apps/pkcs12: Not writing the private key file until the import password is verified

Fixes #904

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23729)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 6d212b3a1a1b6324ae64b079f5ddcd186759a81e..e6fbc574a58e4bcd252c0f36fceccf249df021b1 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -732,9 +732,6 @@ int pkcs12_main(int argc, char **argv)
     in = bio_open_default(infile, 'r', FORMAT_PKCS12);
     if (in == NULL)
         goto end;
-    out = bio_open_owner(outfile, FORMAT_PEM, private);
-    if (out == NULL)
-        goto end;
 
     p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq());
     if (p12 == NULL) {
@@ -834,6 +831,11 @@ int pkcs12_main(int argc, char **argv)
 
  dump:
     assert(private);
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
     if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
         BIO_printf(bio_err, "Error outputting keys and certificates\n");
         ERR_print_errors(bio_err);