Commit be064f77 authored by Nick Mathewson's avatar Nick Mathewson 🏃
Browse files

Revise TROVE-2020-002 fix to work on older OpenSSL versions.

Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.
parent d0bce65c
......@@ -584,7 +584,11 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits)
crypto_openssl_log_errors(LOG_WARN,"decoding private key");
return NULL;
#ifdef OPENSSL_1_1_API
if (max_bits >= 0 && RSA_bits(rsa) > max_bits) {
if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) {
log_info(LD_CRYPTO, "Private key longer than expected.");
return NULL;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment