[openssl] OpenSSL_1_1_0-stable update

Kurt Roeckx kurt at openssl.org
Tue May 21 14:55:37 UTC 2019 

The branch OpenSSL_1_1_0-stable has been updated
       via  ccbf148e30c5cb5f595c5d9e713c68768fe84248 (commit)
      from  3b5a079d6b454d6d46279e2d56d625495c597633 (commit)


- Log -----------------------------------------------------------------
commit ccbf148e30c5cb5f595c5d9e713c68768fe84248
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sat Apr 13 12:32:48 2019 +0200

    Change default RSA, DSA and DH size to 2048 bit
    
    Fixes: #8737
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    GH: #8741
    (cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                | 6 ++++++
 crypto/dh/dh_pmeth.c   | 2 +-
 crypto/dsa/dsa_pmeth.c | 8 ++++----
 crypto/rsa/rsa_pmeth.c | 2 +-
 doc/apps/genpkey.pod   | 8 ++++----
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index d0b6fd7..de7a8a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,12 @@
 
  Changes between 1.1.0j and 1.1.0k [xx XXX xxxx]
 
+  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+     This changes the size when using the genpkey app when no size is given. It
+     fixes an omission in earlier changes that changed all RSA, DSA and DH
+     generation apps to use 2048 bits by default.
+     [Kurt Roeckx]
+
   *) Added SCA hardening for modular field inversion in EC_GROUP through
      a new dedicated field_inv() pointer in EC_METHOD.
      This also addresses a leakage affecting conversions from projective
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index c3e03c7..4b9e981 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -51,7 +51,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
     dctx = OPENSSL_zalloc(sizeof(*dctx));
     if (dctx == NULL)
         return 0;
-    dctx->prime_len = 1024;
+    dctx->prime_len = 2048;
     dctx->subprime_len = -1;
     dctx->generator = 2;
     dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index d606316..f5ba5fd 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -20,8 +20,8 @@
 
 typedef struct {
     /* Parameter gen parameters */
-    int nbits;                  /* size of p in bits (default: 1024) */
-    int qbits;                  /* size of q in bits (default: 160) */
+    int nbits;                  /* size of p in bits (default: 2048) */
+    int qbits;                  /* size of q in bits (default: 224) */
     const EVP_MD *pmd;          /* MD for parameter generation */
     /* Keygen callback info */
     int gentmp[2];
@@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
     dctx = OPENSSL_malloc(sizeof(*dctx));
     if (dctx == NULL)
         return 0;
-    dctx->nbits = 1024;
-    dctx->qbits = 160;
+    dctx->nbits = 2048;
+    dctx->qbits = 224;
     dctx->pmd = NULL;
     dctx->md = NULL;
 
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 2d1dffb..0037b91 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -48,7 +48,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
     rctx = OPENSSL_zalloc(sizeof(*rctx));
     if (rctx == NULL)
         return 0;
-    rctx->nbits = 1024;
+    rctx->nbits = 2048;
     rctx->pad_mode = RSA_PKCS1_PADDING;
     rctx->saltlen = -2;
     ctx->data = rctx;
diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod
index 91b12e2..27fee6e 100644
--- a/doc/apps/genpkey.pod
+++ b/doc/apps/genpkey.pod
@@ -116,7 +116,7 @@ below.
 
 =item B<rsa_keygen_bits:numbits>
 
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
 
 =item B<rsa_keygen_pubexp:value>
 
@@ -154,12 +154,12 @@ below.
 
 =item B<dsa_paramgen_bits:numbits>
 
-The number of bits in the generated prime. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 2048 is used.
 
 =item B<dsa_paramgen_q_bits:numbits>
 
 The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
-specified 160 is used.
+specified 224 is used.
 
 =item B<dsa_paramgen_md:digest>
 
@@ -178,7 +178,7 @@ or B<sha256> if it is 256.
 
 =item B<dh_paramgen_prime_len:numbits>
 
-The number of bits in the prime parameter B<p>. The default is 1024.
+The number of bits in the prime parameter B<p>. The default is 2048.
 
 =item B<dh_paramgen_subprime_len:numbits>

More information about the openssl-commits mailing list