summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_crt.c
diff options
context:
space:
mode:
authordjm <>2009-01-09 12:14:11 +0000
committerdjm <>2009-01-09 12:14:11 +0000
commita0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
treec43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libcrypto/pkcs12/p12_crt.c
parent5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
downloadopenbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip
import openssl-0.9.8j
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_crt.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c39
1 files changed, 29 insertions, 10 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index dbafda17b6..e863de52ce 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,5 +1,5 @@
1/* p12_crt.c */ 1/* p12_crt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
@@ -59,10 +59,27 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/pkcs12.h> 61#include <openssl/pkcs12.h>
62#ifdef OPENSSL_FIPS
63#include <openssl/fips.h>
64#endif
65
62 66
63 67
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); 68static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
65 69
70static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
71 {
72 int idx;
73 X509_ATTRIBUTE *attr;
74 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
75 if (idx < 0)
76 return 1;
77 attr = EVP_PKEY_get_attr(pkey, idx);
78 if (!X509at_add1_attr(&bag->attrib, attr))
79 return 0;
80 return 1;
81 }
82
66PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 83PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
67 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, 84 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
68 int keytype) 85 int keytype)
@@ -77,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
77 94
78 /* Set defaults */ 95 /* Set defaults */
79 if (!nid_cert) 96 if (!nid_cert)
97 {
98#ifdef OPENSSL_FIPS
99 if (FIPS_mode())
100 nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
101 else
102#endif
80 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; 103 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
104 }
81 if (!nid_key) 105 if (!nid_key)
82 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 106 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
83 if (!iter) 107 if (!iter)
@@ -122,20 +146,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
122 146
123 if (pkey) 147 if (pkey)
124 { 148 {
125 int cspidx;
126 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); 149 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
127 150
128 if (!bag) 151 if (!bag)
129 goto err; 152 goto err;
130 153
131 cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); 154 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
132 if (cspidx >= 0) 155 goto err;
133 { 156 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
134 X509_ATTRIBUTE *cspattr; 157 goto err;
135 cspattr = EVP_PKEY_get_attr(pkey, cspidx);
136 if (!X509at_add1_attr(&bag->attrib, cspattr))
137 goto err;
138 }
139 158
140 if(name && !PKCS12_add_friendlyname(bag, name, -1)) 159 if(name && !PKCS12_add_friendlyname(bag, name, -1))
141 goto err; 160 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 12:11:37 +0000