public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: use the key length from configuration file if req -newkey rsa is invoked
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 423ab177c8037d7fbf392d30ca3c47b17fe32c6d
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-02-14T16:24:31+01:00
Stats : +45/-2 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/423ab177c8037d7fbf392d30ca3c47b17fe32c6d?branch=rebase_40beta
Log:
use the key length from configuration file if req -newkey rsa is invoked
---
diff --git a/openssl-1.0.1e-req-keylen.patch b/openssl-1.0.1e-req-keylen.patch
new file mode 100644
index 0000000..1574bb8
--- /dev/null
+++ b/openssl-1.0.1e-req-keylen.patch
@@ -0,0 +1,38 @@
+diff -up openssl-1.0.1e/apps/req.c.keylen openssl-1.0.1e/apps/req.c
+--- openssl-1.0.1e/apps/req.c.keylen 2014-02-12 14:58:29.000000000 +0100
++++ openssl-1.0.1e/apps/req.c 2014-02-14 13:52:48.692325000 +0100
+@@ -644,6 +644,12 @@ bad:
+ if (inrand)
+ app_RAND_load_files(inrand);
+
++ if (newkey <= 0)
++ {
++ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
++ newkey=DEFAULT_KEY_LENGTH;
++ }
++
+ if (keyalg)
+ {
+ genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
+@@ -651,12 +657,6 @@ bad:
+ if (!genctx)
+ goto end;
+ }
+-
+- if (newkey <= 0)
+- {
+- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+- newkey=DEFAULT_KEY_LENGTH;
+- }
+
+ if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
+ {
+@@ -1649,6 +1649,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
+ keylen = atol(p + 1);
+ *pkeylen = keylen;
+ }
++ else
++ keylen = *pkeylen;
+ }
+ else if (p)
+ paramfile = p + 1;
diff --git a/openssl.spec b/openssl.spec
index 605d1c3..c8d3dd9 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1e
-Release: 40%{?dist}
+Release: 41%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -81,6 +81,7 @@ Patch75: openssl-1.0.1e-compat-symbols.patch
Patch76: openssl-1.0.1e-new-fips-reqs.patch
Patch77: openssl-1.0.1e-weak-ciphers.patch
Patch78: openssl-1.0.1e-3des-strength.patch
+Patch79: openssl-1.0.1e-req-keylen.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
@@ -204,6 +205,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers
%patch78 -p1 -b .3des-strength
+%patch79 -p1 -b .keylen
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
@@ -478,7 +480,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
-* Thu Feb 6 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40
+* Fri Feb 14 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-41
+- use the key length from configuration file if req -newkey rsa is invoked
+
+* Thu Feb 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40
- print ephemeral key size negotiated in TLS handshake (#1057715)
- add DH_compute_key_padded needed for FIPS CAVS testing
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: use the key length from configuration file if req -newkey rsa is invoked Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox