From b4b23d05d3282b0c155a1ab8435379306be43315 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Tue, 2 Feb 2016 17:12:45 +0100 Subject: [PATCH] RT 3854: Update apps/req Change the default keysize to 2048 bits, and the minimum to 512 bits. Reviewed-by: Rich Salz (cherry picked from commit a76265574398944d686d2d0de9bacca162f555ca) --- CHANGES | 6 +++++- apps/req.c | 4 ++-- doc/apps/req.pod | 9 ++++++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f2126bc1b7..8039184896 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.0.2f and 1.0.2g [xx XXX xxxx] - *) + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] Changes between 1.0.2e and 1.0.2f [28 Jan 2016] diff --git a/apps/req.c b/apps/req.c index 57781c93c4..e818bd2976 100644 --- a/apps/req.c +++ b/apps/req.c @@ -101,8 +101,8 @@ #define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define DEFAULT_KEY_LENGTH 512 -#define MIN_KEY_LENGTH 384 +#define DEFAULT_KEY_LENGTH 2048 +#define MIN_KEY_LENGTH 512 #undef PROG #define PROG req_main diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 54a4d394d2..30653e5093 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -347,9 +347,12 @@ configuration file values. =item B -This specifies the default key size in bits. If not specified then -512 is used. It is used if the B<-new> option is used. It can be -overridden by using the B<-newkey> option. +Specifies the default key size in bits. + +This option is used in conjunction with the B<-new> option to generate +a new key. It can be overridden by specifying an explicit key size in +the B<-newkey> option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. =item B -- 2.25.1