Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care

[openssl.git] / crypto / pkcs12 / p12_crt.c

diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index a5f17c51a772d00cd5511228a1fcf35680a49c83..a8f7b48882b5153c5fd30cc3561ab2c1b44cd0e1 100644 (file)
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -86,7 +86,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                return NULL;
        }
 
-       if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
+       if(!X509_check_private_key(cert, pkey)) return NULL;
+
+       if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -121,7 +123,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
        if (!authsafe) return NULL;
 
-       if(!(safes = sk_PKCS7_new (NULL))
+       if(!(safes = sk_PKCS7_new_null ())
           || !sk_PKCS7_push(safes, authsafe)) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -135,7 +137,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-       if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
+       if(!(bags = sk_PKCS12_SAFEBAG_new_null())
           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;