Rename crypto_pk_check_key(), use it more reasonably, add tests

This function was a wrapper around RSA_check_key() in openssl, which checks for invalid RSA private keys (like those where p or q are composite, or where d is not the inverse of e, or where n != p*q). We don't need a function like this in NSS, since unlike OpenSSL, NSS won't let you import a bogus private key. I've renamed the function and changed its return type to make it more reasonable, and added a unit test for trying to read a key where n != p*q.
author: Nick Mathewson <nickm@torproject.org> 2018-08-31 16:15:20 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-09-04 14:52:35 -0400
commit: 600e046ed32f9826bcbdf223d99ed8af23a67504 (patch)
tree: ddd8bd777f63c3ee5f684bb40478a4a91b94a492 /src/feature/relay
parent: 3b5d6ef15bec26c3bda22057ba09e1301613ee71 (diff)
download: tor-600e046ed32f9826bcbdf223d99ed8af23a67504.tar.gz
tor-600e046ed32f9826bcbdf223d99ed8af23a67504.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 7685760ac6..55e8f1403e 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -590,7 +590,7 @@ init_key_from_file(const char *fname, int generate, int severity,
           tor_log(severity, LD_GENERAL,"Error generating onion key");
           goto error;
         }
-        if (crypto_pk_check_key(prkey) <= 0) {
+        if (! crypto_pk_is_valid_private_key(prkey)) {
           tor_log(severity, LD_GENERAL,"Generated key seems invalid");
           goto error;
         }
author	Nick Mathewson <nickm@torproject.org>	2018-08-31 16:15:20 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-09-04 14:52:35 -0400
commit	600e046ed32f9826bcbdf223d99ed8af23a67504 (patch)
tree	ddd8bd777f63c3ee5f684bb40478a4a91b94a492 /src/feature/relay
parent	3b5d6ef15bec26c3bda22057ba09e1301613ee71 (diff)
download	tor-600e046ed32f9826bcbdf223d99ed8af23a67504.tar.gz tor-600e046ed32f9826bcbdf223d99ed8af23a67504.zip