diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-09-17 08:42:25 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-09-17 08:42:25 -0400 |
commit | 5d1d7afcd319e1dcdc046b2227a13e0cb2d80534 (patch) | |
tree | 7d866b87c8d8dfbb7a3fa3fec14302f3f902a58b /src/feature/nodelist/torcert.c | |
parent | 22643272d24fdcd106887b792f2e36dc604029c0 (diff) | |
download | tor-5d1d7afcd319e1dcdc046b2227a13e0cb2d80534.tar.gz tor-5d1d7afcd319e1dcdc046b2227a13e0cb2d80534.zip |
Use the correct SIGNED_KEY_TYPE value for signing->link certs
Our code was using [01] as for the key type of signed->link certs,
which was incorrect. The value should be [03], to indicate that the
value as the SHA256 of an x.509 cert.
Fortunately, nothing cares about this value, so there shouldn't be
compatibility issues.
Fixes bug 40124; bugfix on 0.2.7.2-alpha.
Diffstat (limited to 'src/feature/nodelist/torcert.c')
-rw-r--r-- | src/feature/nodelist/torcert.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/feature/nodelist/torcert.c b/src/feature/nodelist/torcert.c index 603b8bf086..dc36626122 100644 --- a/src/feature/nodelist/torcert.c +++ b/src/feature/nodelist/torcert.c @@ -37,11 +37,11 @@ #include "core/or/or_handshake_certs_st.h" -/** Helper for tor_cert_create_*(): signs any 32 bytes, not just an ed25519 - * key. +/** As tor_cert_create(), but accept an arbitrary signed_key_type as the + * subject key -- not just an ed25519 key. */ -static tor_cert_t * -tor_cert_sign_impl(const ed25519_keypair_t *signing_key, +tor_cert_t * +tor_cert_create_raw(const ed25519_keypair_t *signing_key, uint8_t cert_type, uint8_t signed_key_type, const uint8_t signed_key_info[32], @@ -134,7 +134,7 @@ tor_cert_create_ed25519(const ed25519_keypair_t *signing_key, time_t now, time_t lifetime, uint32_t flags) { - return tor_cert_sign_impl(signing_key, cert_type, + return tor_cert_create_raw(signing_key, cert_type, SIGNED_KEY_TYPE_ED25519, signed_key->pubkey, now, lifetime, flags); } |