Don't crash when accountingmax is set in non-server Tors

We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.

2 files changed, 16 insertions, 8 deletions

diff --git a/changes/bug2235 b/changes/bug2235
new file mode 100644
index 0000000000..0c3bafa44f
--- /dev/null
+++ b/changes/bug2235
@@ -0,0 +1,3 @@
+  o Minor bugfixes
+    - Avoid crashes when AccountingMax is set on clients.  Fixes bug 2235;
+      Bugfix on 0.2.2.18-alpha.  Diagnosed by boboper.
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index 04e06c8164..dfc4edfc82 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -463,14 +463,19 @@ accounting_set_wakeup_time(void)
     }
   }
 
-  format_iso_time(buf, interval_start_time);
-  crypto_pk_get_digest(get_server_identity_key(), digest);
-
-  d_env = crypto_new_digest_env();
-  crypto_digest_add_bytes(d_env, buf, ISO_TIME_LEN);
-  crypto_digest_add_bytes(d_env, digest, DIGEST_LEN);
-  crypto_digest_get_digest(d_env, digest, DIGEST_LEN);
-  crypto_free_digest_env(d_env);
+  if (server_identity_key_is_set()) {
+    format_iso_time(buf, interval_start_time);
+
+    crypto_pk_get_digest(get_server_identity_key(), digest);
+
+    d_env = crypto_new_digest_env();
+    crypto_digest_add_bytes(d_env, buf, ISO_TIME_LEN);
+    crypto_digest_add_bytes(d_env, digest, DIGEST_LEN);
+    crypto_digest_get_digest(d_env, digest, DIGEST_LEN);
+    crypto_free_digest_env(d_env);
+  } else {
+    crypto_rand(digest, DIGEST_LEN);
+  }
 
   if (!expected_bandwidth_usage) {
     char buf1[ISO_TIME_LEN+1];