From f1ad49bec60746169a33858a1c0bab19a16bcc62 Mon Sep 17 00:00:00 2001
From: Dominik Roos <roos@anapaya.net>
Date: Tue, 17 Jun 2025 18:07:22 +0200
Subject: [PATCH] protocol: use proper digest algorithm

Previously, we would always use SHA256 because []byte is never a valid curve.
---
 ietf-cms/protocol/protocol.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ietf-cms/protocol/protocol.go b/ietf-cms/protocol/protocol.go
index 127ff51..ed66642 100644
--- a/ietf-cms/protocol/protocol.go
+++ b/ietf-cms/protocol/protocol.go
@@ -659,7 +659,7 @@ func (sd *SignedData) AddSignerInfo(chain []*x509.Certificate, signer crypto.Sig
 		return err
 	}
 
-	digestAlgorithmID := digestAlgorithmForPublicKey(pub)
+	digestAlgorithmID := digestAlgorithmForPublicKey(signer.Public())
 
 	signatureAlgorithmOID, ok := oid.X509PublicKeyAndDigestAlgorithmToSignatureAlgorithm[cert.PublicKeyAlgorithm][digestAlgorithmID.Algorithm.String()]
 	if !ok {