Switch to a forked copy of pkcs7 to fix aws pkcs7 verification error (#4024)

Fixes #4014

builtin/credential/aws/path_login.go

@@ -20,13 +20,13 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/iam"
-	"github.com/fullsailor/pkcs7"
 	"github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/vault/helper/jsonutil"
 	"github.com/hashicorp/vault/helper/strutil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
+	"github.com/jefferai/pkcs7"
 )
 
 const (

vendor/github.com/jefferai/pkcs7/pkcs7.go

@@ -254,8 +254,7 @@ func verifySignature(p7 *PKCS7, signer signerInfo) error {
 		return errors.New("pkcs7: No certificate for signer")
 	}
 
-	algo := x509.SHA1WithRSA
-	return cert.CheckSignature(algo, signedData, signer.EncryptedDigest)
+	return cert.CheckSignature(cert.SignatureAlgorithm, signedData, signer.EncryptedDigest)
 }
 
 func marshalAttributes(attrs []attribute) ([]byte, error) {

vendor/vendor.json

@@ -834,12 +834,6 @@
 			"revision": "a2e072cb4fe7c4b5962e74e38e3c256c053f6132",
 			"revisionTime": "2018-02-02T13:34:58Z"
 		},
-		{
-			"checksumSHA1": "BjjcPf2i7KfBnVazHZCAe9xn6jY=",
-			"path": "github.com/fullsailor/pkcs7",
-			"revision": "a009d8d7de53d9503c797cb8ec66fa3b21eed209",
-			"revisionTime": "2017-06-13T20:12:21Z"
-		},
 		{
 			"checksumSHA1": "ImX1uv6O09ggFeBPUJJ2nu7MPSA=",
 			"path": "github.com/ghodss/yaml",
@@ -1260,6 +1254,12 @@
 			"revision": "9cc31c3135eef39b8e72585f37efa92b6ca314d0",
 			"revisionTime": "2016-07-21T23:51:17Z"
 		},
+		{
+			"checksumSHA1": "U2xx6g0Cu/vKhHRK8rcQWAOzg34=",
+			"path": "github.com/jefferai/pkcs7",
+			"revision": "6c523e5a7967df6e893c2803ba65225c7f394da6",
+			"revisionTime": "2018-02-22T13:45:58Z"
+		},
 		{
 			"checksumSHA1": "blwbl9vPvRLtL5QlZgfpLvsFiZ4=",
 			"path": "github.com/jmespath/go-jmespath",