RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a762655743)
2016-02-02 17:12:45 +01:00 · 2016-02-02 17:12:45 +01:00 · b4b23d05d3
commit b4b23d05d3
parent 10c639a8a5
3 changed files with 13 additions and 6 deletions
--- a/6
+++ b/6
@ -4,7 +4,11 @@

 Changes between 1.0.2f and 1.0.2g [xx XXX xxxx]

-  *)
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]

 Changes between 1.0.2e and 1.0.2f [28 Jan 2016]

--- a/apps/req.c
+++ b/apps/req.c
@ -101,8 +101,8 @@
 #define STRING_MASK     "string_mask"
 #define UTF8_IN         "utf8"

-#define DEFAULT_KEY_LENGTH      512
-#define MIN_KEY_LENGTH          384
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512

 #undef PROG
 #define PROG    req_main
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@ -347,9 +347,12 @@ configuration file values.

 =item B<default_bits>

-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.

 =item B<default_keyfile>