apps/cmp.c: Improve diagnostics on loading private vs. public key for cert request

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13841)

diff --git a/apps/cmp.c b/apps/cmp.c
index b28b7431ced524af97c7bd76bbd4775ed8d49288..223a6ae3d169306c8329afb86801dfac15465517 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1603,12 +1603,18 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
         const int format = opt_keyform;
         const char *pass = opt_newkeypass;
         const char *desc = "new private key for cert to be enrolled";
-        EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, desc);
+        EVP_PKEY *pkey;
         int priv = 1;
+        BIO *bio_bak = bio_err;
 
+        bio_err = NULL; /* suppress diagnostics on first try loading key */
+        pkey = load_key_pwd(file, format, pass, engine, desc);
+        bio_err = bio_bak;
         if (pkey == NULL) {
             ERR_clear_error();
-            desc = "fallback public key for cert to be enrolled";
+            desc = opt_csr == NULL
+            ? "fallback public key for cert to be enrolled"
+            : "public key for checking cert resulting from p10cr";
             pkey = load_pubkey(file, format, 0, pass, engine, desc);
             priv = 0;
         }