X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_kiss.c;h=c2ee2cc6f3a71e6e1aac1d839dc6e48e8c3f0cf3;hp=f49d2e5249efb40ed412c57ade313ba246b54c12;hb=1c2f1fe505f55a5df2430d78128a4ace331e6597;hpb=f2716dada0527bcf200e628fd572514bd395fbfb diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index f49d2e5249..c2ee2cc6f3 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -80,27 +80,24 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, * passed unitialised. */ -int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { /* Check for NULL PKCS12 structure */ - if(!p12) - { + if(!p12) { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); return 0; - } + } /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) - { - if (!(*ca = sk_X509_new(NULL))) - { + if ((ca != NULL) && (*ca == NULL)) { + if (!(*ca = sk_X509_new_null())) { PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); return 0; - } } + } if(pkey) *pkey = NULL; if(cert) *cert = NULL; @@ -135,55 +132,56 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: - if (pkey && *pkey) EVP_PKEY_free (*pkey); - if (cert && *cert) X509_free (*cert); - if (ca) sk_X509_pop_free (*ca, X509_free); + if (pkey && *pkey) EVP_PKEY_free(*pkey); + if (cert && *cert) X509_free(*cert); + if (ca) sk_X509_pop_free(*ca, X509_free); return 0; } /* Parse the outer PKCS#12 structure */ -static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, +static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - STACK *asafes; + STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; ASN1_OCTET_STRING *keyid = NULL; + char keymatch = 0; - if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; - for (i = 0; i < sk_num (asafes); i++) { - p7 = (PKCS7 *) sk_value (asafes, i); + if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; + for (i = 0; i < sk_PKCS7_num (asafes); i++) { + p7 = sk_PKCS7_value (asafes, i); bagnid = OBJ_obj2nid (p7->type); if (bagnid == NID_pkcs7_data) { - bags = M_PKCS12_unpack_p7data (p7); + bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { - bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); + bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; if (!bags) { - sk_pop_free (asafes, (void(*)(void *)) PKCS7_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } if (!parse_bags(bags, pass, passlen, pkey, cert, ca, &keyid, &keymatch)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } - sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); + sk_PKCS7_pop_free(asafes, PKCS7_free); if (keyid) M_ASN1_OCTET_STRING_free(keyid); return 1; } -static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) +static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { @@ -199,18 +197,23 @@ static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, #define MATCH_ALL 0x3 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) + EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, + ASN1_OCTET_STRING **keyid, + char *keymatch) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_OCTET_STRING *lkey = NULL; + ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ASN1_TYPE *attrib; + ASN1_BMPSTRING *fname = NULL; + if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) + fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) - lkey = attrib->value.octet_string; + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { + lkey = attrib->value.octet_string; + ckid = lkey; + } /* Check for any local key id matching (if needed) */ if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { @@ -218,7 +221,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; } else { if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); + PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); return 0; } } @@ -234,7 +237,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, case NID_pkcs8ShroudedKeyBag: if (!lkey || !pkey) return 1; - if (!(p8 = M_PKCS12_decrypt_skey(bag, pass, passlen))) + if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); @@ -245,10 +248,35 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, case NID_certBag: if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) return 1; - if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; + if (!(x509 = PKCS12_certbag2x509(bag))) return 0; + if(ckid) + { + if (!X509_keyid_set1(x509, ckid->data, ckid->length)) + { + X509_free(x509); + return 0; + } + } + if(fname) { + int len, r; + unsigned char *data; + len = ASN1_STRING_to_UTF8(&data, fname); + if(len > 0) { + r = X509_alias_set1(x509, data, len); + OPENSSL_free(data); + if (!r) + { + X509_free(x509); + return 0; + } + } + } + + if (lkey) { *keymatch |= MATCH_CERT; if (cert) *cert = x509; + else X509_free(x509); } else { if(ca) sk_X509_push (*ca, x509); else X509_free(x509);