tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit be064f77b93bda370e4165e6ad6da17324835c9e
parent d0bce65ce2426793a975e691204c3fb2ac667f66
Author: Nick Mathewson <nickm@torproject.org>
Date:   Sat, 14 Mar 2020 13:38:53 -0400

Revise TROVE-2020-002 fix to work on older OpenSSL versions.

Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.

Diffstat:

Msrc/lib/crypt_ops/crypto_rsa_openssl.c | 4++++


1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -584,7 +584,11 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits)
     crypto_openssl_log_errors(LOG_WARN,"decoding private key");
     return NULL;
   }
+#ifdef OPENSSL_1_1_API
   if (max_bits >= 0 && RSA_bits(rsa) > max_bits) {
+#else
+  if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) {
+#endif
     log_info(LD_CRYPTO, "Private key longer than expected.");
     return NULL;
   }