Give tor_cert_get_id_digests() fail-fast behavior

Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
This commit is contained in:
Nick Mathewson 2011-10-05 10:33:39 -04:00
parent 40f0d111c2
commit e56d7a3809
3 changed files with 24 additions and 6 deletions

View File

@ -102,6 +102,7 @@ struct tor_cert_t {
X509 *cert;
uint8_t *encoded;
size_t encoded_len;
unsigned pkey_digests_set : 1;
digests_t cert_digests;
digests_t pkey_digests;
};
@ -734,6 +735,7 @@ tor_cert_new(X509 *x509_cert)
(rsa = EVP_PKEY_get1_RSA(pkey))) {
crypto_pk_env_t *pk = _crypto_new_pk_env_rsa(rsa);
crypto_pk_get_all_digests(pk, &cert->pkey_digests);
cert->pkey_digests_set = 1;
crypto_free_pk_env(pk);
EVP_PKEY_free(pkey);
}
@ -794,11 +796,15 @@ tor_cert_get_der(const tor_cert_t *cert,
*size_out = cert->encoded_len;
}
/** Return a set of digests for the public key in <b>cert</b>. */
/** Return a set of digests for the public key in <b>cert</b>, or NULL if this
* cert's public key is not one we know how to take the digest of. */
const digests_t *
tor_cert_get_id_digests(const tor_cert_t *cert)
{
if (cert->pkey_digests_set)
return &cert->pkey_digests;
else
return NULL;
}
/** Return a set of digests for the public key in <b>cert</b>. */

View File

@ -939,8 +939,12 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
conn->handshake_state->authenticated = 1;
{
crypto_pk_env_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
crypto_pk_env_t *identity_rcvd;
if (!id_digests)
ERR("Couldn't compute digests for key in ID cert");
identity_rcvd = tor_tls_cert_get_key(id_cert);
memcpy(conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
connection_or_set_circid_type(conn, identity_rcvd);
@ -1172,6 +1176,9 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
const digests_t *id_digests =
tor_cert_get_id_digests(conn->handshake_state->id_cert);
/* This must exist; we checked key type when reading the cert. */
tor_assert(id_digests);
memcpy(conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);

View File

@ -2060,12 +2060,17 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
{
const tor_cert_t *id_cert=NULL, *link_cert=NULL;
const digests_t *my_digests, *their_digests;
const uint8_t *my_id, *their_id, *client_id, *server_id;
if (tor_tls_get_my_certs(0, &link_cert, &id_cert))
return -1;
my_id = (uint8_t*)tor_cert_get_id_digests(id_cert)->d[DIGEST_SHA256];
their_id = (uint8_t*)
tor_cert_get_id_digests(conn->handshake_state->id_cert)->d[DIGEST_SHA256];
my_digests = tor_cert_get_id_digests(id_cert);
their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
tor_assert(my_digests);
tor_assert(their_digests);
my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
their_id = (uint8_t*)their_digests->d[DIGEST_SHA256];
client_id = server ? their_id : my_id;
server_id = server ? my_id : their_id;