Use defaults bits in req when not given

If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592

1 files changed, 7 insertions, 6 deletions

diff --git a/apps/req.c b/apps/req.c
index 303bbf9d17..316163ff78 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -644,6 +644,11 @@ bad:
 		if (inrand)
 			app_RAND_load_files(inrand);
 
+		if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+			{
+			newkey=DEFAULT_KEY_LENGTH;
+			}
+
 		if (keyalg)
 			{
 			genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
 				goto end;
 			}
 	
-		if (newkey <= 0)
-			{
-			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-				newkey=DEFAULT_KEY_LENGTH;
-			}
-
 		if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
@@ -1646,6 +1645,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
 				keylen = atol(p + 1);
 				*pkeylen = keylen;
 				}
+			else
+				keylen = *pkeylen;
 			}
 		else if (p)
 			paramfile = p + 1;