Fix #9043 - simplyfy the code and use EVP_PKEY_cmp instead of pkey_eq / tor_tls_evp_pkey_eq

src/common/tortls.c

@@ -979,29 +979,6 @@ tor_tls_cert_get_key(tor_cert_t *cert)
   return result;
 }
 
-/** Return true iff <b>a</b> and <b>b</b> represent the same public key. */
-int
-tor_tls_evp_pkey_eq(EVP_PKEY *a, EVP_PKEY *b)
-{
-  /* We'd like to do this, but openssl 0.9.7 doesn't have it:
-     return EVP_PKEY_cmp(a,b) == 1;
-  */
-  unsigned char *a_enc = NULL, *b_enc = NULL;
-  int a_len, b_len, result;
-  a_len = i2d_PublicKey(a, &a_enc);
-  b_len = i2d_PublicKey(b, &b_enc);
-  if (a_len != b_len || a_len < 0) {
-    result = 0;
-  } else {
-    result = tor_memeq(a_enc, b_enc, a_len);
-  }
-  if (a_enc)
-    OPENSSL_free(a_enc);
-  if (b_enc)
-    OPENSSL_free(b_enc);
-  return result;
-}
-
 /** Return true iff the other side of <b>tls</b> has authenticated to us, and
  * the key certified in <b>cert</b> is the same as the key they used to do it.
  */
@@ -1017,7 +994,7 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
   link_key = X509_get_pubkey(peercert);
   cert_key = X509_get_pubkey(cert->cert);
 
-  result = link_key && cert_key && tor_tls_evp_pkey_eq(cert_key, link_key);
+  result = link_key && cert_key && EVP_PKEY_cmp(cert_key, link_key) == 1;
 
   X509_free(peercert);
   if (link_key)

src/common/tortls.h

@@ -138,10 +138,5 @@ int tor_tls_cert_is_valid(int severity,
                           int check_rsa_1024);
 const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
 
-#ifdef TORTLS_PRIVATE
-/* Prototypes for private functions only used by the unit tests. */
-int tor_tls_evp_pkey_eq(EVP_PKEY *a, EVP_PKEY *b);
-#endif
-
 #endif
 

src/test/include.am

@@ -23,7 +23,6 @@ src_test_test_SOURCES = \
 	src/test/test_microdesc.c \
 	src/test/test_pt.c \
 	src/test/test_replay.c \
-	src/test/test_tortls.c \
 	src/test/test_util.c \
 	src/test/test_config.c \
 	src/ext/tinytest.c

src/test/test.c

@@ -2133,7 +2133,6 @@ extern struct testcase_t config_tests[];
 extern struct testcase_t introduce_tests[];
 extern struct testcase_t replaycache_tests[];
 extern struct testcase_t cell_format_tests[];
-extern struct testcase_t tortls_tests[];
 
 static struct testgroup_t testgroups[] = {
   { "", test_array },
@@ -2148,7 +2147,6 @@ static struct testgroup_t testgroups[] = {
   { "pt/", pt_tests },
   { "config/", config_tests },
   { "replaycache/", replaycache_tests },
-  { "tortls/", tortls_tests },
   { "introduce/", introduce_tests },
   END_OF_GROUPS
 };

src/test/test_tortls.c

@@ -1,45 +0,0 @@
-/* Copyright (c) 2013-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-#include <openssl/evp.h>
-
-#include "orconfig.h"
-#define CRYPTO_PRIVATE
-#define TORTLS_PRIVATE
-#include "or.h"
-#include "test.h"
-
-static void
-test_tortls_evp_pkey_eq(void)
-{
-  crypto_pk_t *pk1 = NULL, *pk2 = NULL;
-  EVP_PKEY *evp1 = NULL, *evp2 = NULL;
-
-  pk1 = pk_generate(0);
-  pk2 = pk_generate(1);
-  test_assert(pk1 && pk2);
-
-  evp1 = crypto_pk_get_evp_pkey_(pk1, 0);
-  evp2 = crypto_pk_get_evp_pkey_(pk2, 0);
-  test_assert(evp1 && evp2);
-
-  test_assert(tor_tls_evp_pkey_eq(evp1, evp2) == 0);
-  test_assert(tor_tls_evp_pkey_eq(evp1, evp1) == 1);
-
- done:
-  crypto_pk_free(pk1);
-  crypto_pk_free(pk2);
-  if (evp1)
-    EVP_PKEY_free(evp1);
-  if (evp2)
-    EVP_PKEY_free(evp2);
-}
-
-#define TORTLS_LEGACY(name) \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_tortls_ ## name }
-
-struct testcase_t tortls_tests[] = {
-  TORTLS_LEGACY(evp_pkey_eq),
-  END_OF_TESTCASES
-};
-