From c79e1b212a616b8dca194a77e7698b886000fcb0 Mon Sep 17 00:00:00 2001
From: Quin-Darcy <pohmsuindraguli@gmail.com>
Date: Thu, 31 Jul 2025 09:07:46 -0500
Subject: [PATCH] Fix RSA key size validation in EVP_PKEY_RSA_keygen demo

The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)
---
 demos/pkey/EVP_PKEY_RSA_keygen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/demos/pkey/EVP_PKEY_RSA_keygen.c b/demos/pkey/EVP_PKEY_RSA_keygen.c
index 62dd8405e77..94f517839ef 100644
--- a/demos/pkey/EVP_PKEY_RSA_keygen.c
+++ b/demos/pkey/EVP_PKEY_RSA_keygen.c
@@ -254,7 +254,7 @@ int main(int argc, char **argv)
 
     if (argc > 1) {
         bits_i = atoi(argv[1]);
-        if (bits < 512) {
+        if (bits_i < 512) {
             fprintf(stderr, "Invalid RSA key size\n");
             return EXIT_FAILURE;
         }
-- 
2.47.3