apps/cmp.c: Improve diagnostics on loading private vs. public key for cert request

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13841)
2021-01-08 07:30:51 +01:00 · 2021-01-08 07:30:51 +01:00 · 92d619450a
parent adcaebc314
commit 92d619450a
1 changed files with 8 additions and 2 deletions
--- a/apps/cmp.c
+++ b/apps/cmp.c
@ -1603,12 +1603,18 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
        const int format = opt_keyform;
        const char *pass = opt_newkeypass;
        const char *desc = "new private key for cert to be enrolled";
-        EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, desc);
+        EVP_PKEY *pkey;
        int priv = 1;
+        BIO *bio_bak = bio_err;

+        bio_err = NULL; /* suppress diagnostics on first try loading key */
+        pkey = load_key_pwd(file, format, pass, engine, desc);
+        bio_err = bio_bak;
        if (pkey == NULL) {
            ERR_clear_error();
-            desc = "fallback public key for cert to be enrolled";
+            desc = opt_csr == NULL
+            ? "fallback public key for cert to be enrolled"
+            : "public key for checking cert resulting from p10cr";
            pkey = load_pubkey(file, format, 0, pass, engine, desc);
            priv = 0;
        }