Update PKCS12_parse().
Make the keyid in certificate aux info more usable.
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+ Update PKCS12_parse() so it copies the friendlyName and the
+ keyid to the certificates aux info.
+ [Steve Henson]
+
*) Fix bug in PKCS7_verify() which caused an infinite loop
if there was more than one signature.
[Sven Uszpelkat <su@celocom.de>]
* Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL?
* I've compiled a program under Windows and it crashes: why?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
* Why do I get errors about unknown algorithms?
first BIO related read or write operation.
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
+This usually happens when you try compiling something using the PKCS#12
+macros with a C++ compiler. There is hardly ever any need to use the
+PKCS#12 macros in a program, it is much easier to parse and create
+PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
+documented in doc/openssl.txt and with examples in demos/pkcs12. The
+'pkcs12' application has to use the macros because it prints out
+debugging information.
+
+
* I've called <some function> and it fails, why?
Before submitting a report or asking in one of the mailing lists, you
} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
aux->alias->data);
+ if(aux->keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for(i = 0; i < aux->keyid->length; i++)
+ BIO_printf(out, "%s%02X",
+ i ? ":" : "",
+ aux->keyid->data[i]);
+ BIO_write(out,"\n",1);
+ }
return 1;
}
return ASN1_STRING_set(aux->alias, name, len);
}
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+ X509_CERT_AUX *aux;
+ if(!(aux = aux_get(x))) return 0;
+ if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+ return ASN1_STRING_set(aux->keyid, id, len);
+}
+
unsigned char *X509_alias_get0(X509 *x, int *len)
{
if(!x->aux || !x->aux->alias) return NULL;
/* Check for NULL PKCS12 structure */
- if(!p12)
- {
+ if(!p12) {
PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
return 0;
- }
+ }
/* Allocate stack for ca certificates if needed */
- if ((ca != NULL) && (*ca == NULL))
- {
- if (!(*ca = sk_X509_new(NULL)))
- {
+ if ((ca != NULL) && (*ca == NULL)) {
+ if (!(*ca = sk_X509_new(NULL))) {
PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
return 0;
- }
}
+ }
if(pkey) *pkey = NULL;
if(cert) *cert = NULL;
{
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
- ASN1_OCTET_STRING *lkey = NULL;
+ ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
ASN1_TYPE *attrib;
+ ASN1_BMPSTRING *fname = NULL;
+ if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+ fname = attrib->value.bmpstring;
- if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
- lkey = attrib->value.octet_string;
+ if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+ lkey = attrib->value.octet_string;
+ ckid = lkey;
+ }
/* Check for any local key id matching (if needed) */
if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+ if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
+ if(fname) {
+ int len;
+ unsigned char *data;
+ len = ASN1_STRING_to_UTF8(&data, fname);
+ if(len > 0) {
+ X509_alias_set1(x509, data, len);
+ OPENSSL_free(data);
+ }
+ }
+
+
if (lkey) {
*keymatch |= MATCH_CERT;
if (cert) *cert = x509;
X509_CERT_AUX * d2i_X509_CERT_AUX(X509_CERT_AUX **a,unsigned char **pp,
long length);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char * X509_alias_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
--- /dev/null
+PKCS#12 demo applications
+
+Written by Steve Henson.
--- /dev/null
+/* pkread.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file reader */
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ STACK_OF(X509) *ca = NULL;
+ PKCS12 *p12;
+ int i;
+ if (argc != 4) {
+ fprintf(stderr, "Usage: pkread p12file password opfile\n");
+ exit (1);
+ }
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+ if (!(fp = fopen(argv[1], "rb"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ p12 = d2i_PKCS12_fp(fp, NULL);
+ fclose (fp);
+ if (!p12) {
+ fprintf(stderr, "Error reading PKCS#12 file\n");
+ ERR_print_errors_fp(stderr);
+ exit (1);
+ }
+ if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
+ fprintf(stderr, "Error parsing PKCS#12 file\n");
+ ERR_print_errors_fp(stderr);
+ exit (1);
+ }
+ PKCS12_free(p12);
+ if (!(fp = fopen(argv[3], "w"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ if (pkey) {
+ fprintf(fp, "***Private Key***\n");
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ }
+ if (cert) {
+ fprintf(fp, "***User Certificate***\n");
+ PEM_write_X509_AUX(fp, cert);
+ }
+ if (ca && sk_num(ca)) {
+ fprintf(fp, "***Other Certificates***\n");
+ for (i = 0; i < sk_X509_num(ca); i++)
+ PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
+ }
+ fclose(fp);
+ return 0;
+}
--- /dev/null
+/* pkwrite.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file creator */
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ PKCS12 *p12;
+ if (argc != 5) {
+ fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
+ exit(1);
+ }
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+ if (!(fp = fopen(argv[1], "r"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ cert = PEM_read_X509(fp, NULL, NULL, NULL);
+ rewind(fp);
+ pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
+ if(!p12) {
+ fprintf(stderr, "Error creating PKCS#12 structure\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ if (!(fp = fopen(argv[4], "wb"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ i2d_PKCS12_fp(fp, p12);
+ PKCS12_free(p12);
+ fclose(fp);
+ return 0;
+}
[B<-recip file>]
[B<-in file>]
[B<-inform SMIME|PEM|DER>]
+[B<-passin arg>]
[B<-inkey file>]
[B<-out file>]
[B<-outform SMIME|PEM|DER>]
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file.
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
projects / openssl / commitdiff