informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
if (in == NULL)
goto end;
- out = bio_open_owner(outfile, outformat, private);
- if (out == NULL)
- goto end;
if (topk8) {
pkey = load_key(infile, informat, 1, passin, e, "key");
ERR_print_errors(bio_err);
goto end;
}
+ if ((out = bio_open_owner(outfile, outformat, private)) == NULL)
+ goto end;
if (nocrypt) {
assert(private);
if (outformat == FORMAT_PEM) {
}
assert(private);
+ out = bio_open_owner(outfile, outformat, private);
+ if (out == NULL)
+ goto end;
if (outformat == FORMAT_PEM) {
if (traditional)
PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
=item B<-in> I<filename>
-This specifies the input filename to read a key from or standard input if this
+This specifies the input file to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
+prompted for unless B<-passin> is given.
=item B<-passin> I<arg>, B<-passout> I<arg>
=item B<-out> I<filename>
-This specifies the output filename to write a key to or standard output by
-default. If any encryption options are set then a pass phrase will be
-prompted for. The output filename should B<not> be the same as the input
-filename.
+This specifies the output file to write a key to or standard output by default.
+The output filename can be the same as the input filename,
+which leads to replacing the file contents.
+Note that file I/O is not atomic. The output file is truncated and then written.
+
+If any encryption options are set and B<-passout> is not given
+then a pass phrase will be prompted for.
+When password input is interrupted, the output file is not touched.
=item B<-iter> I<count>
use warnings;
use OpenSSL::Test::Utils;
-use File::Compare qw(compare_text);
+use File::Copy;
+use File::Compare qw(compare_text compare);
use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/;
setup("test_pkcs8");
-plan tests => 15;
+plan tests => 18;
+
+my $pc5_key = srctop_file('test', 'certs', 'pc5-key.pem');
+
+my $inout = 'inout.pem';
+copy($pc5_key, $inout);
+ok(run(app(['openssl', 'pkcs8', '-topk8', '-in', $inout,
+ '-out', $inout, '-passout', 'pass:password'])),
+ "identical infile and outfile, to PKCS#8");
+ok(run(app(['openssl', 'pkcs8', '-in', $inout,
+ '-out', $inout, '-passin', 'pass:password'])),
+ "identical infile and outfile, from PKCS#8");
+is(compare($pc5_key, $inout), 0,
+ "Same file contents after converting forth and back");
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-out', 'pbkdf2_default_saltlen.pem',
'-passout', 'pass:password']))),
"Convert a private key to PKCS5 v2.0 format using PBKDF2 with the default saltlen");
if disabled("scrypt");
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-scrypt',
'-out', 'scrypt_default_saltlen.pem',
'-passout', 'pass:password']))),
"Check the default size of the SCRYPT PARAM 'salt length' = 16");
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-scrypt',
'-saltlen', '8',
'-out', 'scrypt_64bit_saltlen.pem',
if disabled('legacy') || disabled("des");
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-v1', "PBE-MD5-DES",
'-provider', 'legacy',
'-provider', 'default',
"Check the default size of the PBE PARAM 'salt length' = 8");
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-v1', "PBE-MD5-DES",
'-saltlen', '16',
'-provider', 'legacy',
ok(run(app(([ 'openssl', 'pkcs8', '-topk8',
- '-in', srctop_file('test', 'certs', 'pc5-key.pem'),
+ '-in', $pc5_key,
'-saltlen', '8',
'-out', 'pbkdf2_64bit_saltlen.pem',
'-passout', 'pass:password']))),
projects / thirdparty / openssl.git / commitdiff
