From: Nick Mathewson Date: Mon, 17 Mar 2025 13:56:55 +0000 (-0400) Subject: Remove support for RSA client auth key (KP_legacy_linkauth_rsa) X-Git-Tag: tor-0.4.9.2-alpha~30^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9c5feb90ceed3f1d2d0eb25ae44fb117af0964a;p=thirdparty%2Ftor.git Remove support for RSA client auth key (KP_legacy_linkauth_rsa) --- diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c index e532156511..698d9429c2 100644 --- a/src/lib/tls/tortls.c +++ b/src/lib/tls/tortls.c @@ -93,19 +93,6 @@ tor_tls_get_my_certs(int server, return rv; } -/** - * Return the authentication key that we use to authenticate ourselves as a - * client in the V3 in-protocol handshake. - */ -crypto_pk_t * -tor_tls_get_my_client_auth_key(void) -{ - tor_tls_context_t *context = tor_tls_context_get(0); - if (! context) - return NULL; - return context->auth_key; -} - /** Increase the reference count of ctx. */ void tor_tls_context_incref(tor_tls_context_t *ctx) diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h index a2a81a65c7..01c200ad7d 100644 --- a/src/lib/tls/tortls.h +++ b/src/lib/tls/tortls.h @@ -147,7 +147,6 @@ void tor_tls_log_one_error(tor_tls_t *tls, unsigned long err, int tor_tls_get_my_certs(int server, const struct tor_x509_cert_t **link_cert_out, const struct tor_x509_cert_t **id_cert_out); -crypto_pk_t *tor_tls_get_my_client_auth_key(void); const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls); diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index b8472c53d7..42cc74ef72 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -505,32 +505,6 @@ test_tortls_cert_get_key(void *ignored) } #endif /* !defined(OPENSSL_OPAQUE) */ -static void -test_tortls_get_my_client_auth_key(void *ignored) -{ - (void)ignored; - crypto_pk_t *ret; - crypto_pk_t *expected; - tor_tls_context_t *ctx; - RSA *k = RSA_new(); - - ctx = tor_malloc_zero(sizeof(tor_tls_context_t)); - expected = crypto_new_pk_from_openssl_rsa_(k); - ctx->auth_key = expected; - - client_tls_context = NULL; - ret = tor_tls_get_my_client_auth_key(); - tt_assert(!ret); - - client_tls_context = ctx; - ret = tor_tls_get_my_client_auth_key(); - tt_assert(ret == expected); - - done: - crypto_pk_free(expected); - tor_free(ctx); -} - #ifndef HAVE_SSL_GET_CLIENT_CIPHERS static SSL_CIPHER * get_cipher_by_name(const char *name) @@ -2188,7 +2162,6 @@ struct testcase_t tortls_openssl_tests[] = { LOCAL_TEST_CASE(always_accept_verify_cb, 0), INTRUSIVE_TEST_CASE(x509_cert_free, 0), INTRUSIVE_TEST_CASE(cert_get_key, 0), - LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK), INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0), INTRUSIVE_TEST_CASE(classify_client_ciphers, 0), LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),