diff options
| -rw-r--r-- | src/or/channeltls.c | 10 | ||||
| -rw-r--r-- | src/or/torcert.c | 6 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 7a6f0b37ce..f5b81f03df 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -2219,8 +2219,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) } /* Length of random part. */ - if (bodylen < 24) + if (BUG(bodylen < 24)) { + // LCOV_EXCL_START ERR("Bodylen is somehow less than 24, which should really be impossible"); + // LCOV_EXCL_STOP + } if (tor_memneq(expected_cell->payload+4, auth, bodylen-24)) ERR("Some field in the AUTHENTICATE cell body was not as expected"); @@ -2239,8 +2242,11 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) size_t keysize; int signed_len; - if (!pk) + if (BUG(!pk)) { + // LCOV_EXCL_START ERR("Internal error: couldn't get RSA key from AUTH cert."); + // LCOV_EXCL_STOP + } crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256); keysize = crypto_pk_keysize(pk); diff --git a/src/or/torcert.c b/src/or/torcert.c index cfd2210309..d100298977 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -471,9 +471,6 @@ or_handshake_certs_rsa_ok(int severity, } else { if (! (id_cert && auth_cert)) ERR("The certs we wanted (ID, Auth) were missing"); - /* Remember these certificates so we can check an AUTHENTICATE cell - * XXXX make sure we do that - */ if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, now, 1)) ERR("The authentication certificate was not valid"); if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, now, 1)) @@ -517,6 +514,9 @@ or_handshake_certs_ed25519_ok(int severity, /* check for a match with the TLS cert. */ tor_x509_cert_t *peer_cert = tor_tls_get_peer_cert(tls); if (BUG(!peer_cert)) { + /* This is a bug, because if we got to this point, we are a connection + * that was initiated here, and we completed a TLS handshake. The + * other side *must* have given us a certificate! */ ERR("No x509 peer cert"); // LCOV_EXCL_LINE } const common_digests_t *peer_cert_digests = |