[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Wed Jan 30 15:47:46 UTC 2019

The branch master has been updated
       via  40b64553f577716cb4898895f5fd4530a6266c75 (commit)
      from  522b11e969cbdc82eca369512275f227080a86fa (commit)

- Log -----------------------------------------------------------------
commit 40b64553f577716cb4898895f5fd4530a6266c75
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jan 29 15:04:38 2019 +0000

    Complain if -twopass is used incorrectly
    The option -twopass to the pkcs12 app is ignored if -passin, -passout
    or -password is used. We should complain if an attempt is made to use
    it in combination with those options.
    Fixes #8107
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8114)


Summary of changes:
 apps/pkcs12.c       | 7 +++++++
 doc/man1/pkcs12.pod | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 94d6661..bf22aeb 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
     if (cpass != NULL) {
         mpass = cpass;
         noprompt = 1;
+        if (twopass) {
+            if (export_cert)
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+            else
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+            goto end;
+        }
     } else {
         cpass = pass;
         mpass = macpass;
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index 67adaa1..b1b6884 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
 Prompt for separate integrity and encryption passwords: most software
 always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).

More information about the openssl-commits mailing list