From 08cbbea461da6b24985de281b374b89fe91ba3a7 Mon Sep 17 00:00:00 2001
From: Praneeth Sarode <praneethsarode@gmail.com>
Date: Sun, 21 Sep 2025 04:57:56 +0530
Subject: [PATCH] pki: update RSA key generation to use default size when
 parameter is 0

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/pki.c            | 1 +
 src/pki_crypto.c     | 4 ++++
 src/pki_gcrypt.c     | 4 ++++
 src/pki_mbedcrypto.c | 4 ++++
 4 files changed, 13 insertions(+)

diff --git a/src/pki.c b/src/pki.c
index 1fb8885c..0999fb02 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -2182,6 +2182,7 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
  *
  * @param[in] parameter Parameter to the creation of key:
  *                      rsa : length of the key in bits (e.g. 1024, 2048, 4096)
+ *                      If parameter is 0, then the default size will be used.
  * @param[out] pkey     A pointer to store the allocated private key. You need
  *                      to free the memory using ssh_key_free().
  *
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 06dfbdd2..6d8521ec 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -803,6 +803,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
     unsigned e = 65537;
 #endif /* OPENSSL_VERSION_NUMBER */
 
+    if (parameter == 0) {
+        parameter = RSA_DEFAULT_KEY_SIZE;
+    }
+
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     e = BN_new();
     key_rsa = RSA_new();
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 6f1915fc..d4219e09 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1300,6 +1300,10 @@ pki_key_generate(ssh_key key, int parameter, const char *type_s, int type)
 
 int pki_key_generate_rsa(ssh_key key, int parameter)
 {
+    if (parameter == 0) {
+        parameter = RSA_DEFAULT_KEY_SIZE;
+    }
+
     return pki_key_generate(key, parameter, "rsa", SSH_KEYTYPE_RSA);
 }
 
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 8ecfcf58..175d2fec 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -564,6 +564,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter)
     int rc;
     const mbedtls_pk_info_t *info = NULL;
 
+    if (parameter == 0) {
+        parameter = RSA_DEFAULT_KEY_SIZE;
+    }
+
     key->pk = malloc(sizeof(mbedtls_pk_context));
     if (key->pk == NULL) {
         return SSH_ERROR;