Fix for bug in pkcs12 program and typo in ASN1_tag2str().

diff --git a/CHANGES b/CHANGES
index 8ee6b2ea11ded78e5eb6b227bb3527083e11139f..f0e812cae7f5133e687b461403d7e08abacf8acc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
   *) New option -dhparam in s_server. This allows a DH parameter file to be
      stated explicitly. If it is not stated then it tries the first server
      certificate file. The previous behaviour hard coded the filename

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 5defddeb320f47404409a422bed059a307704711..f6b444b5f6ac8fc02a880d77f22d24d25e2949e0 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -281,13 +281,13 @@ int MAIN(int argc, char **argv)
                }
     }
 
-if (export_cert) {
+    if (export_cert) {
        EVP_PKEY *key;
        STACK *bags, *safes;
        PKCS12_SAFEBAG *bag;
        PKCS8_PRIV_KEY_INFO *p8;
        PKCS7 *authsafe;
-       X509 *cert = NULL, *ucert = NULL;
+       X509 *ucert = NULL;
        STACK_OF(X509) *certs;
        char *catmp;
        int i;
@@ -313,7 +313,7 @@ if (export_cert) {
        for(i = 0; i < sk_X509_num(certs); i++) {
                ucert = sk_X509_value(certs, i);
                if(X509_check_private_key(ucert, key)) {
-                       X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+                       X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
                        break;
                }
        }
@@ -354,6 +354,7 @@ if (export_cert) {
 
        /* We now have loads of certificates: include them all */
        for(i = 0; i < sk_X509_num(certs); i++) {
+               X509 *cert = NULL;
                cert = sk_X509_value(certs, i);
                bag = M_PKCS12_x5092certbag(cert);
                /* If it matches private key set id */

diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 8209b7f24063e7c716b6c46b468a2b0dc76f6e02..5a628a4bc244c3bd6e9708249f79411f0027eb33 100644 (file)
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -371,7 +371,7 @@ const char *ASN1_tag2str(int tag)
         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",                /* 15-17 */
        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",            /* 18-20 */
-       "VIDEOTEXSTRING", "IA5STRING", "UTCTIME" "GENERALIZEDTIME", /* 21-24 */
+       "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",          /* 25-27 */
        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"                 /* 28-30 */
        };