ports/lang/php/8.1/patches/patch-ext_openssl_openssl_c

This check doesn't make sense for EC keys. (Also it ignores the default
key size compiled into libcrypto, only looks at default_bits in openssl.cnf
and any settings in the php file, which results in bogus failures).

Index: ext/openssl/openssl.c
--- ext/openssl/openssl.c.orig
+++ ext/openssl/openssl.c
@@ -3781,7 +3781,7 @@ static int php_openssl_get_evp_pkey_type(int key_type)
 /* {{{ php_openssl_generate_private_key */
 static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
 {
-	if (req->priv_key_bits < MIN_KEY_LENGTH) {
+	if (req->priv_key_type != OPENSSL_KEYTYPE_EC && req->priv_key_bits < MIN_KEY_LENGTH) {
 		php_error_docref(NULL, E_WARNING, "Private key length must be at least %d bits, configured to %d",
 			MIN_KEY_LENGTH, req->priv_key_bits);
 		return NULL;
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`This check doesn't make sense for EC keys. (Also it ignores the default`
			`key size compiled into libcrypto, only looks at default_bits in openssl.cnf`
			`and any settings in the php file, which results in bogus failures).`

			`Index: ext/openssl/openssl.c`
			`--- ext/openssl/openssl.c.orig`
			`+++ ext/openssl/openssl.c`
			`@@ -3781,7 +3781,7 @@ static int php_openssl_get_evp_pkey_type(int key_type)`
			`/* {{{ php_openssl_generate_private_key */`
			`static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)`
			`{`
			`- if (req->priv_key_bits < MIN_KEY_LENGTH) {`
			`+ if (req->priv_key_type != OPENSSL_KEYTYPE_EC && req->priv_key_bits < MIN_KEY_LENGTH) {`
			`php_error_docref(NULL, E_WARNING, "Private key length must be at least %d bits, configured to %d",`
			`MIN_KEY_LENGTH, req->priv_key_bits);`
			`return NULL;`