Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix verification when key specifies hash algorithm #168

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

Fix verification when key specifies hash algorithm #168

wants to merge 7 commits into from

Conversation

abeverley
Copy link

If an ARC key specifies the hash type as SHA256 (i.e. h=sha256) then OpenARC will fail to verify the signature. Whilst the presence of a particular hash type is detected, the type is not set and it defaults to sha1.

flowerysong
flowerysong suggested changes Feb 4, 2024
View reviewed changes
Copy link
Contributor

@flowerysong flowerysong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks generally reasonable, but it does have some potential crashes that the previous structure avoided.

libopenarc/arc.c Show resolved Hide resolved
libopenarc/arc.c Outdated Show resolved Hide resolved
libopenarc/arc.c Outdated Show resolved Hide resolved
@abeverley
Copy link
Author

Thanks @flowerysong I really appreciate the quick feedback. I've added a couple of additional commits - would you mind taking a look now please?

flowerysong
flowerysong reviewed Feb 4, 2024
View reviewed changes
libopenarc/arc.c Outdated Show resolved Hide resolved
flowerysong pushed a commit to flowerysong/OpenARC that referenced this pull request Feb 6, 2024
@abeverley @flowerysong
Fix verification when key specifies hash algorithm
6275015 
trusteddomainproject/OpenARC#168
@flowerysong
Copy link
Contributor

LGTM. I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

I'm on vacation for the rest of the week so I don't have time to test this branch right now, but I hope to have a chance next week to set up some rudimentary CI.

@abeverley
Copy link
Author

I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

Brilliant. Just to mention (for people's general interest) that I personally have been using the openarc package in Debian Experimental. It already includes a few existing PRs, and then I've added in #168 and #167. Seems to work well.

futatuki added a commit to futatuki/OpenARC that referenced this pull request Sep 16, 2024
@futatuki
Merge pull request trusteddomainproject#168 from simplelists/hashtype…
68bc7aa 
…_parse

Fix verification when key specifies hash algorithm

If an ARC key specifies the hash type as SHA256 (i.e. h=sha256) then
OpenARC will fail to verify the signature. Whilst the presence of a
particular hash type is detected, the type is not set and it defaults
to sha1.

trusteddomainproject#168
@flowerysong flowerysong mentioned this pull request Oct 16, 2024
Closed
60 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flowerysong flowerysong flowerysong requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abeverley @flowerysong