switch RSA key generation default to 2048 bits (matching ssh); ok miod@

author: sthen <> 2014-05-17 12:12:05 +0000
committer: sthen <> 2014-05-17 12:12:05 +0000
commit: 03af8b66bc2785f9f64b1e1b21c45684be8e2d38 (patch)
tree: 13b515836d113a15d199f1e3cbd371a37770415f
parent: 68ab09742f5a4a19c2ac853bbe51fe67ae308eb5 (diff)
download: openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.tar.gz
openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.tar.bz2
openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.zip
5 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 09ef090172..5580b7783a 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
        rctx = malloc(sizeof(RSA_PKEY_CTX));
        if (!rctx)
                return 0;
-        rctx->nbits = 1024;
+        rctx->nbits = 2048;
        rctx->pub_exp = NULL;
        rctx->pad_mode = RSA_PKCS1_PADDING;
        rctx->md = NULL;
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index c658828299..88c80f2b66 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -78,7 +78,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
-#define DEFBITS 1024
+#define DEFBITS 2048
 static int genrsa_cb(int p, int n, BN_GENCB * cb);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 09ef090172..5580b7783a 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
        rctx = malloc(sizeof(RSA_PKEY_CTX));
        if (!rctx)
                return 0;
-        rctx->nbits = 1024;
+        rctx->nbits = 2048;
        rctx->pub_exp = NULL;
        rctx->pad_mode = RSA_PKCS1_PADDING;
        rctx->md = NULL;
diff --git a/src/lib/libssl/src/doc/apps/genpkey.pod b/src/lib/libssl/src/doc/apps/genpkey.pod
index 80e91ed496..1870e302af 100644
--- a/src/lib/libssl/src/doc/apps/genpkey.pod
+++ b/src/lib/libssl/src/doc/apps/genpkey.pod
@@ -97,7 +97,7 @@ below.
 =item B<rsa_keygen_bits:numbits>
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
 =item B<rsa_keygen_pubexp:value>
diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod
index 608f237b13..35fd5d481d 100644
--- a/src/lib/libssl/src/doc/apps/genrsa.pod
+++ b/src/lib/libssl/src/doc/apps/genrsa.pod
@@ -65,7 +65,7 @@ for all available algorithms.
 =item B<numbits>
 the size of the private key to generate in bits. This must be the last option
-specified. The default is 512.
+specified. The default is 2048.
 =back
author	sthen <>	2014-05-17 12:12:05 +0000
committer	sthen <>	2014-05-17 12:12:05 +0000
commit	03af8b66bc2785f9f64b1e1b21c45684be8e2d38 (patch)
tree	13b515836d113a15d199f1e3cbd371a37770415f
parent	68ab09742f5a4a19c2ac853bbe51fe67ae308eb5 (diff)
download	openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.tar.gz openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.tar.bz2 openbsd-03af8b66bc2785f9f64b1e1b21c45684be8e2d38.zip

diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index 09ef090172..5580b7783a 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
96	rctx = malloc(sizeof(RSA_PKEY_CTX));	96	rctx = malloc(sizeof(RSA_PKEY_CTX));
97	if (!rctx)	97	if (!rctx)
98	return 0;	98	return 0;
99	rctx->nbits = 1024;	99	rctx->nbits = 2048;
100	rctx->pub_exp = NULL;	100	rctx->pub_exp = NULL;
101	rctx->pad_mode = RSA_PKCS1_PADDING;	101	rctx->pad_mode = RSA_PKCS1_PADDING;
102	rctx->md = NULL;	102	rctx->md = NULL;


diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c index c658828299..88c80f2b66 100644 --- a/src/lib/libssl/src/apps/genrsa.c +++ b/src/lib/libssl/src/apps/genrsa.c
@@ -78,7 +78,7 @@
78	#include <openssl/pem.h>	78	#include <openssl/pem.h>
79	#include <openssl/rand.h>	79	#include <openssl/rand.h>
80		80
81	#define DEFBITS 1024	81	#define DEFBITS 2048
82		82
83	static int genrsa_cb(int p, int n, BN_GENCB * cb);	83	static int genrsa_cb(int p, int n, BN_GENCB * cb);
84		84


diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c index 09ef090172..5580b7783a 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
96	rctx = malloc(sizeof(RSA_PKEY_CTX));	96	rctx = malloc(sizeof(RSA_PKEY_CTX));
97	if (!rctx)	97	if (!rctx)
98	return 0;	98	return 0;
99	rctx->nbits = 1024;	99	rctx->nbits = 2048;
100	rctx->pub_exp = NULL;	100	rctx->pub_exp = NULL;
101	rctx->pad_mode = RSA_PKCS1_PADDING;	101	rctx->pad_mode = RSA_PKCS1_PADDING;
102	rctx->md = NULL;	102	rctx->md = NULL;


diff --git a/src/lib/libssl/src/doc/apps/genpkey.pod b/src/lib/libssl/src/doc/apps/genpkey.pod index 80e91ed496..1870e302af 100644 --- a/src/lib/libssl/src/doc/apps/genpkey.pod +++ b/src/lib/libssl/src/doc/apps/genpkey.pod
@@ -97,7 +97,7 @@ below.
97		97
98	=item B<rsa_keygen_bits:numbits>	98	=item B<rsa_keygen_bits:numbits>
99		99
100	The number of bits in the generated key. If not specified 1024 is used.	100	The number of bits in the generated key. If not specified 2048 is used.
101		101
102	=item B<rsa_keygen_pubexp:value>	102	=item B<rsa_keygen_pubexp:value>
103		103


diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod index 608f237b13..35fd5d481d 100644 --- a/src/lib/libssl/src/doc/apps/genrsa.pod +++ b/src/lib/libssl/src/doc/apps/genrsa.pod
@@ -65,7 +65,7 @@ for all available algorithms.
65	=item B<numbits>	65	=item B<numbits>
66		66
67	the size of the private key to generate in bits. This must be the last option	67	the size of the private key to generate in bits. This must be the last option
68	specified. The default is 512.	68	specified. The default is 2048.
69		69
70	=back	70	=back
71		71