[PATCH] Fix for empty password handling in PKCS12

Thomas Wu Mon, 22 Nov 2004 16:26:41 -0800

This patch allows the "pkcs12" utility to handle empty-password PKCS#12
files created by MS even when the "-passin" option is used.  Previously,
such files could only be imported by leaving out "-passin" and hitting
return at the import password prompt, which was insufficient for
scripted or unattended operation.

*** openssl-0.9.7e-orig/apps/pkcs12.c   2003-12-27 14:40:56.000000000 +0000
--- openssl-0.9.7e/apps/pkcs12.c        2004-11-23 00:21:50.000000000 +0000
***************
*** 667,671 ****
  #endif
        /* If we enter empty password try no password first */
!       if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
                /* If mac and crypto pass the same set it to NULL too */
                if(!twopass) cpass = NULL;
--- 667,673 ----
  #endif
        /* If we enter empty password try no password first */
!       if(mpass && !mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
!               if(!twopass) cpass = NULL;
!       } else if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
                /* If mac and crypto pass the same set it to NULL too */
                if(!twopass) cpass = NULL;

[PATCH] Fix for empty password handling in PKCS12

Reply via email to