diff --git a/changes/ticket40374 b/changes/ticket40374 new file mode 100644 index 0000000000..8b6e99b8af --- /dev/null +++ b/changes/ticket40374 @@ -0,0 +1,4 @@ + o Removed features: + - Remove unneeded code for parsing private keys in directory documents. + This code was only used for client authentication in v2 onion + services, which are now unsupported. Closes ticket 40374. diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index 2519071c8c..d7a6d65346 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -216,7 +216,6 @@ token_check_object(memarea_t *area, const char *kwd, } break; case NEED_KEY_1024: /* There must be a 1024-bit public key. */ - case NEED_SKEY_1024: /* There must be a 1024-bit private key. */ if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) { tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits", kwd, crypto_pk_num_bits(tok->key)); @@ -228,18 +227,11 @@ token_check_object(memarea_t *area, const char *kwd, tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd); RET_ERR(ebuf); } - if (o_syn != NEED_SKEY_1024) { - if (crypto_pk_key_is_private(tok->key)) { - tor_snprintf(ebuf, sizeof(ebuf), - "Private key given for %s, which wants a public key", kwd); - RET_ERR(ebuf); - } - } else { /* o_syn == NEED_SKEY_1024 */ - if (!crypto_pk_key_is_private(tok->key)) { - tor_snprintf(ebuf, sizeof(ebuf), - "Public key given for %s, which wants a private key", kwd); - RET_ERR(ebuf); - } + + if (crypto_pk_key_is_private(tok->key)) { + tor_snprintf(ebuf, sizeof(ebuf), + "Private key given for %s, which wants a public key", kwd); + RET_ERR(ebuf); } break; case OBJ_OK: @@ -409,15 +401,6 @@ get_next_token(memarea_t *area, tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size); if (! tok->key) RET_ERR("Couldn't parse public key."); - } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */ - if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) { - RET_ERR("Unexpected private key."); - } - tok->key = crypto_pk_asn1_decode_private(tok->object_body, - tok->object_size, - 1024); - if (! tok->key) - RET_ERR("Couldn't parse private key."); } *s = eol; diff --git a/src/feature/dirparse/parsecommon.h b/src/feature/dirparse/parsecommon.h index 5de2bbe1b3..0f343e9c62 100644 --- a/src/feature/dirparse/parsecommon.h +++ b/src/feature/dirparse/parsecommon.h @@ -218,7 +218,6 @@ typedef struct directory_token_t { typedef enum { NO_OBJ, /**< No object, ever. */ NEED_OBJ, /**< Object is required. */ - NEED_SKEY_1024,/**< Object is required, and must be a 1024 bit private key */ NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */ NEED_KEY, /**< Object is required, and must be a public key. */ OBJ_OK, /**< Object is optional. */ diff --git a/src/test/test_parsecommon.c b/src/test/test_parsecommon.c index d270a430d8..b32840264e 100644 --- a/src/test/test_parsecommon.c +++ b/src/test/test_parsecommon.c @@ -326,18 +326,15 @@ test_parsecommon_get_next_token_parse_keys(void *arg) const char *end2 = str2 + strlen(str2); const char **s2 = (const char **)&str2; - token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, - NEED_SKEY_1024); - + token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, OBJ_OK); token2 = get_next_token(area, s2, end2, &rule2); tt_assert(token2); - tt_int_op(token2->tp, OP_EQ, C_CLIENT_KEY); tt_int_op(token2->n_args, OP_EQ, 0); tt_str_op(token2->object_type, OP_EQ, "RSA PRIVATE KEY"); tt_int_op(token2->object_size, OP_EQ, 608); tt_assert(token2->object_body); - tt_assert(token2->key); + tt_assert(token2->key == NULL); tt_assert(!token->error); done: