rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

use the key length from configuration file if req -newkey rsa is invoked

Browse Source
This commit is contained in:
Tomas Mraz 2014-02-14 16:24:31 +01:00
parent 3f8863c3cd
commit 423ab177c8
2 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
openssl-1.0.1e-req-keylen.patch Normal file
View File

@ -0,0 +1,38 @@
diff -up openssl-1.0.1e/apps/req.c.keylen openssl-1.0.1e/apps/req.c
--- openssl-1.0.1e/apps/req.c.keylen 2014-02-12 14:58:29.000000000 +0100
+++ openssl-1.0.1e/apps/req.c 2014-02-14 13:52:48.692325000 +0100
@@ -644,6 +644,12 @@ bad:
if (inrand)
app_RAND_load_files(inrand);
+ if (newkey <= 0)
+ {
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -651,12 +657,6 @@ bad:
if (!genctx)
goto end;
}
-
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
@@ -1649,6 +1649,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;

9
openssl.spec
View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1e Version: 1.0.1e
Release: 40%{?dist} Release: 41%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -81,6 +81,7 @@ Patch75: openssl-1.0.1e-compat-symbols.patch
Patch76: openssl-1.0.1e-new-fips-reqs.patch Patch76: openssl-1.0.1e-new-fips-reqs.patch
Patch77: openssl-1.0.1e-weak-ciphers.patch Patch77: openssl-1.0.1e-weak-ciphers.patch
Patch78: openssl-1.0.1e-3des-strength.patch Patch78: openssl-1.0.1e-3des-strength.patch
Patch79: openssl-1.0.1e-req-keylen.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch Patch82: openssl-1.0.1e-backports.patch
@ -204,6 +205,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch76 -p1 -b .fips-reqs %patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers %patch77 -p1 -b .weak-ciphers
%patch78 -p1 -b .3des-strength %patch78 -p1 -b .3des-strength
%patch79 -p1 -b .keylen
%patch81 -p1 -b .padlock64 %patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports %patch82 -p1 -b .backports
@ -478,7 +480,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Thu Feb 6 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40 * Fri Feb 14 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-41
- use the key length from configuration file if req -newkey rsa is invoked
* Thu Feb 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40
- print ephemeral key size negotiated in TLS handshake (#1057715) - print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing - add DH_compute_key_padded needed for FIPS CAVS testing