Commit dd6e2277 authored by Nick Mathewson's avatar Nick Mathewson 🥄
Browse files

Merge branch 'trove_2020_002_035' into trove_2020_002_041

parents 1a375c3b 29c9675b
......@@ -584,8 +584,13 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits)
crypto_openssl_log_errors(LOG_WARN,"decoding private key");
return NULL;
}
#ifdef OPENSSL_1_1_API
if (max_bits >= 0 && RSA_bits(rsa) > max_bits) {
#else
if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) {
#endif
log_info(LD_CRYPTO, "Private key longer than expected.");
RSA_free(rsa);
return NULL;
}
crypto_pk_t *result = crypto_new_pk_from_openssl_rsa_(rsa);
......
......@@ -1335,6 +1335,29 @@ test_crypto_pk_pem_encrypted(void *arg)
crypto_pk_free(pk);
}
static void
test_crypto_pk_bad_size(void *arg)
{
(void)arg;
crypto_pk_t *pk1 = pk_generate(0);
crypto_pk_t *pk2 = NULL;
char buf[2048];
int n = crypto_pk_asn1_encode_private(pk1, buf, sizeof(buf));
tt_int_op(n, OP_GT, 0);
/* Set the max bit count smaller: we should refuse to decode the key.*/
pk2 = crypto_pk_asn1_decode_private(buf, n, 1020);
tt_assert(! pk2);
/* Set the max bit count larger: it should decode fine. */
pk2 = crypto_pk_asn1_decode_private(buf, n, 2048);
tt_assert(pk2);
done:
crypto_pk_free(pk1);
crypto_pk_free(pk2);
}
static void
test_crypto_pk_invalid_private_key(void *arg)
{
......@@ -2998,6 +3021,7 @@ struct testcase_t crypto_tests[] = {
{ "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
{ "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
{ "pk_pem_encrypted", test_crypto_pk_pem_encrypted, TT_FORK, NULL, NULL },
{ "pk_bad_size", test_crypto_pk_bad_size, 0, NULL, NULL },
{ "pk_invalid_private_key", test_crypto_pk_invalid_private_key, 0,
NULL, NULL },
CRYPTO_LEGACY(digests),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment