1 files changed, 11 insertions, 5 deletions

diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 003ec7a33e..3ad33c49d8 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -84,19 +84,25 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 #endif
 }
 
-int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
 {
         PBEPARAM *pbe;
         int saltlen, iter, ret;
-        unsigned char *salt, *pbuf;
+        unsigned char *salt;
+        const unsigned char *pbuf;
         unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
         /* Extract useful info from parameter */
+        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+            param->value.sequence == NULL) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
+                return 0;
+        }
+
         pbuf = param->value.sequence->data;
-        if (!param || (param->type != V_ASN1_SEQUENCE) ||
-           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
-                EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+        if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
                 return 0;
         }