From 52e3fa50724633cb5f3550ae8366af7a6862e889 Mon Sep 17 00:00:00 2001
From: Paul van Brouwershaven <paul@vanbrouwershaven.com>
Date: Mon, 10 Mar 2025 16:54:56 +0100
Subject: [PATCH] Check hash with the given algorithm

---
 verify/verify.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/verify/verify.go b/verify/verify.go
index 2df5ed7..2474a54 100644
--- a/verify/verify.go
+++ b/verify/verify.go
@@ -2,7 +2,6 @@ package verify
 
 import (
 	"bytes"
-	"crypto"
 	"crypto/x509"
 	"encoding/asn1"
 	"fmt"
@@ -175,8 +174,9 @@ func Reader(file io.ReaderAt, size int64) (apiResp *Response, err error) {
 						apiResp.Error = fmt.Sprintln("Failed to parse timestamp", err)
 					} else {
 						r := bytes.NewReader(s.EncryptedDigest)
-						h := crypto.SHA256.New()
-						b := make([]byte, 32)
+
+						h := signer.TimeStamp.HashAlgorithm.New()
+						b := make([]byte, h.Size())
 						for {
 							n, err := r.Read(b)
 							if err == io.EOF {
@@ -187,7 +187,7 @@ func Reader(file io.ReaderAt, size int64) (apiResp *Response, err error) {
 						}
 
 						if !bytes.Equal(h.Sum(nil), signer.TimeStamp.HashedMessage) {
-							apiResp.Error = fmt.Sprintln("Hash in timestamp is different from pkcs7")
+							apiResp.Error = fmt.Sprintln("Timestamp hash does not match")
 						}
 
 						break