[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.3.5] Revise TROVE-2020-002 fix to work on older OpenSSL versions.
commit be064f77b93bda370e4165e6ad6da17324835c9e
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sat Mar 14 13:38:53 2020 -0400
Revise TROVE-2020-002 fix to work on older OpenSSL versions.
Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.
---
src/lib/crypt_ops/crypto_rsa_openssl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
index 022a0dc09..39b7aaf0c 100644
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -584,7 +584,11 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits)
crypto_openssl_log_errors(LOG_WARN,"decoding private key");
return NULL;
}
+#ifdef OPENSSL_1_1_API
if (max_bits >= 0 && RSA_bits(rsa) > max_bits) {
+#else
+ if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) {
+#endif
log_info(LD_CRYPTO, "Private key longer than expected.");
return NULL;
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits