Copy the signing_key_cert field into signed_descriptor_t

We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.

4 files changed, 13 insertions, 2 deletions

diff --git a/src/or/or.h b/src/or/or.h
index e0f2eb416a..ffff6d631a 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1995,6 +1995,8 @@ typedef struct signed_descriptor_t {
   char extra_info_digest[DIGEST_LEN];
   /** For routerdescs only: A SHA256-digest of the extrainfo (if any) */
   char extra_info_digest256[DIGEST256_LEN];
+  /** Certificate for ed25519 signing key. */
+  struct tor_cert_st *signing_key_cert;
   /** For routerdescs only: Status of downloading the corresponding
    * extrainfo. */
   download_status_t ei_dl_status;
@@ -2043,7 +2045,8 @@ typedef struct {
   crypto_pk_t *identity_pkey;  /**< Public RSA key for signing. */
   /** Public curve25519 key for onions */
   curve25519_public_key_t *onion_curve25519_pkey;
-  /** Certificate for ed25519 signing key */
+  /** Certificate for ed25519 signing key
+   * (XXXX duplicated in cache_info.) */
   struct tor_cert_st *signing_key_cert;
   /** What's the earliest expiration time on all the certs in this
    * routerinfo? */
@@ -2115,7 +2118,8 @@ typedef struct extrainfo_t {
   uint8_t digest256[DIGEST256_LEN];
   /** The router's nickname. */
   char nickname[MAX_NICKNAME_LEN+1];
-  /** Certificate for ed25519 signing key */
+  /** Certificate for ed25519 signing key
+   * (XXXX duplicated in cache_info.) */
   struct tor_cert_st *signing_key_cert;
   /** True iff we found the right key for this extra-info, verified the
    * signature, and found it to be bad. */
diff --git a/src/or/router.c b/src/or/router.c
index 3943643f9b..b3523ec718 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1911,6 +1911,7 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
     return -1;
   }
   ri->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
+  ri->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
 
   get_platform_str(platform, sizeof(platform));
   ri->platform = tor_strdup(platform);
@@ -2003,6 +2004,8 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
   strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
   ei->cache_info.published_on = ri->cache_info.published_on;
   ei->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
+  ei->cache_info.signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
+
   memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
          DIGEST_LEN);
   if (extrainfo_dump_to_string(&ei->cache_info.signed_descriptor_body,
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 140fe218c3..9b3b79444f 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2670,6 +2670,7 @@ routerinfo_free(routerinfo_t *router)
   if (router->identity_pkey)
     crypto_pk_free(router->identity_pkey);
   tor_cert_free(router->signing_key_cert);
+  tor_cert_free(router->cache_info.signing_key_cert);
   if (router->declared_family) {
     SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
     smartlist_free(router->declared_family);
@@ -2689,6 +2690,7 @@ extrainfo_free(extrainfo_t *extrainfo)
   if (!extrainfo)
     return;
   tor_cert_free(extrainfo->signing_key_cert);
+  tor_cert_free(extrainfo->cache_info.signing_key_cert);
   tor_free(extrainfo->cache_info.signed_descriptor_body);
   tor_free(extrainfo->pending_sig);
 
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index bc6c35fe09..531a95d5b8 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1403,6 +1403,7 @@ router_parse_entry_from_string(const char *s, const char *end,
         goto err;
       }
       router->signing_key_cert = cert; /* makes sure it gets freed. */
+      router->cache_info.signing_key_cert = tor_cert_dup(cert);
 
       if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
           ! cert->signing_key_included) {
@@ -1778,6 +1779,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
         goto err;
       }
       extrainfo->signing_key_cert = cert; /* makes sure it gets freed. */
+      extrainfo->cache_info.signing_key_cert = tor_cert_dup(cert);
       if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
           ! cert->signing_key_included) {
         log_warn(LD_DIR, "Invalid form for ed25519 cert");