APPS: genrsa: Support setting properties

The -provider and -propquery options did not work on genrsa. Fix this
and add a test that checks that operations that would usually fail with
the FIPS provider work when run with

| -provider default -propquery '?fips!=yes'

See also 30b2c3592e, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)

apps/genrsa.c

@@ -179,7 +179,8 @@ opthelp:
     if (out == NULL)
         goto end;
 
-    if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL))
+    if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(),
+                      app_get0_propq()))
         goto end;
 
     if (verbose)

test/recipes/15-test_genrsa.t

@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
-    ($no_fips ? 0 : 3)          # Extra FIPS related tests
+    ($no_fips ? 0 : 5)          # Extra FIPS related tests
     + 15;
 
 # We want to know that an absurdly small number of bits isn't support
@@ -129,6 +129,17 @@ unless ($no_fips) {
                 '-out', 'genrsatest3072.pem'])),
        "Generating RSA key with 3072 bits");
 
+   ok(!run(app(['openssl', 'genrsa', @prov, '512'])),
+       "Generating RSA key with 512 bits should fail in FIPS provider");
+
+   ok(!run(app(['openssl', 'genrsa',
+                @prov,
+                '-provider', 'default',
+                '-propquery', '?fips!=yes',
+                '512'])),
+       "Generating RSA key with 512 bits should succeed with FIPS provider as".
+       " default with a non-FIPS property query");
+
     # We want to know that an absurdly large number of bits fails the RNG check
     is(run(app([ 'openssl', 'genpkey',
                  @prov,