16 lines
744 B
Text
16 lines
744 B
Text
This check doesn't make sense for EC keys. (Also it ignores the default
|
|
key size compiled into libcrypto, only looks at default_bits in openssl.cnf
|
|
and any settings in the php file, which results in bogus failures).
|
|
|
|
Index: ext/openssl/openssl.c
|
|
--- ext/openssl/openssl.c.orig
|
|
+++ ext/openssl/openssl.c
|
|
@@ -3992,7 +3992,7 @@ static EVP_PKEY * php_openssl_generate_private_key(str
|
|
int egdsocket, seeded;
|
|
EVP_PKEY * return_val = NULL;
|
|
|
|
- if (req->priv_key_bits < MIN_KEY_LENGTH) {
|
|
+ if (req->priv_key_type != OPENSSL_KEYTYPE_EC && req->priv_key_bits < MIN_KEY_LENGTH) {
|
|
php_error_docref(NULL, E_WARNING, "private key length is too short; it needs to be at least %d bits, not %d",
|
|
MIN_KEY_LENGTH, req->priv_key_bits);
|
|
return NULL;
|