Commit 40b64553 authored Jan 29, 2019 by Matt Caswell

Complain if -twopass is used incorrectly



The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.

Fixes #8107

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)

parent 522b11e9

apps/pkcs12.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
		if (cpass != NULL) {
		mpass = cpass;
		noprompt = 1;
		if (twopass) {
		if (export_cert)
		BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
		else
		BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
		goto end;
		}
		} else {
		cpass = pass;
		mpass = macpass;

doc/man1/pkcs12.pod

+2 −1

Original line number	Diff line number	Diff line
		@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.

		Prompt for separate integrity and encryption passwords: most software
		always assumes these are the same so this option will render such
		PKCS#12 files unreadable.
		PKCS#12 files unreadable. Cannot be used in combination with the options
		-password, -passin (if importing) or -passout (if exporting).

		=back