OpenSSL 0.9.5a merge

author: beck <> 2000-04-15 06:18:51 +0000
committer: beck <> 2000-04-15 06:18:51 +0000
commit: b608c7f2b175e121f2c22d53341a317153afdc8e (patch)
tree: e94b160b3fcd8180df79e4251d68d24d665f0195 /src/lib/libcrypto/pkcs12
parent: c8d6701c396cebdcd0d45eac73b762e9498f6b01 (diff)
download: openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.gz
openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.bz2
openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.zip
6 files changed, 69 insertions, 44 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 56d88b0759..ee8aed54c7 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -61,7 +61,7 @@
 #include <openssl/pkcs12.h>
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-             STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
             int keytype)
 {
        PKCS12 *p12;
@@ -103,8 +103,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        
        /* Add all other certificates */
        if(ca) {
-                for(i = 0; i < sk_num(ca); i++) {
+                for(i = 0; i < sk_X509_num(ca); i++) {
-                        tcert = (X509 *)sk_value(ca, i);
+                        tcert = sk_X509_value(ca, i);
                        if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
                        if(!sk_push(bags, (char *)bag)) {
                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 02fdd20e2f..b364671ed2 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -104,6 +104,14 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
 #ifdef  DEBUG_KEYGEN
        unsigned char *tmpout = out;
        int tmpn = n;
+#endif
+        if (!pass) {
+                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+#ifdef  DEBUG_KEYGEN
        fprintf(stderr, "KEYGEN DEBUG\n");
        fprintf(stderr, "ID %d, ITER %d\n", id, iter);
        fprintf(stderr, "Password (length %d):\n", passlen);
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 08a60556e0..ee257ffbad 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -62,9 +62,17 @@
 /* Simplified PKCS#12 routines */
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca);
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
+                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bags( STACK *bags, const char *pass, int passlen,
+                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                        EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                        ASN1_OCTET_STRING **keyid, char *keymatch);
 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
 * or it should point to a valid STACK structure. pkey and cert can be
@@ -72,54 +80,59 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PK
 */
 int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-             STACK **ca)
+             STACK_OF(X509) **ca)
 {
-/* Check for NULL PKCS12 structure */
+        /* Check for NULL PKCS12 structure */
-if(!p12) {
-        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-        return 0;
-}
-/* Allocate stack for ca certificates if needed */
+        if(!p12)
-if ((ca != NULL) && (*ca == NULL)) {
+                {
-        if (!(*ca = sk_new(NULL))) {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-                PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
                return 0;
-        }
+                }
-}
+        /* Allocate stack for ca certificates if needed */
+        if ((ca != NULL) && (*ca == NULL))
+                {
+                if (!(*ca = sk_X509_new(NULL)))
+                        {
+                        PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
-if(pkey) *pkey = NULL;
+        if(pkey) *pkey = NULL;
-if(cert) *cert = NULL;
+        if(cert) *cert = NULL;
-/* Check the mac */
+        /* Check the mac */
-if (!PKCS12_verify_mac (p12, pass, -1)) {
+        if (!PKCS12_verify_mac (p12, pass, -1))
-        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+                {
-        goto err;
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-}
+                goto err;
+                }
-if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) {
+        if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
-        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
+                {
-        goto err;
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
-}
+                goto err;
+                }
-return 1;
+        return 1;
-err:
+ err:
-if (pkey && *pkey) EVP_PKEY_free (*pkey);
+        if (pkey && *pkey) EVP_PKEY_free (*pkey);
-if (cert && *cert) X509_free (*cert);
+        if (cert && *cert) X509_free (*cert);
-if (ca) sk_pop_free (*ca, X509_free);
+        if (ca) sk_X509_pop_free (*ca, X509_free);
-return 0;
+        return 0;
 }
 /* Parse the outer PKCS#12 structure */
 static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
-             EVP_PKEY **pkey, X509 **cert, STACK **ca)
+             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
        STACK *asafes, *bags;
        int i, bagnid;
@@ -154,7 +167,7 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 static int parse_bags (STACK *bags, const char *pass, int passlen,
-                       EVP_PKEY **pkey, X509 **cert, STACK **ca,
+                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
                       ASN1_OCTET_STRING **keyid, char *keymatch)
 {
        int i;
@@ -171,7 +184,7 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
 #define MATCH_ALL  0x3
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                      EVP_PKEY **pkey, X509 **cert, STACK **ca,
+                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
                      ASN1_OCTET_STRING **keyid,
             char *keymatch)
 {
@@ -221,7 +234,10 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                if (lkey) {
                        *keymatch |= MATCH_CERT;
                        if (cert) *cert = x509;
-                } else if (ca) sk_push (*ca, (char *)x509);
+                } else {
+                        if(ca) sk_X509_push (*ca, x509);
+                        else X509_free(x509);
+                }
        break;
        case NID_safeContentsBag:
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index f1094b3840..369257ed4c 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -157,7 +157,7 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
                return 0;
        }
        if (!salt) {
-                if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
+                if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
                        return 0;
        }
        else memcpy (p12->mac->salt->data, salt, saltlen);
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 9d8de10e1e..12db54f49e 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -54,7 +54,8 @@
 */
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file.
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
 */
 #include <stdio.h>
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 254000fa12..dad356c00f 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -265,9 +265,9 @@ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
 void ERR_load_PKCS12_strings(void);
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-                 STACK **ca);
+                 STACK_OF(X509) **ca);
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                         STACK *ca, int nid_key, int nid_cert, int iter,
+                         STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
                                                 int mac_iter, int keytype);
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
author	beck <>	2000-04-15 06:18:51 +0000
committer	beck <>	2000-04-15 06:18:51 +0000
commit	b608c7f2b175e121f2c22d53341a317153afdc8e (patch)
tree	e94b160b3fcd8180df79e4251d68d24d665f0195 /src/lib/libcrypto/pkcs12
parent	c8d6701c396cebdcd0d45eac73b762e9498f6b01 (diff)
download	openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.gz openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.bz2 openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.zip

diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index 56d88b0759..ee8aed54c7 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -61,7 +61,7 @@
61	#include <openssl/pkcs12.h>	61	#include <openssl/pkcs12.h>
62		62
63	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,	63	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
64	STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter,	64	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
65	int keytype)	65	int keytype)
66	{	66	{
67	PKCS12 *p12;	67	PKCS12 *p12;
@@ -103,8 +103,8 @@ PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
103		103
104	/* Add all other certificates */	104	/* Add all other certificates */
105	if(ca) {	105	if(ca) {
106	for(i = 0; i < sk_num(ca); i++) {	106	for(i = 0; i < sk_X509_num(ca); i++) {
107	tcert = (X509 *)sk_value(ca, i);	107	tcert = sk_X509_value(ca, i);
108	if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;	108	if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
109	if(!sk_push(bags, (char *)bag)) {	109	if(!sk_push(bags, (char *)bag)) {
110	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);	110	PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);


diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 02fdd20e2f..b364671ed2 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -104,6 +104,14 @@ int PKCS12_key_gen_uni (unsigned char pass, int passlen, unsigned char salt,
104	#ifdef DEBUG_KEYGEN	104	#ifdef DEBUG_KEYGEN
105	unsigned char *tmpout = out;	105	unsigned char *tmpout = out;
106	int tmpn = n;	106	int tmpn = n;
		107	#endif
		108
		109	if (!pass) {
		110	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
		111	return 0;
		112	}
		113
		114	#ifdef DEBUG_KEYGEN
107	fprintf(stderr, "KEYGEN DEBUG\n");	115	fprintf(stderr, "KEYGEN DEBUG\n");
108	fprintf(stderr, "ID %d, ITER %d\n", id, iter);	116	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
109	fprintf(stderr, "Password (length %d):\n", passlen);	117	fprintf(stderr, "Password (length %d):\n", passlen);


diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 08a60556e0..ee257ffbad 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -62,9 +62,17 @@
62		62
63	/* Simplified PKCS#12 routines */	63	/* Simplified PKCS#12 routines */
64		64
65	static int parse_pk12( PKCS12 p12, const char pass, int passlen, EVP_PKEY pkey, X509 cert, STACK **ca);	65	static int parse_pk12( PKCS12 p12, const char pass, int passlen,
66	static int parse_bags( STACK bags, const char pass, int passlen, EVP_PKEY pkey, X509 cert, STACK ca, ASN1_OCTET_STRING keyid, char *keymatch);	66	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca);
67	static int parse_bag( PKCS12_SAFEBAG bag, const char pass, int passlen, EVP_PKEY pkey, X509 cert, STACK ca, ASN1_OCTET_STRING keyid, char *keymatch);	67
		68	static int parse_bags( STACK bags, const char pass, int passlen,
		69	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca,
		70	ASN1_OCTET_STRING *keyid, char keymatch);
		71
		72	static int parse_bag( PKCS12_SAFEBAG bag, const char pass, int passlen,
		73	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca,
		74	ASN1_OCTET_STRING *keyid, char keymatch);
		75
68	/* Parse and decrypt a PKCS#12 structure returning user key, user cert	76	/* Parse and decrypt a PKCS#12 structure returning user key, user cert
69	* and other (CA) certs. Note either ca should be NULL, *ca should be NULL,	77	* and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
70	* or it should point to a valid STACK structure. pkey and cert can be	78	* or it should point to a valid STACK structure. pkey and cert can be
@@ -72,54 +80,59 @@ static int parse_bag( PKCS12_SAFEBAG bag, const char pass, int passlen, EVP_PK
72	*/	80	*/
73		81
74	int PKCS12_parse (PKCS12 p12, const char pass, EVP_PKEY pkey, X509 cert,	82	int PKCS12_parse (PKCS12 p12, const char pass, EVP_PKEY pkey, X509 cert,
75	STACK **ca)	83	STACK_OF(X509) **ca)
76	{	84	{
77		85
78	/* Check for NULL PKCS12 structure */	86	/* Check for NULL PKCS12 structure */
79
80	if(!p12) {
81	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
82	return 0;
83	}
84		87
85	/* Allocate stack for ca certificates if needed */	88	if(!p12)
86	if ((ca != NULL) && (*ca == NULL)) {	89	{
87	if (!(*ca = sk_new(NULL))) {	90	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
88	PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
89	return 0;	91	return 0;
90	}	92	}
91	}	93
		94	/* Allocate stack for ca certificates if needed */
		95	if ((ca != NULL) && (*ca == NULL))
		96	{
		97	if (!(*ca = sk_X509_new(NULL)))
		98	{
		99	PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
		100	return 0;
		101	}
		102	}
92		103
93	if(pkey) *pkey = NULL;	104	if(pkey) *pkey = NULL;
94	if(cert) *cert = NULL;	105	if(cert) *cert = NULL;
95		106
96	/* Check the mac */	107	/* Check the mac */
97		108
98	if (!PKCS12_verify_mac (p12, pass, -1)) {	109	if (!PKCS12_verify_mac (p12, pass, -1))
99	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);	110	{
100	goto err;	111	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
101	}	112	goto err;
		113	}
102		114
103	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) {	115	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
104	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);	116	{
105	goto err;	117	PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
106	}	118	goto err;
		119	}
107		120
108	return 1;	121	return 1;
109		122
110	err:	123	err:
111		124
112	if (pkey && pkey) EVP_PKEY_free (pkey);	125	if (pkey && pkey) EVP_PKEY_free (pkey);
113	if (cert && cert) X509_free (cert);	126	if (cert && cert) X509_free (cert);
114	if (ca) sk_pop_free (*ca, X509_free);	127	if (ca) sk_X509_pop_free (*ca, X509_free);
115	return 0;	128	return 0;
116		129
117	}	130	}
118		131
119	/* Parse the outer PKCS#12 structure */	132	/* Parse the outer PKCS#12 structure */
120		133
121	static int parse_pk12 (PKCS12 p12, const char pass, int passlen,	134	static int parse_pk12 (PKCS12 p12, const char pass, int passlen,
122	EVP_PKEY pkey, X509 cert, STACK **ca)	135	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca)
123	{	136	{
124	STACK asafes, bags;	137	STACK asafes, bags;
125	int i, bagnid;	138	int i, bagnid;
@@ -154,7 +167,7 @@ static int parse_pk12 (PKCS12 p12, const char pass, int passlen,
154		167
155		168
156	static int parse_bags (STACK bags, const char pass, int passlen,	169	static int parse_bags (STACK bags, const char pass, int passlen,
157	EVP_PKEY pkey, X509 cert, STACK **ca,	170	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca,
158	ASN1_OCTET_STRING *keyid, char keymatch)	171	ASN1_OCTET_STRING *keyid, char keymatch)
159	{	172	{
160	int i;	173	int i;
@@ -171,7 +184,7 @@ static int parse_bags (STACK bags, const char pass, int passlen,
171	#define MATCH_ALL 0x3	184	#define MATCH_ALL 0x3
172		185
173	static int parse_bag(PKCS12_SAFEBAG bag, const char pass, int passlen,	186	static int parse_bag(PKCS12_SAFEBAG bag, const char pass, int passlen,
174	EVP_PKEY pkey, X509 cert, STACK **ca,	187	EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca,
175	ASN1_OCTET_STRING **keyid,	188	ASN1_OCTET_STRING **keyid,
176	char *keymatch)	189	char *keymatch)
177	{	190	{
@@ -221,7 +234,10 @@ static int parse_bag(PKCS12_SAFEBAG bag, const char pass, int passlen,
221	if (lkey) {	234	if (lkey) {
222	*keymatch \|= MATCH_CERT;	235	*keymatch \|= MATCH_CERT;
223	if (cert) *cert = x509;	236	if (cert) *cert = x509;
224	} else if (ca) sk_push (ca, (char )x509);	237	} else {
		238	if(ca) sk_X509_push (*ca, x509);
		239	else X509_free(x509);
		240	}
225	break;	241	break;
226		242
227	case NID_safeContentsBag:	243	case NID_safeContentsBag:


diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index f1094b3840..369257ed4c 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -157,7 +157,7 @@ int PKCS12_setup_mac (PKCS12 p12, int iter, unsigned char salt, int saltlen,
157	return 0;	157	return 0;
158	}	158	}
159	if (!salt) {	159	if (!salt) {
160	if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)	160	if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
161	return 0;	161	return 0;
162	}	162	}
163	else memcpy (p12->mac->salt->data, salt, saltlen);	163	else memcpy (p12->mac->salt->data, salt, saltlen);


diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c index 9d8de10e1e..12db54f49e 100644 --- a/src/lib/libcrypto/pkcs12/pk12err.c +++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -54,7 +54,8 @@
54	*/	54	*/
55		55
56	/* NOTE: this file was auto generated by the mkerr.pl script: any changes	56	/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57	* made to it will be overwritten when the script next updates this file.	57	* made to it will be overwritten when the script next updates this file,
		58	* only reason strings will be preserved.
58	*/	59	*/
59		60
60	#include <stdio.h>	61	#include <stdio.h>


diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h index 254000fa12..dad356c00f 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12.h +++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -265,9 +265,9 @@ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
265	void ERR_load_PKCS12_strings(void);	265	void ERR_load_PKCS12_strings(void);
266	void PKCS12_PBE_add(void);	266	void PKCS12_PBE_add(void);
267	int PKCS12_parse(PKCS12 p12, const char pass, EVP_PKEY pkey, X509 cert,	267	int PKCS12_parse(PKCS12 p12, const char pass, EVP_PKEY pkey, X509 cert,
268	STACK **ca);	268	STACK_OF(X509) **ca);
269	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,	269	PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
270	STACK *ca, int nid_key, int nid_cert, int iter,	270	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
271	int mac_iter, int keytype);	271	int mac_iter, int keytype);
272	int i2d_PKCS12_bio(BIO bp, PKCS12 p12);	272	int i2d_PKCS12_bio(BIO bp, PKCS12 p12);
273	int i2d_PKCS12_fp(FILE fp, PKCS12 p12);	273	int i2d_PKCS12_fp(FILE fp, PKCS12 p12);