Merge branch 'ticket40374_046' into maint-0.4.6

2024-09-21 05:26:20 +02:00 · 2021-05-10 14:30:00 -04:00 · 2021-05-10 14:30:00 -04:00 · 8851861ff0
commit 8851861ff0
parent af6da4a36b 8d0d7a665a
4 changed files with 11 additions and 28 deletions
--- a/changes/ticket40374
+++ b/changes/ticket40374
@ -0,0 +1,4 @@
+  o Removed features:
+    - Remove unneeded code for parsing private keys in directory documents.
+      This code was only used for client authentication in v2 onion
+      services, which are now unsupported.  Closes ticket 40374.
--- a/src/feature/dirparse/parsecommon.c
+++ b/src/feature/dirparse/parsecommon.c
@ -216,7 +216,6 @@ token_check_object(memarea_t *area, const char *kwd,
      }
      break;
    case NEED_KEY_1024: /* There must be a 1024-bit public key. */
-    case NEED_SKEY_1024: /* There must be a 1024-bit private key. */
      if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) {
        tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits",
                     kwd, crypto_pk_num_bits(tok->key));
@ -228,18 +227,11 @@ token_check_object(memarea_t *area, const char *kwd,
        tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd);
        RET_ERR(ebuf);
      }
-      if (o_syn != NEED_SKEY_1024) {
-        if (crypto_pk_key_is_private(tok->key)) {
-          tor_snprintf(ebuf, sizeof(ebuf),
-               "Private key given for %s, which wants a public key", kwd);
-          RET_ERR(ebuf);
-        }
-      } else { /* o_syn == NEED_SKEY_1024 */
-        if (!crypto_pk_key_is_private(tok->key)) {
-          tor_snprintf(ebuf, sizeof(ebuf),
-               "Public key given for %s, which wants a private key", kwd);
-          RET_ERR(ebuf);
-        }
+
+      if (crypto_pk_key_is_private(tok->key)) {
+        tor_snprintf(ebuf, sizeof(ebuf),
+                "Private key given for %s, which wants a public key", kwd);
+        RET_ERR(ebuf);
      }
      break;
    case OBJ_OK:
@ -409,15 +401,6 @@ get_next_token(memarea_t *area,
    tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size);
    if (! tok->key)
      RET_ERR("Couldn't parse public key.");
-  } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
-    if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) {
-      RET_ERR("Unexpected private key.");
-    }
-    tok->key = crypto_pk_asn1_decode_private(tok->object_body,
-                                             tok->object_size,
-                                             1024);
-    if (! tok->key)
-      RET_ERR("Couldn't parse private key.");
  }
  *s = eol;

--- a/src/feature/dirparse/parsecommon.h
+++ b/src/feature/dirparse/parsecommon.h
@ -218,7 +218,6 @@ typedef struct directory_token_t {
 typedef enum {
  NO_OBJ,        /**< No object, ever. */
  NEED_OBJ,      /**< Object is required. */
-  NEED_SKEY_1024,/**< Object is required, and must be a 1024 bit private key */
  NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */
  NEED_KEY,      /**< Object is required, and must be a public key. */
  OBJ_OK,        /**< Object is optional. */
--- a/src/test/test_parsecommon.c
+++ b/src/test/test_parsecommon.c
@ -326,18 +326,15 @@ test_parsecommon_get_next_token_parse_keys(void *arg)
  const char *end2 = str2 + strlen(str2);
  const char **s2 = (const char **)&str2;

-  token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS,
-                           NEED_SKEY_1024);
-
+  token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, OBJ_OK);
  token2 = get_next_token(area, s2, end2, &rule2);
  tt_assert(token2);
-
  tt_int_op(token2->tp, OP_EQ, C_CLIENT_KEY);
  tt_int_op(token2->n_args, OP_EQ, 0);
  tt_str_op(token2->object_type, OP_EQ, "RSA PRIVATE KEY");
  tt_int_op(token2->object_size, OP_EQ, 608);
  tt_assert(token2->object_body);
-  tt_assert(token2->key);
+  tt_assert(token2->key == NULL);
  tt_assert(!token->error);

 done: