[BENG-40] ec2util: future-proof aws identitiy document verify

Summary: AWS Identity Documents are signed with DSA-with-SHA1 signatures, and DSA is removed from x509/crypto as of Go 1.16. This follows an approach done by hashicorp/vault#12340, by forking in https://github.com/mozilla-services/pkcs7 and applying the DSA fix mozilla-services/pkcs7#50. Test Plan: - Tested Bazel build and go build from within the folder Reviewers: aeiser, dborcherding, sdunn, anguyen, gvitta, bbentson Reviewed By: dborcherding, sdunn Subscribers: jcharumilind, dnicolaou, pboyapalli, smahadevan Differential Revision: https://phabricator.grailbio.com/D66326 fbshipit-source-id: cafa39b
grailbio · Jun 2, 2022 · 53676e2 · 53676e2
1 parent 038b391
commit 53676e2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cloud/ec2util/ec2util.go b/cloud/ec2util/ec2util.go
@@ -22,8 +22,8 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/ec2"
-	"github.com/fullsailor/pkcs7"
 	"v.io/x/lib/vlog"
+	"go.mozilla.org/pkcs7"
 )
 
 type IdentityDocument struct {