prop289: Move digest matching in its own function

No behavior change but code had to be refactored a bit. Also, the tor_memcmp()
was changed to tor_memneq().

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>

1 files changed, 40 insertions, 30 deletions

diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c
index 16ff5bcb8f..0a7b1cbc02 100644
--- a/src/core/or/sendme.c
+++ b/src/core/or/sendme.c
@@ -59,23 +59,18 @@ get_accept_min_version(void)
                                  SENDME_ACCEPT_MIN_VERSION_MAX);
 }
 
-/* Return true iff the given decoded SENDME version 1 cell is valid and
- * matches the expected digest on the circuit.
- *
- * Validation is done by comparing the digest in the cell from the previous
- * cell we saw which tells us that the other side has in fact seen that cell.
- * See proposal 289 for more details. */
+/* Return true iff the given cell digest matches the first digest in the
+ * circuit sendme list. */
 static bool
-cell_v1_is_valid(const sendme_cell_t *cell, const circuit_t *circ)
+v1_digest_matches(const circuit_t *circ, const uint8_t *cell_digest)
 {
-  const uint8_t *cell_digest = NULL;
+  bool ret = false;
+  uint8_t *circ_digest = NULL;
 
-  tor_assert(cell);
   tor_assert(circ);
+  tor_assert(cell_digest);
 
-  cell_digest = sendme_cell_getconstarray_data_v1_digest(cell);
-
-  /* We shouldn't have received this SENDME if we have no digests. Log at
+  /* We shouldn't have received a SENDME if we have no digests. Log at
    * protocol warning because it can be tricked by sending many SENDMEs
    * without prior data cell. */
   if (circ->sendme_last_digests == NULL ||
@@ -83,29 +78,44 @@ cell_v1_is_valid(const sendme_cell_t *cell, const circuit_t *circ)
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
            "We received a SENDME but we have no cell digests to match. "
            "Closing circuit.");
-    goto invalid;
+    goto no_match;
   }
 
   /* Pop the first element that was added (FIFO) and compare it. */
-  {
-    uint8_t *digest = smartlist_get(circ->sendme_last_digests, 0);
-    smartlist_del_keeporder(circ->sendme_last_digests, 0);
-
-    /* Compare the digest with the one in the SENDME. This cell is invalid
-     * without a perfect match. */
-    if (tor_memcmp(digest, cell_digest, TRUNNEL_SENDME_V1_DIGEST_LEN)) {
-      tor_free(digest);
-      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-             "SENDME v1 cell digest do not match.");
-      goto invalid;
-    }
-    tor_free(digest);
+  circ_digest = smartlist_get(circ->sendme_last_digests, 0);
+  smartlist_del_keeporder(circ->sendme_last_digests, 0);
+
+  /* Compare the digest with the one in the SENDME. This cell is invalid
+   * without a perfect match. */
+  if (tor_memneq(circ_digest, cell_digest, TRUNNEL_SENDME_V1_DIGEST_LEN)) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "SENDME v1 cell digest do not match.");
+    goto no_match;
   }
+  /* Digests matches! */
+  ret = true;
+
+ no_match:
+  /* This digest was popped from the circuit list. Regardless of what happens,
+   * we have no more use for it. */
+  tor_free(circ_digest);
+  return ret;
+}
 
-  /* Validated SENDME v1 cell. */
-  return 1;
- invalid:
-  return 0;
+/* Return true iff the given decoded SENDME version 1 cell is valid and
+ * matches the expected digest on the circuit.
+ *
+ * Validation is done by comparing the digest in the cell from the previous
+ * cell we saw which tells us that the other side has in fact seen that cell.
+ * See proposal 289 for more details. */
+static bool
+cell_v1_is_valid(const sendme_cell_t *cell, const circuit_t *circ)
+{
+  tor_assert(cell);
+  tor_assert(circ);
+
+  const uint8_t *cell_digest = sendme_cell_getconstarray_data_v1_digest(cell);
+  return v1_digest_matches(circ, cell_digest);
 }
 
 /* Return true iff the given cell version can be handled or if the minimum