tor-netdoc: Fix signature of hash_slice_for_verification (038c01aa) · Commits · The Tor Project / Core / Arti

crates/tor-netdoc/src/doc/netstatus.rs

+8 −5

Original line number	Diff line number	Diff line
		@@ -602,12 +602,15 @@ define_derive_deftly! {
		// XXXX make no longer pub(crate)
		pub(crate) fn hash_slice_for_verification(
		&self,
		algo: $ttype,
		algo: &DigestAlgoInSignature,
		) -> Option<&[u8]> {
		// XXXX handle sha1_unnamed correctly
		match algo { $(
		$vtype => Some(self.$FNAME.as_ref()?),
		) }
		match &**algo {
		$(
		Some(KeywordOrString::Known($vtype)) => Some(self.$FNAME.as_ref()?),
		)
		None => Some(self.sha1.as_ref()?), // XXXX handle this correctly
		Some(KeywordOrString::Unknown(..)) => None,
		}
		}
		}
		}

+2 −9

Original line number	Diff line number	Diff line
		@@ -3,7 +3,7 @@
		use super::*;

		use crate::doc::{self, authcert};
		use crate::types::{self, KeywordOrString};
		use crate::types;
		use authcert::{AuthCertKeyIds, AuthCert as DirAuthKeyCert};
		use doc::netstatus::{ConsensusAuthoritySection, DirectorySignaturesHashesAccu, VoteAuthoritySection};
		pub use doc::netstatus::Signature as NdiDirectorySignature;
		@@ -79,8 +79,7 @@ fn verify_general_timeless(
		signature: rsa_signature,
		} = sig;

		match hash_algo.algorithm() {
		KeywordOrString::Known(hash_algo) => {
		if let Some(h) = hashes.hash_slice_for_verification(hash_algo) {
		let Some(authority) = ({
		trusted
		.iter()
		@@ -98,16 +97,10 @@ fn verify_general_timeless(
		continue;
		};

		let h = hashes
		.hash_slice_for_verification(*hash_algo)
		.ok_or(VF::Bug)?;

		let () = cert.dir_signing_key.verify(h, rsa_signature)?;

		ok.insert(*authority);
		}
		KeywordOrString::Unknown(..) => {}
		}
		}

		if ok.len() < threshold {