Add support for MS CSP Name PKCS#12 attribute.

diff --git a/CHANGES b/CHANGES
index 5859004a4c19900845accc2464a20b21d95b028d..f3c99b5d2c001c4dfb5831295ae375353c32acb0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,10 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
   *) Fix OAEP check.
      [Ulf Möller, Bodo Möller]
 

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 90abbb84d2a35c409b4039a25a9575b81f8b3505..f277956cd96423fedbf2935f090afad259519693 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -99,6 +99,7 @@ int MAIN(int argc, char **argv)
     BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
     char **args;
     char *name = NULL;
+    char *csp_name = NULL;
     PKCS12 *p12 = NULL;
     char pass[50], macpass[50];
     int export_cert = 0;
@@ -197,6 +198,11 @@ int MAIN(int argc, char **argv)
                        args++; 
                        name = *args;
                    } else badarg = 1;
+               } else if (!strcmp (*args, "-CSP")) {
+                   if (args[1]) {
+                       args++; 
+                       csp_name = *args;
+                   } else badarg = 1;
                } else if (!strcmp (*args, "-caname")) {
                    if (args[1]) {
                        args++; 
@@ -572,6 +578,7 @@ int MAIN(int argc, char **argv)
        PKCS8_PRIV_KEY_INFO_free(p8);
        p8 = NULL;
         if (name) PKCS12_add_friendlyname (bag, name, -1);
+       if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
        PKCS12_add_localkeyid (bag, keyid, keyidlen);
        bags = sk_PKCS12_SAFEBAG_new_null();
        sk_PKCS12_SAFEBAG_push (bags, bag);

diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 732e68fe462a72539bdca9fbb5ffded143a2c4a2..0187ddb0151ee0b9384dd4151bf8ee658bb1d4d7 100644 (file)
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -170,8 +170,10 @@ static ASN1_STRING_TABLE tbl_standard[] = {
 {NID_givenName,                        1, ub_name, DIRSTRING_TYPE, 0},
 {NID_surname,                  1, ub_name, DIRSTRING_TYPE, 0},
 {NID_initials,                 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_friendlyName,             -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
 {NID_name,                     1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,              -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+{NID_dnQualifier,              -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_ms_csp_name,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 788c69d4972c58f8a9d027d93091d7ea476ae168..17c806cf086ad83a9eabb47576754b3692cbafdf 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -61,12 +61,12 @@
  * perl obj_dat.pl obj_mac.h obj_dat.h
  */
 
-#define NUM_NID 492
-#define NUM_SN 490
-#define NUM_LN 490
-#define NUM_OBJ 464
+#define NUM_NID 493
+#define NUM_SN 491
+#define NUM_LN 491
+#define NUM_OBJ 465
 
-static unsigned char lvalues[3783]={
+static unsigned char lvalues[3792]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -531,6 +531,7 @@ static unsigned char lvalues[3783]={
 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3759] OBJ_X9_62_prime239v3 */
 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3767] OBJ_X9_62_prime256v1 */
 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3775] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3782] OBJ_ms_csp_name */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1284,6 +1285,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3767]),0},
 {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
        &(lvalues[3775]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3782]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1312,6 +1314,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[410]),/* "CCITT" */
 &(nid_objs[13]),/* "CN" */
 &(nid_objs[141]),/* "CRLReason" */
+&(nid_objs[492]),/* "CSPName" */
 &(nid_objs[367]),/* "CrlID" */
 &(nid_objs[107]),/* "D" */
 &(nid_objs[391]),/* "DC" */
@@ -1807,6 +1810,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[142]),/* "Invalidity Date" */
 &(nid_objs[388]),/* "Mail" */
 &(nid_objs[383]),/* "Management" */
+&(nid_objs[492]),/* "Microsoft CSP Name" */
 &(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
 &(nid_objs[138]),/* "Microsoft Encrypted File System" */
 &(nid_objs[171]),/* "Microsoft Extension Request" */
@@ -2542,6 +2546,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
 &(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
 &(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+&(nid_objs[492]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
 &(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
 &(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
 &(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */

diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 37ca4efffaa072e12e8e352e74e646276a2e98a0..cd114a260018cca9a4660aa03337beb744b5748b 100644 (file)
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -639,6 +639,11 @@
 #define NID_localKeyID         157
 #define OBJ_localKeyID         OBJ_pkcs9,21L
 
+#define SN_ms_csp_name         "CSPName"
+#define LN_ms_csp_name         "Microsoft CSP Name"
+#define NID_ms_csp_name                492
+#define OBJ_ms_csp_name                1L,3L,6L,1L,4L,1L,311L,17L,1L
+
 #define OBJ_certTypes          OBJ_pkcs9,22L
 
 #define LN_x509Certificate             "x509Certificate"

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 355a2b55f68597edfff30360089c10a9629bf844..362bdb713dac639107e919c80558651c129a1e6d 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -489,3 +489,4 @@ X9_62_prime239v2            488
 X9_62_prime239v3               489
 X9_62_prime256v1               490
 ecdsa_with_SHA1                491
+ms_csp_name            492

