From 4794023edc6c5dcc312df6eaa1aceaf0bc012f3f Mon Sep 17 00:00:00 2001
From: sthen <sthen@openbsd.org>
Date: Sat, 17 May 2014 12:12:05 +0000
Subject: [PATCH] switch RSA key generation default to 2048 bits (matching
 ssh); ok miod@

---
 lib/libcrypto/rsa/rsa_pmeth.c         | 2 +-
 lib/libssl/src/apps/genrsa.c          | 2 +-
 lib/libssl/src/crypto/rsa/rsa_pmeth.c | 2 +-
 lib/libssl/src/doc/apps/genpkey.pod   | 2 +-
 lib/libssl/src/doc/apps/genrsa.pod    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c
index 09ef090172b..5580b7783ad 100644
--- a/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/lib/libcrypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx = malloc(sizeof(RSA_PKEY_CTX));
 	if (!rctx)
 		return 0;
-	rctx->nbits = 1024;
+	rctx->nbits = 2048;
 	rctx->pub_exp = NULL;
 	rctx->pad_mode = RSA_PKCS1_PADDING;
 	rctx->md = NULL;
diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c
index c6588282990..88c80f2b666 100644
--- a/lib/libssl/src/apps/genrsa.c
+++ b/lib/libssl/src/apps/genrsa.c
@@ -78,7 +78,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 
-#define DEFBITS	1024
+#define DEFBITS	2048
 
 static int genrsa_cb(int p, int n, BN_GENCB * cb);
 
diff --git a/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 09ef090172b..5580b7783ad 100644
--- a/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -96,7 +96,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx = malloc(sizeof(RSA_PKEY_CTX));
 	if (!rctx)
 		return 0;
-	rctx->nbits = 1024;
+	rctx->nbits = 2048;
 	rctx->pub_exp = NULL;
 	rctx->pad_mode = RSA_PKCS1_PADDING;
 	rctx->md = NULL;
diff --git a/lib/libssl/src/doc/apps/genpkey.pod b/lib/libssl/src/doc/apps/genpkey.pod
index 80e91ed496f..1870e302af2 100644
--- a/lib/libssl/src/doc/apps/genpkey.pod
+++ b/lib/libssl/src/doc/apps/genpkey.pod
@@ -97,7 +97,7 @@ below.
 
 =item B<rsa_keygen_bits:numbits>
 
-The number of bits in the generated key. If not specified 1024 is used.
+The number of bits in the generated key. If not specified 2048 is used.
 
 =item B<rsa_keygen_pubexp:value>
 
diff --git a/lib/libssl/src/doc/apps/genrsa.pod b/lib/libssl/src/doc/apps/genrsa.pod
index 608f237b133..35fd5d481de 100644
--- a/lib/libssl/src/doc/apps/genrsa.pod
+++ b/lib/libssl/src/doc/apps/genrsa.pod
@@ -65,7 +65,7 @@ for all available algorithms.
 =item B<numbits>
 
 the size of the private key to generate in bits. This must be the last option
-specified. The default is 512.
+specified. The default is 2048.
 
 =back
 
-- 
2.20.1