Make -CSP option work again in pkcs12 utility by checking for

attribute in EVP_PKEY structure.

7 files changed, 104 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 0be0a88e1b..cd3dba144e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.7h and 0.9.8  [xx XXX xxxx]
 
+  *) Add attribute functions to EVP_PKEY structure. Modify
+     PKCS12_create() to recognize a CSP name attribute and
+     use it. Make -CSP option work again in pkcs12 utility.
+     [Steve Henson]
+
   *) Add new functionality to the bn blinding code:
      - automatic re-creation of the BN_BLINDING parameters after
        a fixed number of uses (currently 32)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 410781e784..d77358a239 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -538,6 +538,10 @@ int MAIN(int argc, char **argv)
 		catmp = (unsigned char *)sk_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}
+
+	if (csp_name && key)
+		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+				MBSTRING_ASC, (unsigned char *)csp_name, -1);
 		
 
 #ifdef CRYPTO_MDEBUG
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 0296badc9e..4d38425b03 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -795,6 +795,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 
 EVP_PKEY *	EVP_PKEY_new(void);
 void		EVP_PKEY_free(EVP_PKEY *pkey);
+
 EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
 			long length);
 int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 925e0e0681..6510ed54dc 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -709,3 +709,65 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 	return ret;
 }
 #endif
+
+/* EVP_PKEY attribute functions */
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
+{
+	return X509at_get_attr_count(key->attributes);
+}
+
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
+			  int lastpos)
+{
+	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+}
+
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+			  int lastpos)
+{
+	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
+{
+	return X509at_get_attr(key->attributes, loc);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
+{
+	return X509at_delete_attr(key->attributes, loc);
+}
+
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
+{
+	if(X509at_add1_attr(&key->attributes, attr)) return 1;
+	return 0;
+}
+
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
+				type, bytes, len)) return 1;
+	return 0;
+}
+
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+			int nid, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_NID(&key->attributes, nid,
+				type, bytes, len)) return 1;
+	return 0;
+}
+
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_txt(&key->attributes, attrname,
+				type, bytes, len)) return 1;
+	return 0;
+}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 934f8ff8be..85caa478ca 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -451,6 +451,8 @@ void EVP_PKEY_free(EVP_PKEY *x)
 		}
 #endif
 	EVP_PKEY_free_it(x);
+	if (x->attributes)
+		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
 	OPENSSL_free(x);
 	}
 
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 77b5845ea9..dbafda17b6 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -122,9 +122,21 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	if (pkey)
 		{
+		int cspidx;
 		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
 		if (!bag)
 			goto err;
+
+		cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
+		if (cspidx >= 0)
+			{
+			X509_ATTRIBUTE *cspattr;
+			cspattr = EVP_PKEY_get_attr(pkey, cspidx);
+			if (!X509at_add1_attr(&bag->attrib, cspattr))
+				goto err;
+			}
+
 		if(name && !PKCS12_add_friendlyname(bag, name, -1))
 			goto err;
 		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 73c1686d15..66990ae5a8 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1201,6 +1201,24 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
 
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
+			  int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+			  int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+			int nid, int type,
+			const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len);
+
 int		X509_verify_cert(X509_STORE_CTX *ctx);
 
 /* lookup a cert from a X509 STACK */