diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2024-03-24 14:16:36 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2024-03-24 14:16:36 +0100 |
| commit | 585e5675b9e97063058e5481b4682dbe520e2fca (patch) | |
| tree | 971b05bad8c4898a4a01e327f582c76000fb57ae | |
| parent | fcea4415057618a65c506921e86ae5e4056c0ef9 (diff) | |
openpgp: Remember digests during certificate canonicalization.
- We have done the hashing, and the cert structure provides enough
context to do the verification without doing the hashing again.
| -rw-r--r-- | openpgp/src/cert.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/packet/signature.rs | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index b35fd7eb..f7cd1797 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -1710,6 +1710,7 @@ impl Cert { } } else { // No key, we need to trust our heuristic. + sig.set_computed_digest(Some(hash)); $binding.$sigs.push(sig); } } else { @@ -1955,6 +1956,7 @@ impl Cert { $sig.digest_prefix()[1], $sig.typ(), $desc); + sig.set_computed_digest(Some(hash)); $sigs.push($sig.clone()); // The cost of missing a revocation // certificate merely because we put diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index 08e49009..ed0dfaec 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -1810,7 +1810,8 @@ pub struct Signature4 { /// When used in conjunction with a one-pass signature, this is the /// hash computed over the enclosed message. /// - /// This is also set when a signature is successfully verified. + /// This is also set when a signature is successfully verified, + /// and on signatures during certificate canonicalization. computed_digest: Option<Vec<u8>>, /// Signature level. @@ -1967,7 +1968,8 @@ impl Signature4 { /// Gets the computed hash value. /// /// This is set by the [`PacketParser`] when parsing the message, - /// or during successful verification of signatures. + /// during successful verification of signatures, and on + /// signatures during certificate canonicalization. /// /// [`PacketParser`]: crate::parse::PacketParser pub fn computed_digest(&self) -> Option<&[u8]> { |