Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)
Kurt Roeckx
4 years ago
8 | 8 |
|
9 | 9 |
Changes between 1.1.1b and 1.1.1c [xx XXX xxxx]
|
10 | 10 |
|
11 | |
*)
|
|
11 |
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
|
|
12 |
This changes the size when using the genpkey app when no size is given. It
|
|
13 |
fixes an omission in earlier changes that changed all RSA, DSA and DH
|
|
14 |
generation apps to use 2048 bits by default.
|
|
15 |
[Kurt Roeckx]
|
12 | 16 |
|
13 | 17 |
Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
|
14 | 18 |
|
53 | 53 |
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
|
54 | 54 |
return 0;
|
55 | 55 |
}
|
56 | |
dctx->prime_len = 1024;
|
|
56 |
dctx->prime_len = 2048;
|
57 | 57 |
dctx->subprime_len = -1;
|
58 | 58 |
dctx->generator = 2;
|
59 | 59 |
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
|
19 | 19 |
|
20 | 20 |
typedef struct {
|
21 | 21 |
/* Parameter gen parameters */
|
22 | |
int nbits; /* size of p in bits (default: 1024) */
|
23 | |
int qbits; /* size of q in bits (default: 160) */
|
|
22 |
int nbits; /* size of p in bits (default: 2048) */
|
|
23 |
int qbits; /* size of q in bits (default: 224) */
|
24 | 24 |
const EVP_MD *pmd; /* MD for parameter generation */
|
25 | 25 |
/* Keygen callback info */
|
26 | 26 |
int gentmp[2];
|
|
34 | 34 |
|
35 | 35 |
if (dctx == NULL)
|
36 | 36 |
return 0;
|
37 | |
dctx->nbits = 1024;
|
38 | |
dctx->qbits = 160;
|
|
37 |
dctx->nbits = 2048;
|
|
38 |
dctx->qbits = 224;
|
39 | 39 |
dctx->pmd = NULL;
|
40 | 40 |
dctx->md = NULL;
|
41 | 41 |
|
55 | 55 |
|
56 | 56 |
if (rctx == NULL)
|
57 | 57 |
return 0;
|
58 | |
rctx->nbits = 1024;
|
|
58 |
rctx->nbits = 2048;
|
59 | 59 |
rctx->primes = RSA_DEFAULT_PRIME_NUM;
|
60 | 60 |
if (pkey_ctx_is_pss(ctx))
|
61 | 61 |
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
|
117 | 117 |
|
118 | 118 |
=item B<rsa_keygen_bits:numbits>
|
119 | 119 |
|
120 | |
The number of bits in the generated key. If not specified 1024 is used.
|
|
120 |
The number of bits in the generated key. If not specified 2048 is used.
|
121 | 121 |
|
122 | 122 |
=item B<rsa_keygen_primes:numprimes>
|
123 | 123 |
|
|
184 | 184 |
|
185 | 185 |
=item B<dsa_paramgen_bits:numbits>
|
186 | 186 |
|
187 | |
The number of bits in the generated prime. If not specified 1024 is used.
|
|
187 |
The number of bits in the generated prime. If not specified 2048 is used.
|
188 | 188 |
|
189 | 189 |
=item B<dsa_paramgen_q_bits:numbits>
|
190 | 190 |
|
191 | 191 |
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
192 | |
specified 160 is used.
|
|
192 |
specified 224 is used.
|
193 | 193 |
|
194 | 194 |
=item B<dsa_paramgen_md:digest>
|
195 | 195 |
|
|
208 | 208 |
|
209 | 209 |
=item B<dh_paramgen_prime_len:numbits>
|
210 | 210 |
|
211 | |
The number of bits in the prime parameter B<p>. The default is 1024.
|
|
211 |
The number of bits in the prime parameter B<p>. The default is 2048.
|
212 | 212 |
|
213 | 213 |
=item B<dh_paramgen_subprime_len:numbits>
|
214 | 214 |
|