From: naaysayer <note11781@gmail.com>
Date: Sat, 2 Mar 2024 09:35:35 +0000 (+0400)
Subject: apps/pkcs12: Not writing the private key file until the import password is verified
X-Git-Tag: openssl-3.0.14~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49867ad09e29d93b48be7fb9953ed74bbf81b94b;p=thirdparty%2Fopenssl.git

apps/pkcs12: Not writing the private key file until the import password is verified

Fixes #904

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23729)

(cherry picked from commit f5462572a1873482ce38646cbf00dfc483f02068)
---

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index af4f9fce04b..6156be72f7d 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -712,9 +712,6 @@ int pkcs12_main(int argc, char **argv)
     in = bio_open_default(infile, 'r', FORMAT_PKCS12);
     if (in == NULL)
         goto end;
-    out = bio_open_owner(outfile, FORMAT_PEM, private);
-    if (out == NULL)
-        goto end;
 
     p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq());
     if (p12 == NULL) {
@@ -814,6 +811,11 @@ int pkcs12_main(int argc, char **argv)
 
  dump:
     assert(private);
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
     if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
         BIO_printf(bio_err, "Error outputting keys and certificates\n");
         ERR_print_errors(bio_err);