Two new PKCS#12 demo programs.

Update PKCS12_parse().

Make the keyid in certificate aux info more usable.

4 files changed, 42 insertions, 11 deletions

diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
index a18ebb586c..f06af5b576 100644
--- a/crypto/asn1/t_x509a.c
+++ b/crypto/asn1/t_x509a.c
@@ -98,5 +98,13 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 	} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
 	if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
 							aux->alias->data);
+	if(aux->keyid) {
+		BIO_printf(out, "%*sKey Id: ", indent, "");
+		for(i = 0; i < aux->keyid->length; i++) 
+			BIO_printf(out, "%s%02X", 
+				i ? ":" : "",
+				aux->keyid->data[i]);
+		BIO_write(out,"\n",1);
+	}
 	return 1;
 }
diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index 42807cd334..ebcce87bf2 100644
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -153,6 +153,14 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
 	return ASN1_STRING_set(aux->alias, name, len);
 }
 
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+	X509_CERT_AUX *aux;
+	if(!(aux = aux_get(x))) return 0;
+	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+	return ASN1_STRING_set(aux->keyid, id, len);
+}
+
 unsigned char *X509_alias_get0(X509 *x, int *len)
 {
 	if(!x->aux || !x->aux->alias) return NULL;
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 3b36cfa46c..368c98765c 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -86,21 +86,18 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
 	/* Check for NULL PKCS12 structure */
 
-	if(!p12)
-		{
+	if(!p12) {
 		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
 		return 0;
-		}
+	}
 
 	/* Allocate stack for ca certificates if needed */
-	if ((ca != NULL) && (*ca == NULL))
-		{
-		if (!(*ca = sk_X509_new(NULL)))
-			{
+	if ((ca != NULL) && (*ca == NULL)) {
+		if (!(*ca = sk_X509_new(NULL))) {
 			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
 		}
+	}
 
 	if(pkey) *pkey = NULL;
 	if(cert) *cert = NULL;
@@ -206,12 +203,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 {
 	PKCS8_PRIV_KEY_INFO *p8;
 	X509 *x509;
-	ASN1_OCTET_STRING *lkey = NULL;
+	ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
 	ASN1_TYPE *attrib;
+	ASN1_BMPSTRING *fname = NULL;
 
+	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+		fname = attrib->value.bmpstring;
 
-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
-		    			    lkey = attrib->value.octet_string;
+	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+		lkey = attrib->value.octet_string;
+		ckid = lkey;
+	}
 
 	/* Check for any local key id matching (if needed) */
 	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
@@ -247,6 +249,18 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
 		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
+		if(fname) {
+			int len;
+			unsigned char *data;
+			len = ASN1_STRING_to_UTF8(&data, fname);
+			if(len > 0) {
+				X509_alias_set1(x509, data, len);
+				OPENSSL_free(data);
+			}
+		}
+
+
 		if (lkey) {
 			*keymatch |= MATCH_CERT;
 			if (cert) *cert = x509;
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index ae0ebd89d7..813c8adffd 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -912,6 +912,7 @@ int		i2d_X509_CERT_AUX(X509_CERT_AUX *a,unsigned char **pp);
 X509_CERT_AUX *	d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
 								long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);