From 53676e20ff6ca6c9b54dd59ce88fb9798aeea8f4 Mon Sep 17 00:00:00 2001
From: Boran Car <bcar@grailbio.com>
Date: Mon, 25 Oct 2021 21:00:14 +0000
Subject: [PATCH] [BENG-40] ec2util: future-proof aws identitiy document verify

Summary:
AWS Identity Documents are signed with DSA-with-SHA1 signatures, and DSA is
removed from x509/crypto as of Go 1.16. This follows an approach done
by https://github.com/hashicorp/vault/pull/12340, by forking in
https://github.com/mozilla-services/pkcs7 and applying the DSA fix
https://github.com/mozilla-services/pkcs7/pull/50.

Test Plan: - Tested Bazel build and go build from within the folder

Reviewers: aeiser, dborcherding, sdunn, anguyen, gvitta, bbentson

Reviewed By: dborcherding, sdunn

Subscribers: jcharumilind, dnicolaou, pboyapalli, smahadevan

Differential Revision: https://phabricator.grailbio.com/D66326

fbshipit-source-id: cafa39b
---
 cloud/ec2util/ec2util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloud/ec2util/ec2util.go b/cloud/ec2util/ec2util.go
index 3502a364..a1b5b768 100644
--- a/cloud/ec2util/ec2util.go
+++ b/cloud/ec2util/ec2util.go
@@ -22,8 +22,8 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/ec2"
-	"github.com/fullsailor/pkcs7"
 	"v.io/x/lib/vlog"
+	"go.mozilla.org/pkcs7"
 )
 
 type IdentityDocument struct {