1
From: Kurt Roeckx <kurt@roeckx.be>
2
Subject: Change default bit size and digest
3
Date: Fri, 01 Nov 2013 20:47:14 +0100
5
Index: openssl-1.0.1e/apps/openssl.cnf
6
===================================================================
7
--- openssl-1.0.1e.orig/apps/openssl.cnf 2013-12-22 15:36:37.179274819 +0100
8
+++ openssl-1.0.1e/apps/openssl.cnf 2013-12-22 15:36:37.175274904 +0100
11
####################################################################
15
default_keyfile = privkey.pem
16
distinguished_name = req_distinguished_name
17
attributes = req_attributes
18
Index: openssl-1.0.1e/crypto/dsa/dsa_ameth.c
19
===================================================================
20
--- openssl-1.0.1e.orig/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.179274819 +0100
21
+++ openssl-1.0.1e/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.175274904 +0100
25
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
26
- *(int *)arg2 = NID_sha1;
27
+ *(int *)arg2 = NID_sha256;
31
Index: openssl-1.0.1e/crypto/ec/ec_ameth.c
32
===================================================================
33
--- openssl-1.0.1e.orig/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.179274819 +0100
34
+++ openssl-1.0.1e/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.175274904 +0100
38
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
39
- *(int *)arg2 = NID_sha1;
40
+ *(int *)arg2 = NID_sha256;
44
Index: openssl-1.0.1e/crypto/hmac/hm_ameth.c
45
===================================================================
46
--- openssl-1.0.1e.orig/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.179274819 +0100
47
+++ openssl-1.0.1e/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.175274904 +0100
51
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
52
- *(int *)arg2 = NID_sha1;
53
+ *(int *)arg2 = NID_sha256;
57
Index: openssl-1.0.1e/crypto/rsa/rsa_ameth.c
58
===================================================================
59
--- openssl-1.0.1e.orig/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.179274819 +0100
60
+++ openssl-1.0.1e/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.175274904 +0100
64
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
65
- *(int *)arg2 = NID_sha1;
66
+ *(int *)arg2 = NID_sha256;
70
Index: openssl-1.0.1e/apps/gendh.c
71
===================================================================
72
--- openssl-1.0.1e.orig/apps/gendh.c 2013-12-22 15:36:37.179274819 +0100
73
+++ openssl-1.0.1e/apps/gendh.c 2013-12-22 15:36:37.175274904 +0100
75
#include <openssl/x509.h>
76
#include <openssl/pem.h>
81
#define PROG gendh_main
83
Index: openssl-1.0.1e/apps/genrsa.c
84
===================================================================
85
--- openssl-1.0.1e.orig/apps/genrsa.c 2013-12-22 15:36:37.179274819 +0100
86
+++ openssl-1.0.1e/apps/genrsa.c 2013-12-22 15:36:37.175274904 +0100
88
#include <openssl/pem.h>
89
#include <openssl/rand.h>
94
#define PROG genrsa_main
96
Index: openssl-1.0.1e/apps/dhparam.c
97
===================================================================
98
--- openssl-1.0.1e.orig/apps/dhparam.c 2013-12-22 15:37:05.438669443 +0100
99
+++ openssl-1.0.1e/apps/dhparam.c 2013-12-22 15:38:18.417105946 +0100
102
#define PROG dhparam_main
105
+#define DEFBITS 2048
107
/* -inform arg - input format - default PEM (DER or PEM)
108
* -outform arg - output format - default PEM
110
BIO_printf(bio_err," -C Output C code\n");
111
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
112
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
113
- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
114
+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
115
#ifndef OPENSSL_NO_ENGINE
116
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");