Downgrade 'invalid result from curve25519 handshake: 4' warning

Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.

1 files changed, 15 insertions, 4 deletions

diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index ef501f69da..32d5344520 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -3,8 +3,8 @@
 
 #include "orconfig.h"
 
-#include "crypto.h"
 #define ONION_NTOR_PRIVATE
+#include "crypto.h"
 #include "onion_ntor.h"
 #include "torlog.h"
 #include "util.h"
@@ -226,7 +226,8 @@ onion_skin_ntor_client_handshake(
                              const ntor_handshake_state_t *handshake_state,
                              const uint8_t *handshake_reply,
                              uint8_t *key_out,
-                             size_t key_out_len)
+                             size_t key_out_len,
+                             const char **msg_out)
 {
   const tweakset_t *T = &proto1_tweaks;
   /* Sensitive stack-allocated material. Kept in an anonymous struct to make
@@ -291,8 +292,18 @@ onion_skin_ntor_client_handshake(
 
   memwipe(&s, 0, sizeof(s));
 
-  if (bad) {
-    log_warn(LD_PROTOCOL, "Invalid result from curve25519 handshake: %d", bad);
+  if (bad && msg_out) {
+    if (bad & 4) {
+      *msg_out = NULL; /* Don't report this one; we probably just had the
+                        * wrong onion key.*/
+      log_fn(LOG_INFO, LD_PROTOCOL,
+             "Invalid result from curve25519 handshake: %d", bad);
+    }
+    if (bad & 3) {
+      *msg_out = "Zero output from curve25519 handshake";
+      log_fn(LOG_WARN, LD_PROTOCOL,
+             "Invalid result from curve25519 handshake: %d", bad);
+    }
   }
 
   return bad ? -1 : 0;