When the req -newkey option value is of the form rsa rather than rsa:<keylen> the key length of the new rsa key should be taken from the config file. However req does not generate an rsa key of the correct length (despite displaying the message "Generating a <keylen> bit RSA private key" that misleadingly does include the correct key length).
A patch against 20110815 that resolves this bug is enclosed below. It forces
set_keygen_ctx() to be run again to set EVP_PKEY_CTX_set_rsa_keygen_bits with
the value from the config file. It has been tested with default_bits=2048. It
has also been confirmed that the patch does not introduce any problems with
-newkey ec:<paramfile>
Nick
--------
diff --git a/apps/req.c b/apps/req.c
index 8552658..f512b0e 100755
--- a/apps/req.c
+++ b/apps/req.c
@@ -654,6 +654,7 @@ bad:
if (newkey <= 0)
{
+ genctx=NULL;
if
(!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
________________________________
The details of this company are as follows:
G4S Technology Limited, Registered Office: Challenge House, International
Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338.
This communication may contain information which is confidential, personal
and/or privileged.
It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution,
forwarding, copying or use of this communication or the information in it is
strictly prohibited.
Any personal views expressed in this e-mail are those of the individual sender
and the company does not endorse or accept responsibility for them.
Prior to taking any action based upon this e-mail message, you should seek
appropriate confirmation of its authenticity.
This e-mail has been scanned for all viruses by MessageLabs.
|
When the req -newkey option value is of the form rsa rather than rsa:<keylen> the key length of the new rsa key should be taken from the config file. However req does not generate an rsa key of the correct length (despite displaying the
message “Generating a <keylen> bit RSA private key” that misleadingly does include the correct key length).
A patch against 20110815 that resolves this bug is enclosed below. It forces set_keygen_ctx() to be run again to set EVP_PKEY_CTX_set_rsa_keygen_bits with the value from the config file. It has been tested with default_bits=2048. It has
also been confirmed that the patch does not introduce any problems with -newkey ec:<paramfile> Nick -------- diff --git a/apps/req.c b/apps/req.c index 8552658..f512b0e 100755 --- a/apps/req.c +++ b/apps/req.c @@ -654,6 +654,7 @@ bad: if (newkey <= 0) { + genctx=NULL; if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) newkey=DEFAULT_KEY_LENGTH; } The details of this company are as follows: G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338. This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This e-mail has been scanned for all viruses by MessageLabs. |
