Affects OpenSSL since at least v 0.9.8g.
Originally reported as Debian Bug # 533365
Problem Cause: Hardcoded "MIN_LEN=4" in source file crypto/pem/pem_lib.c
One can generate keys with 'too short' passphrase; e.g.
$ openssl genrsa -des3 -passout pass:1 -out mykey.pem 1024
or, alternatively:
$ echo
The attached patches fix various errors/warnings in pod files. Most are
due to recent mods to pod2man utility, which now issues warnings [which
unfortunately end up in manpage source output], when subsequent item
tags are not 'sequential' ..
Affects all versions; applies against revision in CV
The attached patches fix various misspellings in both source and pod files.
Affects all versions; applies against revision in CVS as of May 14 2011
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -306,7 +306,7 @@
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type
This patch prevents an infinite loop in apps/req.c when run in batch
mode and user parameter fails req_len_check().
Affects all versions; applies against revision in CVS as of May 14 2011
Originally reported as Debian Bug 404700
diff --git a/apps/req.c b/apps/req.c
--- a/apps/req.c
+++ b/apps/