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 1e51416c73d67a6e0310cbcfab1ea5d3c8a6b7bb..86d337d01e52c0868b3e1045ce45d0a47f5e1fda 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -201,6 +201,8 @@ id-smime-cti 6              : id-smime-cti-ets-proofOfCreation
 
 pkcs9 20               :                       : friendlyName
 pkcs9 21               :                       : localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1   : CSPName               : Microsoft CSP Name
 !Alias certTypes pkcs9 22
 certTypes 1            :                       : x509Certificate
 certTypes 2            :                       : sdsiCertificate

diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 2d4d04292a630433c396a1d802df3d9c98945b30..026cf3826a7080f18c4216dd9a9fe07e53d83b9c 100644 (file)
--- a/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
@@ -62,156 +62,63 @@
 
 /* Add a local keyid to a safebag */
 
-int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
             int namelen)
 {
-       X509_ATTRIBUTE *attrib;
-       ASN1_BMPSTRING *oct;
-       ASN1_TYPE *keyid;
-       if (!(keyid = ASN1_TYPE_new ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       keyid->type = V_ASN1_OCTET_STRING;
-       if (!(oct = M_ASN1_OCTET_STRING_new())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       if (!M_ASN1_OCTET_STRING_set(oct, name, namelen)) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       keyid->value.octet_string = oct;
-       if (!(attrib = X509_ATTRIBUTE_new ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       attrib->object = OBJ_nid2obj(NID_localKeyID);
-       if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       sk_ASN1_TYPE_push (attrib->value.set,keyid);
-       attrib->single = 0;
-       if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
+       if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                               V_ASN1_OCTET_STRING, name, namelen))
+               return 1;
+       else 
                return 0;
-       }
-       sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
-       return 1;
 }
 
 /* Add key usage to PKCS#8 structure */
 
-int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
 {
-       X509_ATTRIBUTE *attrib;
-       ASN1_BIT_STRING *bstr;
-       ASN1_TYPE *keyid;
        unsigned char us_val;
        us_val = (unsigned char) usage;
-       if (!(keyid = ASN1_TYPE_new ())) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       keyid->type = V_ASN1_BIT_STRING;
-       if (!(bstr = M_ASN1_BIT_STRING_new())) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       if (!M_ASN1_BIT_STRING_set(bstr, &us_val, 1)) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       keyid->value.bit_string = bstr;
-       if (!(attrib = X509_ATTRIBUTE_new ())) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       attrib->object = OBJ_nid2obj(NID_key_usage);
-       if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
+       if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+                               V_ASN1_BIT_STRING, &us_val, 1))
+               return 1;
+       else
                return 0;
-       }
-       sk_ASN1_TYPE_push (attrib->value.set,keyid);
-       attrib->single = 0;
-       if (!p8->attributes
-           && !(p8->attributes = sk_X509_ATTRIBUTE_new_null ())) {
-               PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       sk_X509_ATTRIBUTE_push (p8->attributes, attrib);
-       return 1;
 }
 
 /* Add a friendlyname to a safebag */
 
-int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
                                 int namelen)
 {
-       unsigned char *uniname;
-       int ret, unilen;
-       if (!asc2uni(name, namelen, &uniname, &unilen)) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
-                                                       ERR_R_MALLOC_FAILURE);
+       if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                               MBSTRING_ASC, (unsigned char *)name, namelen))
+               return 1;
+       else
                return 0;
-       }
-       ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen);
-       OPENSSL_free(uniname);
-       return ret;
 }
-       
 
-int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
                                 const unsigned char *name, int namelen)
 {
-       X509_ATTRIBUTE *attrib;
-       ASN1_BMPSTRING *bmp;
-       ASN1_TYPE *fname;
-       /* Zap ending double null if included */
-       if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2;
-       if (!(fname = ASN1_TYPE_new ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-                                                       ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       fname->type = V_ASN1_BMPSTRING;
-       if (!(bmp = M_ASN1_BMPSTRING_new())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-                                                       ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       if (!(bmp->data = OPENSSL_malloc (namelen))) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-                                                       ERR_R_MALLOC_FAILURE);
+       if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                               MBSTRING_BMP, name, namelen))
+               return 1;
+       else
                return 0;
-       }
-       memcpy (bmp->data, name, namelen);
-       bmp->length = namelen;
-       fname->value.bmpstring = bmp;
-       if (!(attrib = X509_ATTRIBUTE_new ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-                                                       ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       attrib->object = OBJ_nid2obj(NID_friendlyName);
-       if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
-                                                       ERR_R_MALLOC_FAILURE);
-               return 0;
-       }
-       sk_ASN1_TYPE_push (attrib->value.set,fname);
-       attrib->single = 0;
-       if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
-               PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
-                                                       ERR_R_MALLOC_FAILURE);
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+       if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                               MBSTRING_ASC, (unsigned char *)name, namelen))
+               return 1;
+       else
                return 0;
-       }
-       sk_X509_ATTRIBUTE_push (bag->attrib, attrib);
-       return PKCS12_OK;
 }
 
-ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
 {
        X509_ATTRIBUTE *attrib;
        int i;

diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index 01c20ddc6e7c384d1730b04029bafc3e482905bb..611762777dcf713845ec7e63eec02acee1516baf 100644 (file)
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -201,6 +201,8 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
                                int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                               int namelen);
 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
                                int namelen);
 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 009fba199e3dea6e4a0f94baea4045c7609813fa..2a440901de3ee94f76b93ffe0e843a25a50fd222 100644 (file)
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -77,7 +77,8 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
-       if(rsa->flags & RSA_FLAG_SIGN_VER)
+       if((rsa->flags & RSA_FLAG_SIGN_VER)
+             && ENGINE_get_RSA(rsa->engine)->rsa_sign)
              return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
                        m, m_len, sigret, siglen, rsa);
        /* Special case: SSL signature, just check the length */
@@ -154,7 +155,8 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                return(0);
                }
 
-       if(rsa->flags & RSA_FLAG_SIGN_VER)
+       if((rsa->flags & RSA_FLAG_SIGN_VER)
+           && ENGINE_get_RSA(rsa->engine)->rsa_verify)
            return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
                        m, m_len, sigbuf, siglen, rsa);
 

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 16a5653b1dada3146052adfba16966ceef5cc2ae..4951bad8ccac41528ea69668ea4b28cdac1f5e81 100644 (file)
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -967,14 +967,14 @@ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                       ASN1_OBJECT *obj, int type,
-                       unsigned char *bytes, int len);
+                       const ASN1_OBJECT *obj, int type,
+                       const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                        int nid, int type,
-                       unsigned char *bytes, int len);
+                       const unsigned char *bytes, int len);
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                       char *attrname, int type,
-                       unsigned char *bytes, int len);
+                       const char *attrname, int type,
+                       const unsigned char *bytes, int len);
 
 int            X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 
@@ -1113,22 +1113,22 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
                                         X509_ATTRIBUTE *attr);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                       ASN1_OBJECT *obj, int type,
-                       unsigned char *bytes, int len);
+                       const ASN1_OBJECT *obj, int type,
+                       const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
                        int nid, int type,
-                       unsigned char *bytes, int len);
+                       const unsigned char *bytes, int len);
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                       char *attrname, int type,
-                       unsigned char *bytes, int len);
+                       const char *attrname, int type,
+                       const unsigned char *bytes, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-            int atrtype, void *data, int len);
+            int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-            ASN1_OBJECT *obj, int atrtype, void *data, int len);
+            const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-               char *atrname, int type, unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len);
+               const char *atrname, int type, const unsigned char *bytes, int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
                                        int atrtype, void *data);
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index f074d2ab18adfb79aa6c0c1cb3345eb9be9b87c9..0bae3d32a1a5ffd4e7ce140f2dd3e404c6000b55 100644 (file)
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -149,8 +149,8 @@ err2:
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                       ASN1_OBJECT *obj, int type,
-                       unsigned char *bytes, int len)
+                       const ASN1_OBJECT *obj, int type,
+                       const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -163,7 +163,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
                        int nid, int type,
-                       unsigned char *bytes, int len)
+                       const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -175,8 +175,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                       char *attrname, int type,
-                       unsigned char *bytes, int len)
+                       const char *attrname, int type,
+                       const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
@@ -188,7 +188,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-            int atrtype, void *data, int len)
+            int atrtype, const void *data, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *ret;
@@ -205,7 +205,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-            ASN1_OBJECT *obj, int atrtype, void *data, int len)
+            const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
 {
        X509_ATTRIBUTE *ret;
 
@@ -234,7 +234,7 @@ err:
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-               char *atrname, int type, unsigned char *bytes, int len)
+               const char *atrname, int type, const unsigned char *bytes, int len)
        {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *nattr;
@@ -252,7 +252,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
        return nattr;
        }
 
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
        if ((attr == NULL) || (obj == NULL))
                return(0);
@@ -261,7 +261,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj)
        return(1);
 }
 
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len)
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
 {
        ASN1_TYPE *ttmp;
        ASN1_STRING *stmp;

diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index e2766e1a5ffd79748ad62024e0c8095e73ee870c..0affa3bf306ad62908701db241f830c2e4f9c5e5 100644 (file)
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -251,8 +251,8 @@ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
 }
 
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                       ASN1_OBJECT *obj, int type,
-                       unsigned char *bytes, int len)
+                       const ASN1_OBJECT *obj, int type,
+                       const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
                                type, bytes, len)) return 1;
@@ -261,7 +261,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
 
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
                        int nid, int type,
-                       unsigned char *bytes, int len)
+                       const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
                                type, bytes, len)) return 1;
@@ -269,8 +269,8 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
 }
 
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                       char *attrname, int type,
-                       unsigned char *bytes, int len)
+                       const char *attrname, int type,
+                       const unsigned char *bytes, int len)
 {
        if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
                                type, bytes, len)) return 1;