Complain if -twopass is used incorrectly

The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.

Fixes #8107

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)
This commit is contained in:
Matt Caswell 2019-01-29 15:04:38 +00:00
parent 522b11e969
commit 40b64553f5
2 changed files with 9 additions and 1 deletions

View File

@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
if (cpass != NULL) { if (cpass != NULL) {
mpass = cpass; mpass = cpass;
noprompt = 1; noprompt = 1;
if (twopass) {
if (export_cert)
BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
else
BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
goto end;
}
} else { } else {
cpass = pass; cpass = pass;
mpass = macpass; mpass = macpass;

View File

@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
Prompt for separate integrity and encryption passwords: most software Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such always assumes these are the same so this option will render such
PKCS#12 files unreadable. PKCS#12 files unreadable. Cannot be used in combination with the options
-password, -passin (if importing) or -passout (if exporting).
=back =back