[tor-commits] [tor/master] Remove NEED_SKEY_1024 parsing.
nickm at torproject.org
nickm at torproject.org
Mon May 10 18:30:13 UTC 2021
commit 8d0d7a665a5f86caa5486308ce25ac1b1f7b52bc
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Apr 23 15:55:51 2021 -0400
Remove NEED_SKEY_1024 parsing.
Only v2 onion services needed this, and they are now gone.
Closes #40374.
---
changes/ticket40374 | 4 ++++
src/feature/dirparse/parsecommon.c | 27 +++++----------------------
src/feature/dirparse/parsecommon.h | 1 -
src/test/test_parsecommon.c | 7 ++-----
4 files changed, 11 insertions(+), 28 deletions(-)
diff --git a/changes/ticket40374 b/changes/ticket40374
new file mode 100644
index 0000000000..8b6e99b8af
--- /dev/null
+++ b/changes/ticket40374
@@ -0,0 +1,4 @@
+ o Removed features:
+ - Remove unneeded code for parsing private keys in directory documents.
+ This code was only used for client authentication in v2 onion
+ services, which are now unsupported. Closes ticket 40374.
diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c
index 2519071c8c..d7a6d65346 100644
--- a/src/feature/dirparse/parsecommon.c
+++ b/src/feature/dirparse/parsecommon.c
@@ -216,7 +216,6 @@ token_check_object(memarea_t *area, const char *kwd,
}
break;
case NEED_KEY_1024: /* There must be a 1024-bit public key. */
- case NEED_SKEY_1024: /* There must be a 1024-bit private key. */
if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
kwd, crypto_pk_num_bits(tok->key));
@@ -228,18 +227,11 @@ token_check_object(memarea_t *area, const char *kwd,
tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd);
RET_ERR(ebuf);
}
- if (o_syn != NEED_SKEY_1024) {
- if (crypto_pk_key_is_private(tok->key)) {
- tor_snprintf(ebuf, sizeof(ebuf),
- "Private key given for %s, which wants a public key", kwd);
- RET_ERR(ebuf);
- }
- } else { /* o_syn == NEED_SKEY_1024 */
- if (!crypto_pk_key_is_private(tok->key)) {
- tor_snprintf(ebuf, sizeof(ebuf),
- "Public key given for %s, which wants a private key", kwd);
- RET_ERR(ebuf);
- }
+
+ if (crypto_pk_key_is_private(tok->key)) {
+ tor_snprintf(ebuf, sizeof(ebuf),
+ "Private key given for %s, which wants a public key", kwd);
+ RET_ERR(ebuf);
}
break;
case OBJ_OK:
@@ -409,15 +401,6 @@ get_next_token(memarea_t *area,
tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);
if (! tok->key)
RET_ERR("Couldn't parse public key.");
- } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
- if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) {
- RET_ERR("Unexpected private key.");
- }
- tok->key = crypto_pk_asn1_decode_private(tok->object_body,
- tok->object_size,
- 1024);
- if (! tok->key)
- RET_ERR("Couldn't parse private key.");
}
*s = eol;
diff --git a/src/feature/dirparse/parsecommon.h b/src/feature/dirparse/parsecommon.h
index 5de2bbe1b3..0f343e9c62 100644
--- a/src/feature/dirparse/parsecommon.h
+++ b/src/feature/dirparse/parsecommon.h
@@ -218,7 +218,6 @@ typedef struct directory_token_t {
typedef enum {
NO_OBJ, /**< No object, ever. */
NEED_OBJ, /**< Object is required. */
- NEED_SKEY_1024,/**< Object is required, and must be a 1024 bit private key */
NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
NEED_KEY, /**< Object is required, and must be a public key. */
OBJ_OK, /**< Object is optional. */
diff --git a/src/test/test_parsecommon.c b/src/test/test_parsecommon.c
index d270a430d8..b32840264e 100644
--- a/src/test/test_parsecommon.c
+++ b/src/test/test_parsecommon.c
@@ -326,18 +326,15 @@ test_parsecommon_get_next_token_parse_keys(void *arg)
const char *end2 = str2 + strlen(str2);
const char **s2 = (const char **)&str2;
- token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS,
- NEED_SKEY_1024);
-
+ token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, OBJ_OK);
token2 = get_next_token(area, s2, end2, &rule2);
tt_assert(token2);
-
tt_int_op(token2->tp, OP_EQ, C_CLIENT_KEY);
tt_int_op(token2->n_args, OP_EQ, 0);
tt_str_op(token2->object_type, OP_EQ, "RSA PRIVATE KEY");
tt_int_op(token2->object_size, OP_EQ, 608);
tt_assert(token2->object_body);
- tt_assert(token2->key);
+ tt_assert(token2->key == NULL);
tt_assert(!token->error);
done:
More information about the tor-commits
mailing list