Give tor_cert_get_id_digests() fail-fast behavior

Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.

1 files changed, 8 insertions, 1 deletions

diff --git a/src/or/command.c b/src/or/command.c
index 91486c14b..c1e2f5e8e 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -939,8 +939,12 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
 
     conn->handshake_state->authenticated = 1;
     {
-      crypto_pk_env_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
       const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
+      crypto_pk_env_t *identity_rcvd;
+      if (!id_digests)
+        ERR("Couldn't compute digests for key in ID cert");
+
+      identity_rcvd = tor_tls_cert_get_key(id_cert);
       memcpy(conn->handshake_state->authenticated_peer_id,
              id_digests->d[DIGEST_SHA1], DIGEST_LEN);
       connection_or_set_circid_type(conn, identity_rcvd);
@@ -1172,6 +1176,9 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
     const digests_t *id_digests =
       tor_cert_get_id_digests(conn->handshake_state->id_cert);
 
+    /* This must exist; we checked key type when reading the cert. */
+    tor_assert(id_digests);
+
     memcpy(conn->handshake_state->authenticated_peer_id,
            id_digests->d[DIGEST_SHA1], DIGEST_LEN);