Make -CSP option work again in pkcs12 utility by checking for
attribute in EVP_PKEY structure.
This commit is contained in:
Dr. Stephen Henson
parent
8ccd06c66c
commit
b6995add5c
7 changed files with 104 additions and 0 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 0.9.7h and 0.9.8 [xx XXX xxxx]
|
||||
|
||||
*) Add attribute functions to EVP_PKEY structure. Modify
|
||||
PKCS12_create() to recognize a CSP name attribute and
|
||||
use it. Make -CSP option work again in pkcs12 utility.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add new functionality to the bn blinding code:
|
||||
- automatic re-creation of the BN_BLINDING parameters after
|
||||
a fixed number of uses (currently 32)
|
||||
|
|
|
|||
|
|
@ -538,6 +538,10 @@ int MAIN(int argc, char **argv)
|
|||
catmp = (unsigned char *)sk_value(canames, i);
|
||||
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
|
||||
}
|
||||
|
||||
if (csp_name && key)
|
||||
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
|
||||
MBSTRING_ASC, (unsigned char *)csp_name, -1);
|
||||
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
|
|
|
|||
|
|
@ -795,6 +795,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
|||
|
||||
EVP_PKEY * EVP_PKEY_new(void);
|
||||
void EVP_PKEY_free(EVP_PKEY *pkey);
|
||||
|
||||
EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
|
||||
long length);
|
||||
int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
|
||||
|
|
|
|||
|
|
@ -709,3 +709,65 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
|
|||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* EVP_PKEY attribute functions */
|
||||
|
||||
int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
|
||||
{
|
||||
return X509at_get_attr_count(key->attributes);
|
||||
}
|
||||
|
||||
int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
|
||||
int lastpos)
|
||||
{
|
||||
return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
|
||||
}
|
||||
|
||||
int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
|
||||
int lastpos)
|
||||
{
|
||||
return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
|
||||
}
|
||||
|
||||
X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
|
||||
{
|
||||
return X509at_get_attr(key->attributes, loc);
|
||||
}
|
||||
|
||||
X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
|
||||
{
|
||||
return X509at_delete_attr(key->attributes, loc);
|
||||
}
|
||||
|
||||
int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
|
||||
{
|
||||
if(X509at_add1_attr(&key->attributes, attr)) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
|
||||
const ASN1_OBJECT *obj, int type,
|
||||
const unsigned char *bytes, int len)
|
||||
{
|
||||
if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
|
||||
type, bytes, len)) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
|
||||
int nid, int type,
|
||||
const unsigned char *bytes, int len)
|
||||
{
|
||||
if(X509at_add1_attr_by_NID(&key->attributes, nid,
|
||||
type, bytes, len)) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
|
||||
const char *attrname, int type,
|
||||
const unsigned char *bytes, int len)
|
||||
{
|
||||
if(X509at_add1_attr_by_txt(&key->attributes, attrname,
|
||||
type, bytes, len)) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -451,6 +451,8 @@ void EVP_PKEY_free(EVP_PKEY *x)
|
|||
}
|
||||
#endif
|
||||
EVP_PKEY_free_it(x);
|
||||
if (x->attributes)
|
||||
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
|
||||
OPENSSL_free(x);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -122,9 +122,21 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
|
|||
|
||||
if (pkey)
|
||||
{
|
||||
int cspidx;
|
||||
bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
|
||||
|
||||
if (!bag)
|
||||
goto err;
|
||||
|
||||
cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
|
||||
if (cspidx >= 0)
|
||||
{
|
||||
X509_ATTRIBUTE *cspattr;
|
||||
cspattr = EVP_PKEY_get_attr(pkey, cspidx);
|
||||
if (!X509at_add1_attr(&bag->attrib, cspattr))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if(name && !PKCS12_add_friendlyname(bag, name, -1))
|
||||
goto err;
|
||||
if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
|
||||
|
|
|
|||
|
|
@ -1201,6 +1201,24 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
|
|||
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
|
||||
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
|
||||
|
||||
int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
|
||||
int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
|
||||
int lastpos);
|
||||
int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
|
||||
int lastpos);
|
||||
X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
|
||||
X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
|
||||
int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
|
||||
int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
|
||||
const ASN1_OBJECT *obj, int type,
|
||||
const unsigned char *bytes, int len);
|
||||
int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
|
||||
int nid, int type,
|
||||
const unsigned char *bytes, int len);
|
||||
int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
|
||||
const char *attrname, int type,
|
||||
const unsigned char *bytes, int len);
|
||||
|
||||
int X509_verify_cert(X509_STORE_CTX *ctx);
|
||||
|
||||
/* lookup a cert from a X509 STACK */
|
||||
|
|
|
|||
Loading…
Reference in a new issue