From 16d1dd134a995cf62cdbcf6c2d59da7ae09d601b Mon Sep 17 00:00:00 2001 From: Marek Majkowski Date: Mon, 10 Jun 2013 20:30:57 +0100 Subject: [PATCH] Fix #9043 - simplyfy the code and use EVP_PKEY_cmp instead of pkey_eq / tor_tls_evp_pkey_eq --- src/common/tortls.c | 25 +---------------------- src/common/tortls.h | 5 ----- src/test/include.am | 1 - src/test/test.c | 2 -- src/test/test_tortls.c | 45 ------------------------------------------ 5 files changed, 1 insertion(+), 77 deletions(-) delete mode 100644 src/test/test_tortls.c diff --git a/src/common/tortls.c b/src/common/tortls.c index c0e36034d2..6bd557b8c0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -979,29 +979,6 @@ tor_tls_cert_get_key(tor_cert_t *cert) return result; } -/** Return true iff a and b represent the same public key. */ -int -tor_tls_evp_pkey_eq(EVP_PKEY *a, EVP_PKEY *b) -{ - /* We'd like to do this, but openssl 0.9.7 doesn't have it: - return EVP_PKEY_cmp(a,b) == 1; - */ - unsigned char *a_enc = NULL, *b_enc = NULL; - int a_len, b_len, result; - a_len = i2d_PublicKey(a, &a_enc); - b_len = i2d_PublicKey(b, &b_enc); - if (a_len != b_len || a_len < 0) { - result = 0; - } else { - result = tor_memeq(a_enc, b_enc, a_len); - } - if (a_enc) - OPENSSL_free(a_enc); - if (b_enc) - OPENSSL_free(b_enc); - return result; -} - /** Return true iff the other side of tls has authenticated to us, and * the key certified in cert is the same as the key they used to do it. */ @@ -1017,7 +994,7 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert) link_key = X509_get_pubkey(peercert); cert_key = X509_get_pubkey(cert->cert); - result = link_key && cert_key && tor_tls_evp_pkey_eq(cert_key, link_key); + result = link_key && cert_key && EVP_PKEY_cmp(cert_key, link_key) == 1; X509_free(peercert); if (link_key) diff --git a/src/common/tortls.h b/src/common/tortls.h index c71ed573f2..49c488b365 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -138,10 +138,5 @@ int tor_tls_cert_is_valid(int severity, int check_rsa_1024); const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls); -#ifdef TORTLS_PRIVATE -/* Prototypes for private functions only used by the unit tests. */ -int tor_tls_evp_pkey_eq(EVP_PKEY *a, EVP_PKEY *b); -#endif - #endif diff --git a/src/test/include.am b/src/test/include.am index af95d44470..112d1a79d8 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -23,7 +23,6 @@ src_test_test_SOURCES = \ src/test/test_microdesc.c \ src/test/test_pt.c \ src/test/test_replay.c \ - src/test/test_tortls.c \ src/test/test_util.c \ src/test/test_config.c \ src/ext/tinytest.c diff --git a/src/test/test.c b/src/test/test.c index da5b4e5256..a9cf899a0e 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -2133,7 +2133,6 @@ extern struct testcase_t config_tests[]; extern struct testcase_t introduce_tests[]; extern struct testcase_t replaycache_tests[]; extern struct testcase_t cell_format_tests[]; -extern struct testcase_t tortls_tests[]; static struct testgroup_t testgroups[] = { { "", test_array }, @@ -2148,7 +2147,6 @@ static struct testgroup_t testgroups[] = { { "pt/", pt_tests }, { "config/", config_tests }, { "replaycache/", replaycache_tests }, - { "tortls/", tortls_tests }, { "introduce/", introduce_tests }, END_OF_GROUPS }; diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c deleted file mode 100644 index 5409ced9d1..0000000000 --- a/src/test/test_tortls.c +++ /dev/null @@ -1,45 +0,0 @@ -/* Copyright (c) 2013-2013, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -#include - -#include "orconfig.h" -#define CRYPTO_PRIVATE -#define TORTLS_PRIVATE -#include "or.h" -#include "test.h" - -static void -test_tortls_evp_pkey_eq(void) -{ - crypto_pk_t *pk1 = NULL, *pk2 = NULL; - EVP_PKEY *evp1 = NULL, *evp2 = NULL; - - pk1 = pk_generate(0); - pk2 = pk_generate(1); - test_assert(pk1 && pk2); - - evp1 = crypto_pk_get_evp_pkey_(pk1, 0); - evp2 = crypto_pk_get_evp_pkey_(pk2, 0); - test_assert(evp1 && evp2); - - test_assert(tor_tls_evp_pkey_eq(evp1, evp2) == 0); - test_assert(tor_tls_evp_pkey_eq(evp1, evp1) == 1); - - done: - crypto_pk_free(pk1); - crypto_pk_free(pk2); - if (evp1) - EVP_PKEY_free(evp1); - if (evp2) - EVP_PKEY_free(evp2); -} - -#define TORTLS_LEGACY(name) \ - { #name, legacy_test_helper, 0, &legacy_setup, test_tortls_ ## name } - -struct testcase_t tortls_tests[] = { - TORTLS_LEGACY(evp_pkey_eq), - END_OF_TESTCASES -}; -