Commit d57a13c6c4 for openssl.org

commit d57a13c6c405e357050e569761590e546517e309
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Mon Apr 14 20:57:48 2025 +0200

    apps/cmp.c: fix handling of passwords when loading pubkey from possibyl password-protected container

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/28477)

diff --git a/apps/cmp.c b/apps/cmp.c
index 7becab43d2..e81bc8cd62 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -833,6 +833,15 @@ static int set_verbosity(int level)
     return 1;
 }

+static EVP_PKEY *load_pubkey_pwd(const char *uri, int format, const char *source, const char *desc)
+{
+    char *pass = get_passwd(source, desc);
+    EVP_PKEY *pkey = load_pubkey(uri, format, 0, pass, desc);
+
+    clear_free(pass);
+    return pkey;
+}
+
 static EVP_PKEY *load_key_pwd(const char *uri, int format,
     const char *source, const char *desc)
 {
@@ -1936,7 +1945,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx)
             desc = opt_csr == NULL
                 ? "fallback public key for cert to be enrolled"
                 : "public key for checking cert resulting from p10cr";
-            pkey = load_pubkey(file, format, 0, pass, desc);
+            pkey = load_pubkey_pwd(file, format, pass, desc);
             priv = 0;
         }