1 files changed, 15 insertions, 10 deletions

diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index ee8aed54c7..a8f7b48882 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
              int keytype)
 {
         PKCS12 *p12;
-        STACK *bags, *safes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
+        STACK_OF(PKCS7) *safes;
         PKCS12_SAFEBAG *bag;
         PKCS8_PRIV_KEY_INFO *p8;
         PKCS7 *authsafe;
@@ -85,7 +86,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                 return NULL;
         }
 
-        if(!(bags = sk_new (NULL))) {
+        if(!X509_check_private_key(cert, pkey)) return NULL;
+
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -96,7 +99,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
         if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
 
-        if(!sk_push(bags, (char *)bag)) {
+        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -106,7 +109,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                 for(i = 0; i < sk_X509_num(ca); i++) {
                         tcert = sk_X509_value(ca, i);
                         if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
-                        if(!sk_push(bags, (char *)bag)) {
+                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
                                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                                 return NULL;
                         }
@@ -116,11 +119,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         /* Turn certbags into encrypted authsafe */
         authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
                                           iter, bags);
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
         if (!authsafe) return NULL;
 
-        if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
+        if(!(safes = sk_PKCS7_new_null ())
+           || !sk_PKCS7_push(safes, authsafe)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -133,14 +137,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
         if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-        if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
+           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
         /* Turn it into unencrypted safe bag */
         if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-        sk_pop_free(bags, PKCS12_SAFEBAG_free);
-        if(!sk_push(safes, (char *)authsafe)) {
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        if(!sk_PKCS7_push(safes, authsafe)) {
                 PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                 return NULL;
         }
@@ -149,7 +154,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
 
-        sk_pop_free(safes, PKCS7_free);
+        sk_PKCS7_pop_free(safes, PKCS7_free);
 
         if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
             return NULL;