req: Avoid segfault when -modulus is used

Fixes #16196

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16215)

diff --git a/apps/req.c b/apps/req.c
index 5524092f2c442a7c7f63eca044468ad10bdf81e9..a0ecda8225aa623d20fcae534fd3c34b3a037ab2 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -996,8 +996,8 @@ int req_main(int argc, char **argv)
         if (EVP_PKEY_is_a(tpubkey, "RSA")) {
             BIGNUM *n = NULL;
 
-            /* Every RSA key has an 'n' */
-            EVP_PKEY_get_bn_param(pkey, "n", &n);
+            if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))
+                goto end;
             BN_print(out, n);
             BN_free(n);
         } else {

diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 084d70bca54f769e6ce4c9cee6deb73671895678..a405810ae20a9b58dac3d2658c523efac57e2b2c 100644 (file)
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -78,7 +78,7 @@ subtest "generating alt certificate requests with RSA" => sub {
 
 
 subtest "generating certificate requests with RSA" => sub {
-    plan tests => 7;
+    plan tests => 8;
 
     SKIP: {
         skip "RSA is not supported by this OpenSSL build", 2
@@ -103,6 +103,11 @@ subtest "generating certificate requests with RSA" => sub {
                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
            "Verifying signature on request");
 
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-modulus", "-in", "testreq-rsa.pem", "-noout"])),
+           "Printing a modulus of the request key");
+
         ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",