diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-03-14 13:38:53 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-03-14 13:38:53 -0400 |
commit | be064f77b93bda370e4165e6ad6da17324835c9e (patch) | |
tree | 40e6a9cc79bee03370aa09cfc5b4675dfee9040e | |
parent | d0bce65ce2426793a975e691204c3fb2ac667f66 (diff) | |
download | tor-be064f77b93bda370e4165e6ad6da17324835c9e.tar.gz tor-be064f77b93bda370e4165e6ad6da17324835c9e.zip |
Revise TROVE-2020-002 fix to work on older OpenSSL versions.
Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.
-rw-r--r-- | src/lib/crypt_ops/crypto_rsa_openssl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c index 022a0dc093..39b7aaf0cf 100644 --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -584,7 +584,11 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits) crypto_openssl_log_errors(LOG_WARN,"decoding private key"); return NULL; } +#ifdef OPENSSL_1_1_API if (max_bits >= 0 && RSA_bits(rsa) > max_bits) { +#else + if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) { +#endif log_info(LD_CRYPTO, "Private key longer than expected."); return NULL; } |