The branch master has been updated
via 6a2f82b439924a2e096ec3288041b7f2d02f58fc (commit)
from 5d8ea84efaf172af76461855988de2ac8b88beb0 (commit)
- Log -----------------------------------------------------------------
commit 6a2f82b439924a2e096ec3288041b7f2d02f58fc
Author: Tomas Mraz <to...@openssl.org>
Date: Wed Jun 2 09:35:44 2021 +0200
req: fix default bits handling for -newkey
Fixes #15569
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15582)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/apps/req.c b/apps/req.c
index 284d03f40d..acb98e3560 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1587,7 +1587,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
*pkeytype = OPENSSL_strndup(keytype, keytypelen);
else
*pkeytype = OPENSSL_strdup(keytype);
- *pkeylen = keylen;
+ if (keylen >= 0)
+ *pkeylen = keylen;
if (param != NULL) {
if (!EVP_PKEY_is_a(param, *pkeytype)) {
@@ -1626,6 +1627,10 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
EVP_PKEY_CTX_free(gctx);
return NULL;
}
+ if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA")
+ || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS")))
+ keylen = *pkeylen;
+
if (keylen != -1) {
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
size_t bits = keylen;
