Add some sanity checks around usage of t_fromb64()

[oweals/openssl.git] / crypto / pkcs12 / p12_attr.c

diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 58935c154fa7fe41d60ea8f6c6ba464e8237b58c..c324f50514698dc0c8351225b7794299386af106 100644 (file)
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -45,6 +45,16 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
         return 0;
 }
 
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_UTF8, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
                                 const unsigned char *name, int namelen)
 {
@@ -76,17 +86,18 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
 
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
 {
-    ASN1_TYPE *atype;
+    const ASN1_TYPE *atype;
 
     if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
         return NULL;
     if (atype->type != V_ASN1_BMPSTRING)
         return NULL;
-    return OPENSSL_uni2asc(atype->value.bmpstring->data,
-                           atype->value.bmpstring->length);
+    return OPENSSL_uni2utf8(atype->value.bmpstring->data,
+                            atype->value.bmpstring->length);
 }
 
-STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag)
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
 {
     return bag->attrib;
 }