Fix RSA key size validation in EVP_PKEY_RSA_keygen demo

The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)

(cherry picked from commit c79e1b212a616b8dca194a77e7698b886000fcb0)

diff --git a/demos/pkey/EVP_PKEY_RSA_keygen.c b/demos/pkey/EVP_PKEY_RSA_keygen.c
index 62dd8405e77be20ad4c048d75780e48526fe2750..94f517839efcf22c625671e98adcf01213229223 100644 (file)
--- a/demos/pkey/EVP_PKEY_RSA_keygen.c
+++ b/demos/pkey/EVP_PKEY_RSA_keygen.c
@@ -254,7 +254,7 @@ int main(int argc, char **argv)
 
     if (argc > 1) {
         bits_i = atoi(argv[1]);
-        if (bits < 512) {
+        if (bits_i < 512) {
             fprintf(stderr, "Invalid RSA key size\n");
             return EXIT_FAILURE;
         }