This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
44e0c2bae4bfd87d770480902618dbccde84fd81)
#undef PROG
#define PROG dhparam_main
-#define DEFBITS 512
+#define DEFBITS 2048
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
#include <openssl/x509.h>
#include <openssl/pem.h>
-#define DEFBITS 512
+#define DEFBITS 2048
#undef PROG
#define PROG gendh_main
#include <openssl/pem.h>
#include <openssl/rand.h>
-#define DEFBITS 1024
+#define DEFBITS 2048
#undef PROG
#define PROG genrsa_main
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha1;
+ *(int *)arg2 = NID_sha256;
return 2;
default:
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha1;
+ *(int *)arg2 = NID_sha256;
return 2;
default:
switch (op)
{
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha1;
+ *(int *)arg2 = NID_sha256;
return 1;
default:
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha1;
+ *(int *)arg2 = NID_sha256;
return 1;
default:
projects / oweals / openssl.git / commitdiff