From ed1a9bcb836bbdb06868894a33055b0dcf0ee06b Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 27 Sep 2024 07:58:33 +0200 Subject: [PATCH] APPS/pkcs8: fix case where infile and outfile are the same --- apps/pkcs8.c | 8 +++++--- test/recipes/25-test_pkcs8.t | 30 ++++++++++++++++++++++-------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 7b5e79966bacc0..22978afb9093e4 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -227,9 +227,6 @@ int pkcs8_main(int argc, char **argv) informat == FORMAT_UNDEF ? FORMAT_PEM : informat); if (in == NULL) goto end; - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; if (topk8) { pkey = load_key(infile, informat, 1, passin, e, "key"); @@ -240,6 +237,8 @@ int pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if ((out = bio_open_owner(outfile, outformat, private)) == NULL) + goto end; if (nocrypt) { assert(private); if (outformat == FORMAT_PEM) { @@ -361,6 +360,9 @@ int pkcs8_main(int argc, char **argv) } assert(private); + out = bio_open_owner(outfile, outformat, private); + if (out == NULL) + goto end; if (outformat == FORMAT_PEM) { if (traditional) PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0, diff --git a/test/recipes/25-test_pkcs8.t b/test/recipes/25-test_pkcs8.t index 93cb7629bf9c23..a0f8644744827e 100644 --- a/test/recipes/25-test_pkcs8.t +++ b/test/recipes/25-test_pkcs8.t @@ -10,15 +10,29 @@ use strict; use warnings; use OpenSSL::Test::Utils; -use File::Compare qw(compare_text); +use File::Copy; +use File::Compare qw(compare_text compare); use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/; setup("test_pkcs8"); -plan tests => 15; +plan tests => 18; + +my $pc5_key = srctop_file('test', 'certs', 'pc5-key.pem'); + +my $inout = 'inout.pem'; +copy($pc5_key, $inout); +ok(run(app(['openssl', 'pkcs8', '-topk8', '-in', $inout, + '-out', $inout, '-passout', 'pass:password'])), + "identical infile and outfile, to PKCS#8"); +ok(run(app(['openssl', 'pkcs8', '-in', $inout, + '-out', $inout, '-passin', 'pass:password'])), + "identical infile and outfile, from PKCS#8"); +is(compare($pc5_key, $inout), 0, + "Same file contents after converting forth and back"); ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-out', 'pbkdf2_default_saltlen.pem', '-passout', 'pass:password']))), "Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen"); @@ -35,7 +49,7 @@ SKIP: { if disabled("scrypt"); ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-scrypt', '-out', 'scrypt_default_saltlen.pem', '-passout', 'pass:password']))), @@ -49,7 +63,7 @@ SKIP: { "Check the default size of the SCRYPT PARAM 'salt length' = 16"); ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-scrypt', '-saltlen', '8', '-out', 'scrypt_64bit_saltlen.pem', @@ -69,7 +83,7 @@ SKIP: { if disabled('legacy') || disabled("des"); ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-v1', "PBE-MD5-DES", '-provider', 'legacy', '-provider', 'default', @@ -83,7 +97,7 @@ SKIP: { "Check the default size of the PBE PARAM 'salt length' = 8"); ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-v1', "PBE-MD5-DES", '-saltlen', '16', '-provider', 'legacy', @@ -100,7 +114,7 @@ SKIP: { ok(run(app(([ 'openssl', 'pkcs8', '-topk8', - '-in', srctop_file('test', 'certs', 'pc5-key.pem'), + '-in', $pc5_key, '-saltlen', '8', '-out', 'pbkdf2_64bit_saltlen.pem', '-passout', 'pass:password']))),