[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Fri, 12 Feb 2016 05:19:26 -0800 

The branch OpenSSL_1_0_2-stable has been updated
       via  b4b23d05d3282b0c155a1ab8435379306be43315 (commit)
      from  10c639a8a56c90bec9e332c7ca76ef552b3952ac (commit)


- Log -----------------------------------------------------------------
commit b4b23d05d3282b0c155a1ab8435379306be43315
Author: Emilia Kasper <[email protected]>
Date:   Tue Feb 2 17:12:45 2016 +0100

    RT 3854: Update apps/req
    
    Change the default keysize to 2048 bits, and the minimum to 512 bits.
    
    Reviewed-by: Rich Salz <[email protected]>
    (cherry picked from commit a76265574398944d686d2d0de9bacca162f555ca)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES          | 6 +++++-
 apps/req.c       | 4 ++--
 doc/apps/req.pod | 9 ++++++---
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index f2126bc..8039184 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.0.2f and 1.0.2g [xx XXX xxxx]
 
-  *)
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]
 
  Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
 
diff --git a/apps/req.c b/apps/req.c
index 57781c9..e818bd2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -101,8 +101,8 @@
 #define STRING_MASK     "string_mask"
 #define UTF8_IN         "utf8"
 
-#define DEFAULT_KEY_LENGTH      512
-#define MIN_KEY_LENGTH          384
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
 
 #undef PROG
 #define PROG    req_main
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 54a4d39..30653e5 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -347,9 +347,12 @@ configuration file values.
 
 =item B<default_bits>
 
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
 
 =item B<default_keyfile>
 
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to