From c8359abb884daa6230cd1c1514ff188c93cfc914 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Thu, 26 Sep 2024 19:25:43 +0200 Subject: [PATCH] APPS/pkey: fix case where infile and outfile are the same Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25552) --- apps/pkey.c | 8 ++++---- doc/man1/openssl-pkey.pod.in | 11 ++++++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/apps/pkey.c b/apps/pkey.c index 3e4c09b362..ab0c95c2ac 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -208,10 +208,6 @@ int pkey_main(int argc, char **argv) goto end; } - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - if (pubin) pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); else @@ -219,6 +215,10 @@ int pkey_main(int argc, char **argv) if (pkey == NULL) goto end; + out = bio_open_owner(outfile, outformat, private); + if (out == NULL) + goto end; + #ifndef OPENSSL_NO_EC if (asn1_encoding != NULL || point_format != NULL) { OSSL_PARAM params[3], *p = params; diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index 884680a4f0..64e28bcada 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -69,8 +69,9 @@ or the public component of a key pair. =item B<-in> I|I -This specifies the input to read a key from +This specifies the input file to read a key from or standard input if this option is not specified. + If the key input is encrypted and B<-passin> is not given a pass phrase will be prompted for. @@ -100,11 +101,15 @@ If the input contains no public key but a private key, its public part is used. =item B<-out> I -This specifies the output filename to save the encoded and/or text output of key +This specifies the output file to save the encoded and/or text output of key or standard output if this option is not specified. +The output filename can be the same as the input filename, +which leads to replacing the file contents. +Note that file I/O is not atomic. The output file is truncated and then written. + If any cipher option is set but no B<-passout> is given then a pass phrase will be prompted for. -The output filename should B be the same as the input filename. +When password input is interrupted, the output file is not touched. =item B<-outform> B|B