From b6995add5c91e9d62812883d884f0c558e6235d3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 15 May 2005 00:54:45 +0000 Subject: [PATCH] Make -CSP option work again in pkcs12 utility by checking for attribute in EVP_PKEY structure. --- CHANGES | 5 ++++ apps/pkcs12.c | 4 +++ crypto/evp/evp.h | 1 + crypto/evp/evp_pkey.c | 62 +++++++++++++++++++++++++++++++++++++++++ crypto/evp/p_lib.c | 2 ++ crypto/pkcs12/p12_crt.c | 12 ++++++++ crypto/x509/x509.h | 18 ++++++++++++ 7 files changed, 104 insertions(+) diff --git a/CHANGES b/CHANGES index 0be0a88e1b..cd3dba144e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7h and 0.9.8 [xx XXX xxxx] + *) Add attribute functions to EVP_PKEY structure. Modify + PKCS12_create() to recognize a CSP name attribute and + use it. Make -CSP option work again in pkcs12 utility. + [Steve Henson] + *) Add new functionality to the bn blinding code: - automatic re-creation of the BN_BLINDING parameters after a fixed number of uses (currently 32) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 410781e784..d77358a239 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -538,6 +538,10 @@ int MAIN(int argc, char **argv) catmp = (unsigned char *)sk_value(canames, i); X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } + + if (csp_name && key) + EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, + MBSTRING_ASC, (unsigned char *)csp_name, -1); #ifdef CRYPTO_MDEBUG diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 0296badc9e..4d38425b03 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -795,6 +795,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); + EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 925e0e0681..6510ed54dc 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -709,3 +709,65 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) return ret; } #endif + +/* EVP_PKEY attribute functions */ + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +{ + return X509at_get_attr_count(key->attributes); +} + +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos) +{ + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); +} + +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +} + +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) +{ + return X509at_get_attr(key->attributes, loc); +} + +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) +{ + return X509at_delete_attr(key->attributes, loc); +} + +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) +{ + if(X509at_add1_attr(&key->attributes, attr)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_OBJ(&key->attributes, obj, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_NID(&key->attributes, nid, + type, bytes, len)) return 1; + return 0; +} + +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len) +{ + if(X509at_add1_attr_by_txt(&key->attributes, attrname, + type, bytes, len)) return 1; + return 0; +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 934f8ff8be..85caa478ca 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -451,6 +451,8 @@ void EVP_PKEY_free(EVP_PKEY *x) } #endif EVP_PKEY_free_it(x); + if (x->attributes) + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); OPENSSL_free(x); } diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 77b5845ea9..dbafda17b6 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -122,9 +122,21 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, if (pkey) { + int cspidx; bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); + if (!bag) goto err; + + cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); + if (cspidx >= 0) + { + X509_ATTRIBUTE *cspattr; + cspattr = EVP_PKEY_get_attr(pkey, cspidx); + if (!X509at_add1_attr(&bag->attrib, cspattr)) + goto err; + } + if(name && !PKCS12_add_friendlyname(bag, name, -1)) goto err; if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 73c1686d15..66990ae5a8 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1201,6 +1201,24 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ -- GitLab