diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-08-31 16:15:20 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-04 14:52:35 -0400 |
| commit | 600e046ed32f9826bcbdf223d99ed8af23a67504 (patch) | |
| tree | ddd8bd777f63c3ee5f684bb40478a4a91b94a492 /src/feature/rend | |
| parent | 3b5d6ef15bec26c3bda22057ba09e1301613ee71 (diff) | |
| download | tor-600e046ed32f9826bcbdf223d99ed8af23a67504.tar.gz tor-600e046ed32f9826bcbdf223d99ed8af23a67504.zip | |
Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.
I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
Diffstat (limited to 'src/feature/rend')
| -rw-r--r-- | src/feature/rend/rendservice.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c index 1a99bd56ed..77775602b5 100644 --- a/src/feature/rend/rendservice.c +++ b/src/feature/rend/rendservice.c @@ -1629,7 +1629,7 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname) crypto_pk_free(prkey); goto err; } - if (crypto_pk_check_key(prkey) <= 0) { + if (! crypto_pk_is_valid_private_key(prkey)) { log_warn(LD_BUG,"Generated client key seems invalid"); crypto_pk_free(prkey); goto err; |