From 8ee66a092c07e618191ef49c8912f8235b08bb95 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 31 May 2021 09:26:05 +1000
Subject: [PATCH] req: fix Coverity 1485137 Explicit null dereference

Add a check for a non-existent file name when specifying params via file.
Add a check for a failure to determine key type.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15534)
---
 apps/req.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/req.c b/apps/req.c
index a9769b74527..3b0545fd6e7 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1522,6 +1522,12 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 
         if (strncmp(gstr, "param", len) == 0) {
             expect_paramfile = 1;
+            if (p == NULL) {
+                BIO_printf(bio_err,
+                           "Parameter file requested but no path given: %s\n",
+                           gstr);
+                return NULL;
+            }
         } else {
             keytype = gstr;
             keytypelen = len;
@@ -1569,6 +1575,11 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         }
         if (keytype == NULL) {
             keytype = EVP_PKEY_get0_type_name(param);
+            if (keytype == NULL) {
+                EVP_PKEY_free(param);
+                BIO_puts(bio_err, "Unable to determine key type\n");
+                return NULL;
+            }
         }
     }
 
-- 
2.47.3