey crypto.PrivateKey, hasher crypto.Has
 	return key.Sign(rand.Reader, hash, hasher)
 }
 
-type dsaSignature struct {
-	R, S *big.Int
-}
-
 // concats and wraps the certificates in the RawValue structure
 func marshalCertificates(certs []*smx509.Certificate) rawCertificates {
 	var buf bytes.Buffer
diff --git a/pkcs7/sign_test.go b/pkcs7/sign_test.go
index 68b070b..2b5cba7 100644
--- a/pkcs7/sign_test.go
+++ b/pkcs7/sign_test.go
@@ -2,7 +2,6 @@ package pkcs7
 
 import (
 	"bytes"
-	"crypto/dsa"
 	"crypto/x509"
 	"encoding/asn1"
 	"encoding/pem"
@@ -109,72 +108,6 @@ func TestSignSM(t *testing.T) {
 	testSign(t, true, content, sigalgs)
 }
 
-func TestDSASignAndVerifyWithOpenSSL(t *testing.T) {
-	content := []byte("Hello World")
-	// write the content to a temp file
-	tmpContentFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_content")
-	if err != nil {
-		t.Fatal(err)
-	}
-	ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
-
-	block, _ := pem.Decode([]byte(dsaPublicCert))
-	if block == nil {
-		t.Fatal("failed to parse certificate PEM")
-	}
-	signerCert, err := smx509.ParseCertificate(block.Bytes)
-	if err != nil {
-		t.Fatal("failed to parse certificate: " + err.Error())
-	}
-
-	// write the signer cert to a temp file
-	tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_signer")
-	if err != nil {
-		t.Fatal(err)
-	}
-	ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
-
-	priv := dsa.PrivateKey{
-		PublicKey: dsa.PublicKey{Parameters: dsa.Parameters{P: fromHex("fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"),
-			Q: fromHex("9760508F15230BCCB292B982A2EB840BF0581CF5"),
-			G: fromHex("F7E1A085D69B3DDECBBCAB5C36B857B97994AFBBFA3AEA82F9574C0B3D0782675159578EBAD4594FE67107108180B449167123E84C281613B7CF09328CC8A6E13C167A8B547C8D28E0A3AE1E2BB3A675916EA37F0BFA213562F1FB627A01243BCCA4F1BEA8519089A883DFE15AE59F06928B665E807B552564014C3BFECF492A"),
-		},
-		},
-		X: fromHex("7D6E1A3DD4019FD809669D8AB8DA73807CEF7EC1"),
-	}
-	toBeSigned, err := NewSignedData(content)
-	if err != nil {
-		t.Fatalf("test case: cannot initialize signed data: %s", err)
-	}
-	if err := toBeSigned.SignWithoutAttr(signerCert, &priv, SignerInfoConfig{}); err != nil {
-		t.Fatalf("Cannot add signer: %s", err)
-	}
-	toBeSigned.Detach()
-	signed, err := toBeSigned.Finish()
-	if err != nil {
-		t.Fatalf("test case: cannot finish signing data: %s", err)
-	}
-
-	// write the signature to a temp file
-	tmpSignatureFile, err := ioutil.TempFile("", "TestDSASignAndVerifyWithOpenSSL_signature")
-	if err != nil {
-		t.Fatal(err)
-	}
-	ioutil.WriteFile(tmpSignatureFile.Name(), pem.EncodeToMemory(&pem.Block{Type: "PKCS7", Bytes: signed}), 0755)
-
-	// call openssl to verify the signature on the content using the root
-	opensslCMD := exec.Command("openssl", "smime", "-verify", "-noverify",
-		"-in", tmpSignatureFile.Name(), "-inform", "PEM",
-		"-content", tmpContentFile.Name())
-	out, err := opensslCMD.CombinedOutput()
-	if err != nil {
-		t.Fatalf("test case: openssl command failed with %s: %s", err, out)
-	}
-	os.Remove(tmpSignatureFile.Name())  // clean up
-	os.Remove(tmpContentFile.Name())    // clean up
-	os.Remove(tmpSignerCertFile.Name()) // clean up
-}
-
 func ExampleSignedData() {
 	// generate a signing cert or load a key pair
 	cert, err := createTestCertificate(x509.SHA256WithRSA)