Fix for bug in pkcs12 program and typo in ASN1_tag2str().

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
   *) New option -dhparam in s_server. This allows a DH parameter file to be
      stated explicitly. If it is not stated then it tries the first server
      certificate file. The previous behaviour hard coded the filename

apps/pkcs12.c

@@ -281,13 +281,13 @@ int MAIN(int argc, char **argv)
        	}
     }
 
-if (export_cert) {
+    if (export_cert) {
 	EVP_PKEY *key;
 	STACK *bags, *safes;
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
-	X509 *cert = NULL, *ucert = NULL;
+	X509 *ucert = NULL;
 	STACK_OF(X509) *certs;
 	char *catmp;
 	int i;
@@ -313,7 +313,7 @@ if (export_cert) {
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		ucert = sk_X509_value(certs, i);
 		if(X509_check_private_key(ucert, key)) {
-			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+			X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
 			break;
 		}
 	}
@@ -354,6 +354,7 @@ if (export_cert) {
 
 	/* We now have loads of certificates: include them all */
 	for(i = 0; i < sk_X509_num(certs); i++) {
+		X509 *cert = NULL;
 		cert = sk_X509_value(certs, i);
 		bag = M_PKCS12_x5092certbag(cert);
 		/* If it matches private key set id */

crypto/asn1/asn1_par.c

@@ -371,7 +371,7 @@ const char *ASN1_tag2str(int tag)
 	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */
 	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */
 	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */
-	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME" "GENERALIZEDTIME", /* 21-24 */
+	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
 	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */
 	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */
 	};