[tor-commits] [tor/master] Check the correct key when checking RSA crosscert in hs_descriptor.c

[nickm at torproject.org]

commit 09c750cce353d76c6b1e1481150c5dc0166f5a53
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Nov 4 13:49:05 2016 -0400

    Check the correct key when checking RSA crosscert in hs_descriptor.c
    
    Note that the "signed key" in the signing key certificate is the
    signing key.  The "signing key" in the  signing key certificate is
    the key that signs the certificate -- that is, the blinded key.
---
 src/or/hs_descriptor.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index f89bd4b..f5dafab 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1290,10 +1290,10 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start)
     }
     if (rsa_ed25519_crosscert_check((const uint8_t *) tok->object_body,
           tok->object_size, ip->enc_key.legacy,
-          &desc->plaintext_data.signing_key_cert->signing_key,
+          &desc->plaintext_data.signing_key_cert->signed_key,
           approx_time()-86400)) {
-      log_warn(LD_REND, "Unable to cross certify the introduction point "
-                        "legacy encryption key.");
+      log_warn(LD_REND, "Unable to check cross-certification on the "
+                        "introduction point legacy encryption key.");
       goto err;
     }
     break;