RT 3854: Update apps/req

Change the default keysize to 2048 bits, and the minimum to 512 bits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a76265574398944d686d2d0de9bacca162f555ca)

diff --git a/CHANGES b/CHANGES
index f2126bc1b7d0f5df33bafc58c2c2077626cedb8d..803918489639cf2d1b1522d769631505c688e2c1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.0.2f and 1.0.2g [xx XXX xxxx]
 
-  *)
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]
 
  Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
 

diff --git a/apps/req.c b/apps/req.c
index 57781c93c4cafed40162ecaa455fdc9909fde517..e818bd2976d6db2b0586a079ddea7ac03cc22721 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -101,8 +101,8 @@
 #define STRING_MASK     "string_mask"
 #define UTF8_IN         "utf8"
 
-#define DEFAULT_KEY_LENGTH      512
-#define MIN_KEY_LENGTH          384
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
 
 #undef PROG
 #define PROG    req_main

diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 54a4d394d282f0ab853df26b62c2f86a0281a8c0..30653e509357778f9b3a3f91c077036bf735e08e 100644 (file)
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -347,9 +347,12 @@ configuration file values.
 
 =item B<default_bits>
 
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
+Specifies the default key size in bits.
+
+This option is used in conjunction with the B<-new> option to generate
+a new key. It can be overridden by specifying an explicit key size in
+the B<-newkey> option. The smallest accepted key size is 512 bits. If
+no key size is specified then 2048 bits is used.
 
 =item B<default_keyfile>