From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 2 Jun 2021 07:35:44 +0000 (+0200)
Subject: req: fix default bits handling for -newkey
X-Git-Tag: openssl-3.0.0-beta1~210
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6a2f82b439924a2e096ec3288041b7f2d02f58fc;p=thirdparty%2Fopenssl.git

req: fix default bits handling for -newkey

Fixes #15569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15582)
---

diff --git a/apps/req.c b/apps/req.c
index 284d03f40dc..acb98e3560c 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1587,7 +1587,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         *pkeytype = OPENSSL_strndup(keytype, keytypelen);
     else
         *pkeytype = OPENSSL_strdup(keytype);
-    *pkeylen = keylen;
+    if (keylen >= 0)
+        *pkeylen = keylen;
 
     if (param != NULL) {
         if (!EVP_PKEY_is_a(param, *pkeytype)) {
@@ -1626,6 +1627,10 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         EVP_PKEY_CTX_free(gctx);
         return NULL;
     }
+    if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA")
+        || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS")))
+        keylen = *pkeylen;
+
     if (keylen != -1) {
         OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
         size_t bits = keylen;