From 03af8b66bc2785f9f64b1e1b21c45684be8e2d38 Mon Sep 17 00:00:00 2001
From: sthen <>
Date: Sat, 17 May 2014 12:12:05 +0000
Subject: switch RSA key generation default to 2048 bits (matching ssh); ok
 miod@

---
 src/lib/libcrypto/rsa/rsa_pmeth.c         | 2 +-
 src/lib/libssl/src/apps/genrsa.c          | 2 +-
 src/lib/libssl/src/crypto/rsa/rsa_pmeth.c | 2 +-
 src/lib/libssl/src/doc/apps/genpkey.pod   | 2 +-
 src/lib/libssl/src/doc/apps/genrsa.pod    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 09ef090172..5580b7783a 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx = malloc(sizeof(RSA_PKEY_CTX));
 	if (!rctx)
 		return 0;
-	rctx->nbits = 1024;
+	rctx->nbits = 2048;
 	rctx->pub_exp = NULL;
 	rctx->pad_mode = RSA_PKCS1_PADDING;
 	rctx->md = NULL;
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index c658828299..88c80f2b66 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -78,7 +78,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 
-#define DEFBITS	1024
+#define DEFBITS	2048
 
 static int genrsa_cb(int p, int n, BN_GENCB * cb);
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 09ef090172..5580b7783a 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx = malloc(sizeof(RSA_PKEY_CTX));
 	if (!rctx)
 		return 0;
-	rctx->nbits = 1024;
+	rctx->nbits = 2048;
 	rctx->pub_exp = NULL;
 	rctx->pad_mode = RSA_PKCS1_PADDING;
 	rctx->md = NULL;
diff --git a/src/lib/libssl/src/doc/apps/genpkey.pod b/src/lib/libssl/src/doc/apps/genpkey.pod
index 80e91ed496..1870e302af 100644
--- a/src/lib/libssl/src/doc/apps/genpkey.pod
+++ b/src/lib/libssl/src/doc/apps/genpkey.pod
@@ -97,7 +97,7 @@ below.
 
 =item B<rsa_keygen_bits:numbits>
 
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
 
 =item B<rsa_keygen_pubexp:value>
 
diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod
index 608f237b13..35fd5d481d 100644
--- a/src/lib/libssl/src/doc/apps/genrsa.pod
+++ b/src/lib/libssl/src/doc/apps/genrsa.pod
@@ -65,7 +65,7 @@ for all available algorithms.
 =item B<numbits>
 
 the size of the private key to generate in bits. This must be the last option
-specified. The default is 512.
+specified. The default is 2048.
 
 =back
 
-- 
cgit v1.2.3-55-g6feb