Revise TROVE-2020-002 fix to work on older OpenSSL versions.

Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.

diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
index 022a0dc093563e7783ef42d7b2167540d86cf88b..39b7aaf0cf04f7d395a4e1417f843a0e5e2d1706 100644 (file)
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -584,7 +584,11 @@ crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits)
     crypto_openssl_log_errors(LOG_WARN,"decoding private key");
     return NULL;
   }
+#ifdef OPENSSL_1_1_API
   if (max_bits >= 0 && RSA_bits(rsa) > max_bits) {
+#else
+  if (max_bits >= 0 && rsa->n && BN_num_bits(rsa->n) > max_bits) {
+#endif
     log_info(LD_CRYPTO, "Private key longer than expected.");
     return NULL;
   }