Update RSA keygen to use sp800-56b by default Fixes #11742 Fixes #11764 The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048. Insecure key lengths and mutltiprime RSA will use the old method. Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11765)

commit: 8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df [log] [tgz]
author: Shane Lontis <shane.lontis@oracle.com> Wed Jun 10 08:59:56 2020 +1000
committer: Shane Lontis <shane.lontis@oracle.com> Wed Jun 10 08:59:56 2020 +1000
tree: e98500058e4d1c66bec1b7badd759b6c61bab683
parent: cd4afec69f13e283f74d59f1c97e15db6803bdcb [diff] [blame]
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index 89ae929..33aa60c 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in

@@ -33,7 +33,7 @@
 {- $OpenSSL::safe::opt_provider_synopsis -}
 [B<numbits>]
 
-=for openssl ifdef engine
+=for openssl ifdef engine 3
 
 =head1 DESCRIPTION
 
@@ -70,6 +70,7 @@
 =item B<-F4>, B<-f4>, B<-3>
 
 The public exponent to use, either 65537 or 3. The default is 65537.
+The B<-3> option has been deprecated.
 
 =item B<-primes> I<num>
commit	8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df	[log] [tgz]
author	Shane Lontis <shane.lontis@oracle.com>	Wed Jun 10 08:59:56 2020 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	Wed Jun 10 08:59:56 2020 +1000
tree	e98500058e4d1c66bec1b7badd759b6c61bab683
parent	cd4afec69f13e283f74d59f1c97e15db6803bdcb [diff] [blame]