Fool-proofing Makefiles

[openssl.git] / crypto / pkcs12 / p12_key.c

diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 1a405676f8742de66571dbf9de5a717aa4f90576..18e72d0a1b8188e06a76ffe24decd960603ef236 100644 (file)
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-
+#include <openssl/bn.h>
 
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
        if(unipass) {
-               memset(unipass, 0, uniplen);    /* Clear password from memory */
+               OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
        }
        return ret;
@@ -165,6 +165,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                        OPENSSL_free (I);
                        BN_free (Ij);
                        BN_free (Bpl1);
+                       EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
                        fprintf(stderr, "Output KEY (length %d)\n", tmpn);
                        h__dump(tmpout, tmpn);
@@ -195,7 +196,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                        } else BN_bn2bin (Ij, I + j);
                }
        }
-       EVP_MD_CTX_cleanup(&ctx);
 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)