X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fpem%2Fpem_lib.c;h=072211ba0fe30df189c7bbff65beb9f6457c1a0c;hp=2bafb5e73597ee3b762a4e68cec08dcb4dc9d32d;hb=3142c86d65a7da76d60622dcf1c177479d1bc9de;hpb=525f51f6c98751de4db3b81789044d32e3686cda

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 2bafb5e735..072211ba0f 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -85,7 +85,7 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
 				char *kstr, int klen,
 				pem_password_cb *cb, void *u);
 
-static int def_callback(char *buf, int num, int w, void *userdata)
+static int def_callback(char *buf, int num, int w, void *key)
 	{
 #ifdef NO_FP_API
 	/* We should not ever call the default callback routine from
@@ -95,6 +95,12 @@ static int def_callback(char *buf, int num, int w, void *userdata)
 #else
 	int i,j;
 	const char *prompt;
+	if(key) {
+		i=strlen(key);
+		i=(i > num)?num:i;
+		memcpy(buf,key,i);
+		return(i);
+	}
 
 	prompt=EVP_get_pw_prompt();
 	if (prompt == NULL)
@@ -211,6 +217,10 @@ static int check_pem(const char *nm, const char *name)
 	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
 		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
 
+	/* Some CAs use PKCS#7 with CERTIFICATE headers */
+	if(!strcmp(nm, PEM_STRING_X509) &&
+		!strcmp(name, PEM_STRING_PKCS7)) return 1;
+
 	return 0;
 }
 
@@ -362,8 +372,9 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 #endif
 			kstr=(unsigned char *)buf;
 			}
-		RAND_seed(data,i);/* put in the RSA key. */
-		RAND_bytes(iv,8);	/* Generate a salt */
+		RAND_add(data,i,0);/* put in the RSA key. */
+		if (RAND_bytes(iv,8) <= 0)	/* Generate a salt */
+			goto err;
 		/* The 'iv' is used as the iv and as a salt.  It is
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);