diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-09-11 14:13:29 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:40:10 -0400 |
| commit | 5a2f70f86a8ca226f9b818ebf0ce893c1a1db5fa (patch) | |
| tree | 51f16719e406006f262818637cdd603844d0b5e6 /src/or | |
| parent | d4c57909f8578bb90e38573b873487be3ba759bd (diff) | |
| download | tor-5a2f70f86a8ca226f9b818ebf0ce893c1a1db5fa.tar.gz tor-5a2f70f86a8ca226f9b818ebf0ce893c1a1db5fa.zip | |
Clean up comments, mark more branches as BUG.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/channeltls.c | 10 | ||||
| -rw-r--r-- | src/or/torcert.c | 6 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 7a6f0b37ce..f5b81f03df 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -2219,8 +2219,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) } /* Length of random part. */ - if (bodylen < 24) + if (BUG(bodylen < 24)) { + // LCOV_EXCL_START ERR("Bodylen is somehow less than 24, which should really be impossible"); + // LCOV_EXCL_STOP + } if (tor_memneq(expected_cell->payload+4, auth, bodylen-24)) ERR("Some field in the AUTHENTICATE cell body was not as expected"); @@ -2239,8 +2242,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) size_t keysize; int signed_len; - if (!pk) + if (BUG(!pk)) { + // LCOV_EXCL_START ERR("Internal error: couldn't get RSA key from AUTH cert."); + // LCOV_EXCL_STOP + } crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256); keysize = crypto_pk_keysize(pk); diff --git a/src/or/torcert.c b/src/or/torcert.c index cfd2210309..d100298977 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -471,9 +471,6 @@ or_handshake_certs_rsa_ok(int severity, } else { if (! (id_cert && auth_cert)) ERR("The certs we wanted (ID, Auth) were missing"); - /* Remember these certificates so we can check an AUTHENTICATE cell - * XXXX make sure we do that - */ if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, now, 1)) ERR("The authentication certificate was not valid"); if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, now, 1)) @@ -517,6 +514,9 @@ or_handshake_certs_ed25519_ok(int severity, /* check for a match with the TLS cert. */ tor_x509_cert_t *peer_cert = tor_tls_get_peer_cert(tls); if (BUG(!peer_cert)) { + /* This is a bug, because if we got to this point, we are a connection + * that was initiated here, and we completed a TLS handshake. The + * other side *must* have given us a certificate! */ ERR("No x509 peer cert"); // LCOV_EXCL_LINE } const common_digests_t *peer_cert_digests = |