Make sure not to read beyond end of buffer

[oweals/openssl.git] / crypto / pkcs12 / p12_crt.c

diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 77b5845ea95a26e999c0b8320f34295412deff34..9748256b6fe1c95b0bbecc4ebbb60aa3795ece68 100644 (file)
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -63,6 +63,19 @@
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
 
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+       {
+       int idx;
+       X509_ATTRIBUTE *attr;
+       idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+       if (idx < 0)
+               return 1;
+       attr = EVP_PKEY_get_attr(pkey, idx);
+       if (!X509at_add1_attr(&bag->attrib, attr))
+               return 0;
+       return 1;
+       }
+
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
             int keytype)
@@ -123,8 +136,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        if (pkey)
                {
                bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
                if (!bag)
                        goto err;
+
+               if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+                       goto err;
+               if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+                       goto err;
+
                if(name && !PKCS12_add_friendlyname(bag, name, -1))
                        goto err;
                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))