From 9ae1e6596f04f93d1be99c08ccfcb54f39fcc093 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 27 Sep 2024 07:31:36 +0200 Subject: [PATCH] APPS/dhparam: fix case where infile and outfile are the same Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25552) --- apps/dhparam.c | 8 ++++---- doc/man1/openssl-dhparam.pod.in | 10 ++++++---- test/recipes/20-test_dhparam.t | 13 +++++++++++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index ffe6e6cb889..600b7ed2b5b 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -179,10 +179,6 @@ int dhparam_main(int argc, char **argv) goto end; } - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - /* DH parameters */ if (num && !g) g = 2; @@ -322,6 +318,10 @@ int dhparam_main(int argc, char **argv) } } + out = bio_open_default(outfile, 'w', outformat); + if (out == NULL) + goto end; + if (text) EVP_PKEY_print_params(out, pkey, 4, NULL); diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index f8961091641..62ea9d2a43d 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -50,14 +50,16 @@ See L for details. =item B<-in> I -This specifies the input filename to read parameters from or standard input if +This specifies the input file to read parameters from or standard input if this option is not specified. =item B<-out> I -This specifies the output filename parameters to. Standard output is used -if this option is not present. The output filename should B be the same -as the input filename. +This specifies the output file to write parameters to. +Standard output is used if this option is not present. +The output filename can be the same as the input filename, +which leads to replacing the file contents. +Note that file I/O is not atomic. The output file is truncated and then written. =item B<-dsaparam> diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t index 72c878371eb..f81e74c5667 100644 --- a/test/recipes/20-test_dhparam.t +++ b/test/recipes/20-test_dhparam.t @@ -10,6 +10,8 @@ use strict; use warnings; +use File::Copy; +use File::Compare qw/compare/; use OpenSSL::Test qw(:DEFAULT data_file srctop_file); use OpenSSL::Test::Utils; @@ -19,7 +21,7 @@ setup("test_dhparam"); plan skip_all => "DH is not supported in this build" if disabled("dh"); -plan tests => 21; +plan tests => 23; my $fipsconf = srctop_file("test", "fips-and-base.cnf"); @@ -210,6 +212,13 @@ SKIP: { delete $ENV{OPENSSL_CONF}; } +my $input = data_file("pkcs3-2-1024.pem"); ok(run(app(["openssl", "dhparam", "-noout", "-text"], - stdin => data_file("pkcs3-2-1024.pem"))), + stdin => $input)), "stdinbuffer input test that uses BIO_gets"); + +my $inout = "inout.pem"; +copy($input, $inout); +ok(run(app(['openssl', 'dhparam', '-in', $inout, '-out', $inout])), + "identical infile and outfile"); +ok(!compare($input, $inout), "converted file $inout did not change"); -- 2.47.2