apps/pkey.c: Make clear that -passout is not supported for DER output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13712)

diff --git a/apps/pkey.c b/apps/pkey.c
index 67dc8c012c38c7001598703ea1443afa926f74f2..c6308e2f0a3229545c1976374117851f9db9e789 100644 (file)
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -66,7 +66,7 @@ const OPTIONS pkey_options[] = {
 
     OPT_SECTION("Output"),
     {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
-    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source"},
     {"out", OPT_OUT, '>', "Output file"},
     {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
     {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
@@ -196,6 +196,11 @@ int pkey_main(int argc, char **argv)
     if (text && !pubtext)
         private = 1;
 
+    if (outformat == FORMAT_ASN1 && passoutarg != NULL) {
+        BIO_printf(bio_err, "The -passout option is not supported for DER output\n");
+        goto end;
+    }
+
     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
         goto end;

diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in
index 86597c9e36949be0297e1cfac7733f30f18b03eb..2900fc24c7e4d939cd59d92cd17132ac963e8515 100644 (file)
--- a/doc/man1/openssl-pkey.pod.in
+++ b/doc/man1/openssl-pkey.pod.in
@@ -67,6 +67,8 @@ prompted for.
 =item B<-passin> I<arg>, B<-passout> I<arg>
 
 The password source for the input and output file.
+The -passout option is not supported for DER output.
+
 For more information about the format of B<arg>
 see L<openssl-passphrase-options(1)>.