commit c9c5feb90ceed3f1d2d0eb25ae44fb117af0964a
parent 1aec5a95629412ac912b1734995ef545a4daf35f
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 17 Mar 2025 09:56:55 -0400
Remove support for RSA client auth key (KP_legacy_linkauth_rsa)
Diffstat:
3 files changed, 0 insertions(+), 41 deletions(-)
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
@@ -93,19 +93,6 @@ tor_tls_get_my_certs(int server,
return rv;
}
-/**
- * Return the authentication key that we use to authenticate ourselves as a
- * client in the V3 in-protocol handshake.
- */
-crypto_pk_t *
-tor_tls_get_my_client_auth_key(void)
-{
- tor_tls_context_t *context = tor_tls_context_get(0);
- if (! context)
- return NULL;
- return context->auth_key;
-}
-
/** Increase the reference count of <b>ctx</b>. */
void
tor_tls_context_incref(tor_tls_context_t *ctx)
diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
@@ -147,7 +147,6 @@ void tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
int tor_tls_get_my_certs(int server,
const struct tor_x509_cert_t **link_cert_out,
const struct tor_x509_cert_t **id_cert_out);
-crypto_pk_t *tor_tls_get_my_client_auth_key(void);
const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
@@ -505,32 +505,6 @@ test_tortls_cert_get_key(void *ignored)
}
#endif /* !defined(OPENSSL_OPAQUE) */
-static void
-test_tortls_get_my_client_auth_key(void *ignored)
-{
- (void)ignored;
- crypto_pk_t *ret;
- crypto_pk_t *expected;
- tor_tls_context_t *ctx;
- RSA *k = RSA_new();
-
- ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
- expected = crypto_new_pk_from_openssl_rsa_(k);
- ctx->auth_key = expected;
-
- client_tls_context = NULL;
- ret = tor_tls_get_my_client_auth_key();
- tt_assert(!ret);
-
- client_tls_context = ctx;
- ret = tor_tls_get_my_client_auth_key();
- tt_assert(ret == expected);
-
- done:
- crypto_pk_free(expected);
- tor_free(ctx);
-}
-
#ifndef HAVE_SSL_GET_CLIENT_CIPHERS
static SSL_CIPHER *
get_cipher_by_name(const char *name)
@@ -2188,7 +2162,6 @@ struct testcase_t tortls_openssl_tests[] = {
LOCAL_TEST_CASE(always_accept_verify_cb, 0),
INTRUSIVE_TEST_CASE(x509_cert_free, 0),
INTRUSIVE_TEST_CASE(cert_get_key, 0),
- LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
