When parsing, reject >1024-bit RSA private keys sooner.

Private-key validation is fairly expensive for long keys in openssl, so we need to avoid it sooner.
author: Nick Mathewson <nickm@torproject.org> 2020-02-05 11:11:35 -0500
committer: Nick Mathewson <nickm@torproject.org> 2020-02-05 11:11:35 -0500
commit: 9e1085c924133d7b73c7b0a42282fb13b34f28b8 (patch)
tree: fc13d825436c34fc8f4f76f45c1951b850a3a499 /src/feature/dirparse
parent: 41d52e9cd80bfb318ec7f0969f3889d275012e37 (diff)
download: tor-9e1085c924133d7b73c7b0a42282fb13b34f28b8.tar.gz
tor-9e1085c924133d7b73c7b0a42282fb13b34f28b8.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c
index 632f5adff0..5b753f0f23 100644
--- a/src/feature/dirparse/parsecommon.c
+++ b/src/feature/dirparse/parsecommon.c
@@ -389,7 +389,8 @@ get_next_token(memarea_t *area,
       RET_ERR("Couldn't parse public key.");
   } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
     tok->key = crypto_pk_new();
-    if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
+    if (crypto_pk_read_private_key1024_from_string(tok->key,
+                                                   obstart, eol-obstart))
       RET_ERR("Couldn't parse private key.");
   } else { /* If it's something else, try to base64-decode it */
     int r;
author	Nick Mathewson <nickm@torproject.org>	2020-02-05 11:11:35 -0500
committer	Nick Mathewson <nickm@torproject.org>	2020-02-05 11:11:35 -0500
commit	9e1085c924133d7b73c7b0a42282fb13b34f28b8 (patch)
tree	fc13d825436c34fc8f4f76f45c1951b850a3a499 /src/feature/dirparse
parent	41d52e9cd80bfb318ec7f0969f3889d275012e37 (diff)
download	tor-9e1085c924133d7b73c7b0a42282fb13b34f28b8.tar.gz tor-9e1085c924133d7b73c7b0a42282fb13b34f28b8.zip