Skip to content

Verifier: Use correct Timestamp hash algorithm #1385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Verifier: Use correct Timestamp hash algorithm #1385

wants to merge 3 commits into from
+10 −10

Conversation

jku
Copy link
Member

@jku jku commented May 15, 2025
edited
Loading

Don't assume sha256. Use verify_message() instead: it looks up the correct hash from the the timestamp response.

@jku jku force-pushed the use-correct-hash-algo branch from 52f38a3 to 6305fb1 Compare May 15, 2025 08:26
@jku jku changed the title Verifier: Use correct Timestamp hash algorithm [DRAFT] Verifier: Use correct Timestamp hash algorithm May 16, 2025
@jku
Verifier: Use correct algorithm for Timestamp hash
0da31a1 
Don't assume sha256. Use verify_message() from new rfc3161-client
instead: it looks up the correct hash from the timestamp response.

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku jku force-pushed the use-correct-hash-algo branch from 6305fb1 to 0da31a1 Compare May 20, 2025 07:44
@jku jku changed the title [DRAFT] Verifier: Use correct Timestamp hash algorithm Verifier: Use correct Timestamp hash algorithm May 20, 2025
@jku
Copy link
Member Author

jku commented May 20, 2025
edited
Loading

lol, I made another seemingly unrelated fix in the new rfc3161-client and now lint fails because of the combination of these two fixes... trailofbits/rfc3161-client#152

This is just a lint issue so I silenced it for now but we can also wait for next rfc3161-client release.

@jku jku linked an issue May 21, 2025 that may be closed by this pull request
TSA verification only works for sha256 #1375
Open
@jku jku marked this pull request as ready for review May 21, 2025 07:28
woodruffw
woodruffw approved these changes May 23, 2025
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @jku!

(Needs deconflict but otherwise good to go.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TSA verification only works for sha256
2 participants
@jku @woodruffw