Commit 44e0c2ba authored by Kurt Roeckx's avatar Kurt Roeckx Committed by Rich Salz
Browse files

RT2626: Change default_bits from 1K to 2K 



This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
parent 5f855569

apps/dhparam.c

+2 −2
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ 
#undef PROG

#define PROG	dhparam_main



#define DEFBITS	512

#define DEFBITS	2048



/* -inform arg	- input format - default PEM (DER or PEM)

 * -outform arg - output format - default PEM
@@ -253,7 +253,7 @@ bad: 
		BIO_printf(bio_err," -C            Output C code\n");

		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");

		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");

		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");

		BIO_printf(bio_err," numbits       number of bits in to generate (default 2048)\n");

#ifndef OPENSSL_NO_ENGINE

		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

#endif

apps/gendh.c

+1 −1
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ 
#include <openssl/x509.h>

#include <openssl/pem.h>



#define DEFBITS	512

#define DEFBITS	2048

#undef PROG

#define PROG gendh_main

apps/genrsa.c

+1 −1
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ 
#include <openssl/pem.h>

#include <openssl/rand.h>



#define DEFBITS	1024

#define DEFBITS	2048

#undef PROG

#define PROG genrsa_main

apps/openssl.cnf

+1 −1
Original line number Diff line number Diff line
@@ -103,7 +103,7 @@ emailAddress = optional 


####################################################################

[ req ]

default_bits		= 1024

default_bits		= 2048

default_keyfile 	= privkey.pem

distinguished_name	= req_distinguished_name

attributes		= req_attributes

crypto/dsa/dsa_ameth.c

+1 −1
Original line number Diff line number Diff line
@@ -643,7 +643,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 
#endif



		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:

		*(int *)arg2 = NID_sha1;

		*(int *)arg2 = NID_sha256;

		return 2;



		default: