commit 09c750cce353d76c6b1e1481150c5dc0166f5a53 Author: Nick Mathewson nickm@torproject.org Date: Fri Nov 4 13:49:05 2016 -0400
Check the correct key when checking RSA crosscert in hs_descriptor.c
Note that the "signed key" in the signing key certificate is the signing key. The "signing key" in the signing key certificate is the key that signs the certificate -- that is, the blinded key. --- src/or/hs_descriptor.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index f89bd4b..f5dafab 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -1290,10 +1290,10 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start) } if (rsa_ed25519_crosscert_check((const uint8_t *) tok->object_body, tok->object_size, ip->enc_key.legacy, - &desc->plaintext_data.signing_key_cert->signing_key, + &desc->plaintext_data.signing_key_cert->signed_key, approx_time()-86400)) { - log_warn(LD_REND, "Unable to cross certify the introduction point " - "legacy encryption key."); + log_warn(LD_REND, "Unable to check cross-certification on the " + "introduction point legacy encryption key."); goto err; } break;