req: fix default bits handling for -newkey

Fixes #15569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15582)
author: Tomas Mraz <tomas@openssl.org> 2021-06-02 09:35:44 +0200
committer: Pauli <pauli@openssl.org> 2021-06-04 15:09:12 +1000
commit: 6a2f82b439924a2e096ec3288041b7f2d02f58fc (patch)
tree: 9baa180e99a139339624f3ce93c106224e900820 /apps
parent: 5d8ea84efaf172af76461855988de2ac8b88beb0 (diff)
download: openssl-new-6a2f82b439924a2e096ec3288041b7f2d02f58fc.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/apps/req.c b/apps/req.c
index 284d03f40d..acb98e3560 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1587,7 +1587,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         *pkeytype = OPENSSL_strndup(keytype, keytypelen);
     else
         *pkeytype = OPENSSL_strdup(keytype);
-    *pkeylen = keylen;
+    if (keylen >= 0)
+        *pkeylen = keylen;
 
     if (param != NULL) {
         if (!EVP_PKEY_is_a(param, *pkeytype)) {
@@ -1626,6 +1627,10 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         EVP_PKEY_CTX_free(gctx);
         return NULL;
     }
+    if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA")
+        || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS")))
+        keylen = *pkeylen;
+
     if (keylen != -1) {
         OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
         size_t bits = keylen;
author	Tomas Mraz <tomas@openssl.org>	2021-06-02 09:35:44 +0200
committer	Pauli <pauli@openssl.org>	2021-06-04 15:09:12 +1000
commit	6a2f82b439924a2e096ec3288041b7f2d02f58fc (patch)
tree	9baa180e99a139339624f3ce93c106224e900820 /apps
parent	5d8ea84efaf172af76461855988de2ac8b88beb0 (diff)
download	openssl-new-6a2f82b439924a2e096ec3288041b7f2d02f58fc.tar.gz