From: Quin-Darcy <pohmsuindraguli@gmail.com>
Date: Thu, 31 Jul 2025 14:07:46 +0000 (-0500)
Subject: Fix RSA key size validation in EVP_PKEY_RSA_keygen demo
X-Git-Tag: openssl-3.5.3~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a0ce39d9fd630df5555e0eac61fbedbdabeffce3;p=thirdparty%2Fopenssl.git

Fix RSA key size validation in EVP_PKEY_RSA_keygen demo

The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)

(cherry picked from commit c79e1b212a616b8dca194a77e7698b886000fcb0)
---

diff --git a/demos/pkey/EVP_PKEY_RSA_keygen.c b/demos/pkey/EVP_PKEY_RSA_keygen.c
index 62dd8405e77..94f517839ef 100644
--- a/demos/pkey/EVP_PKEY_RSA_keygen.c
+++ b/demos/pkey/EVP_PKEY_RSA_keygen.c
@@ -254,7 +254,7 @@ int main(int argc, char **argv)
 
     if (argc > 1) {
         bits_i = atoi(argv[1]);
-        if (bits < 512) {
+        if (bits_i < 512) {
             fprintf(stderr, "Invalid RSA key size\n");
             return EXIT_FAILURE;
         }