From b7bf1bc9d9e822022d7c4c918851551ce3d69a1a Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Tue, 7 Nov 2000 20:10:14 +0000
Subject: [PATCH] openssl rsa doesn't have a 2048 bit limit.  Change it to
 4096, which takes a long time and a lot of entropy to generate.

---
 bin/dnssec/dnssec-keygen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 7609befbc1..b053d2a9f6 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.43 2000/10/31 20:09:12 bwelling Exp $ */
+/* $Id: dnssec-keygen.c,v 1.44 2000/11/07 20:10:14 bwelling Exp $ */
 
 #include <config.h>
 
@@ -44,7 +44,7 @@
 
 #include "dnssectool.h"
 
-#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */
+#define MAX_RSA 4096 /* should be long enough... */
 
 const char *program = "dnssec-keygen";
 int verbose;