Fix the reading of DSA parameters files using the dsaparam app

DSA parameters files were failing to load correctly. We also fix a number
of follow on issues which resulted in multiple similar errors messages
being displayed for the same problem, as well as a seg-fault.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13317)

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7e374eb6ad68205306d842206bc5a57a898a057e..06d1b95902e75ee18e252e76683f700c31bc0e08 100644 (file)
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -179,14 +179,10 @@ int dsaparam_main(int argc, char **argv)
             goto end;
         }
     } else {
-        params = load_keyparams(infile, 1, "DSA parameters");
-        if (!EVP_PKEY_is_a(params, "DSA")) {
-            EVP_PKEY_free(params);
-            params = NULL;
-        }
+        params = load_keyparams(infile, 1, "DSA", "DSA parameters");
     }
     if (params == NULL) {
-        BIO_printf(bio_err, "Error, unable to load DSA parameters\n");
+        /* Error message should already have been displayed */
         goto end;
     }
 

diff --git a/apps/include/apps.h b/apps/include/apps.h
index 17e01336ab8f85f0dc5ac73cd2ff9ed7167021cb..b149a837f3dd018d1f3e765d476b6cdf7b9e3bce 100644 (file)
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -115,7 +115,8 @@ EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
                    const char *pass, ENGINE *e, const char *desc);
 EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
                       const char *pass, ENGINE *e, const char *desc);
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
+                         const char *desc);
 int load_certs(const char *uri, STACK_OF(X509) **certs,
                const char *pass, const char *desc);
 int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 9efc5f9eb1c92bd08218c6aaa5fc4d9d2a69e155..b1158a9ebc36cb2e71fffcde24d0423b10d97e22 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -598,7 +598,8 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
     return pkey;
 }
 
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
+                         const char *desc)
 {
     EVP_PKEY *params = NULL;
 
@@ -607,9 +608,13 @@ EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
 
     (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
                               NULL, NULL, &params, NULL, NULL, NULL, NULL);
-    if (params == NULL) {
-        BIO_printf(bio_err, "Unable to load %s\n", desc);
+    if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
+        BIO_printf(bio_err,
+                   "Unable to load %s from %s (unexpected parameters type)\n",
+                   desc, uri);
         ERR_print_errors(bio_err);
+        EVP_PKEY_free(params);
+        params = NULL;
     }
     return params;
 }
@@ -699,8 +704,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
     int ncrls = 0;
     const char *failed =
         ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
-        pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
-        pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
+        pparams != NULL ? "params" : pcert != NULL ? "cert" :
+        pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
+        pcrls != NULL ? "CRLs" : NULL;
     /* TODO make use of the engine reference 'eng' when loading pkeys */
 
     if (ppkey != NULL)