Make PKCS#12 code handle missing passwords.

Add a couple of FAQs.
author: Dr. Stephen Henson <steve@openssl.org> 2000-05-04 00:08:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-05-04 00:08:35 +0000
commit: a331a305e9c9c5353bd42db6dbda78a418285708 (patch)
tree: d43a47f9dc244b7e04ea05547286b42053cc587d /apps/pkcs12.c
parent: 316e6a66f2c4f28f8705636921825c467a5ceef3 (diff)
download: openssl-a331a305e9c9c5353bd42db6dbda78a418285708.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index bf76864713..baf5505ecb 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -528,11 +528,16 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("verify MAC");
 #endif
-	if (!PKCS12_verify_mac (p12, mpass, -1)) {
+	/* If we enter empty password try no password first */
+	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+		/* If mac and crypto pass the same set it to NULL too */
+		if(!twopass) cpass = NULL;
+	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
-	} else BIO_printf (bio_err, "MAC verified OK\n");
+	}
+	BIO_printf (bio_err, "MAC verified OK\n");
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
 #endif
@@ -549,9 +554,9 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
     CRYPTO_pop_info();
 #endif
-    PKCS12_free(p12);
     ret = 0;
     end:
+    PKCS12_free(p12);
     if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
     CRYPTO_remove_all_info();
author	Dr. Stephen Henson <steve@openssl.org>	2000-05-04 00:08:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-05-04 00:08:35 +0000
commit	a331a305e9c9c5353bd42db6dbda78a418285708 (patch)
tree	d43a47f9dc244b7e04ea05547286b42053cc587d /apps/pkcs12.c
parent	316e6a66f2c4f28f8705636921825c467a5ceef3 (diff)
download	openssl-a331a305e9c9c5353bd42db6dbda78a418285708.tar.gz