[apps/pkey] Return error on failed -[pub]check

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13359)
2025-01-30 14:01:55 +08:00 · 2020-11-09 22:35:28 +02:00 · 2020-11-09 22:35:28 +02:00 · ed37336b63
commit ed37336b63
parent c5bc5ec849
2 changed files with 9 additions and 2 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -23,6 +23,12 @@ OpenSSL 3.0

 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]

+ * Behavior of the `pkey` app is changed, when using the `-check` or `-pubcheck`
+   switches: a validation failure triggers an early exit, returning a failure
+   exit status to the parent process.
+
+   *Nicola Tuveri*
+
 * Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites()
   to ignore unknown ciphers.

--- a/apps/pkey.c
+++ b/apps/pkey.c
@ -82,6 +82,7 @@ int pkey_main(int argc, char **argv)
    BIO *in = NULL, *out = NULL;
    ENGINE *e = NULL;
    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
    const EVP_CIPHER *cipher = NULL;
    char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
    char *passinarg = NULL, *passoutarg = NULL, *prog;
@ -231,7 +232,6 @@ int pkey_main(int argc, char **argv)

    if (check || pub_check) {
        int r;
-        EVP_PKEY_CTX *ctx;

        ctx = EVP_PKEY_CTX_new(pkey, e);
        if (ctx == NULL) {
@ -260,8 +260,8 @@ int pkey_main(int argc, char **argv)
                           ERR_reason_error_string(err));
                ERR_get_error(); /* remove err from error stack */
            }
+            goto end;
        }
-        EVP_PKEY_CTX_free(ctx);
    }

    if (!noout) {
@ -313,6 +313,7 @@ int pkey_main(int argc, char **argv)
 end:
    if (ret != 0)
        ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
    EVP_PKEY_free(pkey);
    release_engine(e);
    BIO_free_all(out);