Opened 7 years ago

Closed 7 years ago

#9043 closed enhancement (fixed)

Replace `pkey_eq` with `EVP_PKEY_cmp`

Reported by: marek Owned by:
Priority: Very Low Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: easy tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In tortls.c the comment says:

/* We'd like to do this, but openssl 0.9.7 doesn't have it:
    return EVP_PKEY_cmp(a,b) == 1; 
*/

Which is true, but AFAIK tor now depends on openssl 0.9.8 which seem to have this function:

openssl-0.9.8$ grep EVP_PKEY_cmp * -R
crypto/evp/evp.h:int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);

Child Tickets

Attachments (2)

0001-Fix-9043-simplyfy-the-code-and-use-EVP_PKEY_cmp-inst.patch (4.6 KB) - added by marek 7 years ago.
0002-Issue-9043-changelog-entry.patch (626 bytes) - added by marek 7 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 7 years ago by nickm

Milestone: Tor: 0.2.4.x-final

Correct you are. Let's kill pkey_eq.

comment:2 Changed 7 years ago by nickm

Milestone: Tor: 0.2.4.x-finalTor: 0.2.5.x-final

comment:3 Changed 7 years ago by nickm

Parent ID: #5170

Removing the parent relationship so I can close #5170

comment:4 Changed 7 years ago by marek

Status: newneeds_review

Attached patch replaces the pkey_cmp function with a call to EVP_PKEY_cmp(cert_key, link_key) == 1. I am not an openssl / crypt expert, so please, please can someone competent comment that both methods are semantically the same?

Additionally the patch removes recently introduced test_tortls.c as we don't really need to check if openssl works.

I tried to compile this with openssl 0.9.7 and failed, tried to compile this with 0.9.8 and succeeded (ie: as expected).

Changed 7 years ago by marek

comment:5 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Looks fine! Merging.

Note: See TracTickets for help on using tickets.