[tor-commits] [tor/master] Remove tor-checkkey as obsolete
nickm at torproject.org
nickm at torproject.org
Fri Apr 7 17:22:34 UTC 2017
commit 7b60f0129a12543cf08a2cef5c13b8bfa6691459
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Mar 31 10:57:48 2017 -0400
Remove tor-checkkey as obsolete
CVE-2008-0166 is long gone, and we no longer need a helper tool to
dump out public key moduli so folks can detect it.
Closes ticket 21842.
---
changes/ticket21842 | 6 ++++
src/common/crypto.c | 2 +-
src/tools/include.am | 11 ------
src/tools/tor-checkkey.c | 89 ------------------------------------------------
4 files changed, 7 insertions(+), 101 deletions(-)
diff --git a/changes/ticket21842 b/changes/ticket21842
new file mode 100644
index 0000000..4b039c6
--- /dev/null
+++ b/changes/ticket21842
@@ -0,0 +1,6 @@
+ o Removed features:
+ - We've removed the tor-checkkey tool from src/tools. Long ago, we
+ used it to help people detect RSA keys that were generated by
+ versions of Debian affected by CVE-2008-0166. But those keys
+ have been out of circulation for ages, and this tool is no
+ longer required. Closes ticket 21842.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index a5eb7b5..6519719 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -467,7 +467,7 @@ crypto_new_pk_from_rsa_(RSA *rsa)
return env;
}
-/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
+/** Helper, used by tor-gencert.c. Return the RSA from a
* crypto_pk_t. */
RSA *
crypto_pk_get_rsa_(crypto_pk_t *env)
diff --git a/src/tools/include.am b/src/tools/include.am
index d0185b5..5eadb03 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -1,5 +1,4 @@
bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
-noinst_PROGRAMS+= src/tools/tor-checkkey
if COVERAGE_ENABLED
noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
@@ -43,14 +42,4 @@ src_tools_tor_cov_gencert_LDADD = src/common/libor-testing.a \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
endif
-src_tools_tor_checkkey_SOURCES = src/tools/tor-checkkey.c
-src_tools_tor_checkkey_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
-src_tools_tor_checkkey_LDADD = src/common/libor.a \
- src/common/libor-ctime.a \
- src/common/libor-crypto.a \
- $(LIBKECCAK_TINY) \
- $(LIBDONNA) \
- @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
- @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
-
EXTRA_DIST += src/tools/tor-fw-helper/README
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
deleted file mode 100644
index f2f709d..0000000
--- a/src/tools/tor-checkkey.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* Copyright (c) 2008-2017, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include "orconfig.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "crypto.h"
-#include "torlog.h"
-#include "util.h"
-#include "compat.h"
-#include "compat_openssl.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-int
-main(int c, char **v)
-{
- crypto_pk_t *env;
- char *str;
- RSA *rsa;
- int wantdigest=0;
- int fname_idx;
- char *fname=NULL;
- init_logging(1);
-
- if (c < 2) {
- fprintf(stderr, "Hi. I'm tor-checkkey. Tell me a filename that "
- "has a PEM-encoded RSA public key (like in a cert) and I'll "
- "dump the modulus. Use the --digest option too and I'll "
- "dump the digest.\n");
- return 1;
- }
-
- if (crypto_global_init(0, NULL, NULL)) {
- fprintf(stderr, "Couldn't initialize crypto library.\n");
- return 1;
- }
-
- if (!strcmp(v[1], "--digest")) {
- wantdigest = 1;
- fname_idx = 2;
- if (c<3) {
- fprintf(stderr, "too few arguments");
- return 1;
- }
- } else {
- wantdigest = 0;
- fname_idx = 1;
- }
-
- fname = expand_filename(v[fname_idx]);
- str = read_file_to_str(fname, 0, NULL);
- tor_free(fname);
- if (!str) {
- fprintf(stderr, "Couldn't read %s\n", v[fname_idx]);
- return 1;
- }
-
- env = crypto_pk_new();
- if (crypto_pk_read_public_key_from_string(env, str, strlen(str))<0) {
- fprintf(stderr, "Couldn't parse key.\n");
- return 1;
- }
- tor_free(str);
-
- if (wantdigest) {
- char digest[HEX_DIGEST_LEN+1];
- if (crypto_pk_get_fingerprint(env, digest, 0)<0)
- return 1;
- printf("%s\n",digest);
- } else {
- rsa = crypto_pk_get_rsa_(env);
-
- const BIGNUM *rsa_n;
-#ifdef OPENSSL_1_1_API
- const BIGNUM *rsa_e, *rsa_d;
- RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
-#else
- rsa_n = rsa->n;
-#endif
- str = BN_bn2hex(rsa_n);
-
- printf("%s\n", str);
- }
-
- return 0;
-}
-
More information about the tor-commits
mailing list