Use defaults bits in req when not given
[openssl.git] / apps / req.c
index 303bbf9d1721787af8221f2287512d7e90d121ef..316163ff786af3790d774574c771350519948a27 100644 (file)
@@ -644,6 +644,11 @@ bad:
                if (inrand)
                        app_RAND_load_files(inrand);
 
+               if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+                       {
+                       newkey=DEFAULT_KEY_LENGTH;
+                       }
+
                if (keyalg)
                        {
                        genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
                                goto end;
                        }
        
-               if (newkey <= 0)
-                       {
-                       if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-                               newkey=DEFAULT_KEY_LENGTH;
-                       }
-
                if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
                        {
                        BIO_printf(bio_err,"private key length is too short,\n");
@@ -1646,6 +1645,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
                                keylen = atol(p + 1);
                                *pkeylen = keylen;
                                }
+                       else
+                               keylen = *pkeylen;
                        }
                else if (p)
                        paramfile = p + 1;