Typesafety Thought Police Part 2.

author: Ben Laurie <ben@openssl.org> 2000-05-16 19:53:50 +0000
committer: Ben Laurie <ben@openssl.org> 2000-05-16 19:53:50 +0000
commit: f2716dada0527bcf200e628fd572514bd395fbfb (patch)
tree: 553848697e188489bedef2341b6f1889503cfe73 /crypto/pkcs12
parent: b4604683fa66963af4596aff7517c3a009ba7087 (diff)
download: openssl-f2716dada0527bcf200e628fd572514bd395fbfb.tar.gz
6 files changed, 92 insertions, 46 deletions
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index d045cbba8d..b563656895 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data (STACK *sk)
+PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
 {
 	PKCS7 *p7;
 	if (!(p7 = PKCS7_new())) {
@@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
 		return NULL;
 	}
 	
-	if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
-					&p7->d.data->length)) {
+	if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
+					  &p7->d.data->data,
+					  &p7->d.data->length)) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
 		return NULL;
 	}
@@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
 
 PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, STACK *bags)
+			      unsigned char *salt, int saltlen, int iter,
+			      STACK_OF(PKCS12_SAFEBAG) *bags)
 {
 	PKCS7 *p7;
 	X509_ALGOR *pbe;
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index a60b128a3b..37850a089b 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	     int keytype)
 {
 	PKCS12 *p12;
-	STACK *bags, *safes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	STACK *safes;
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
@@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 		return NULL;
 	}
 
-	if(!(bags = sk_new (NULL))) {
+	if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
 	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
 
-	if(!sk_push(bags, (char *)bag)) {
+	if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 		for(i = 0; i < sk_X509_num(ca); i++) {
 			tcert = sk_X509_value(ca, i);
 			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
-			if(!sk_push(bags, (char *)bag)) {
+			if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
 				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 				return NULL;
 			}
@@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
 					  iter, bags);
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
 	if (!authsafe) return NULL;
 
@@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
 	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-	if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
+	if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
+	   || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 	/* Turn it into unencrypted safe bag */
 	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	if(!sk_push(safes, (char *)authsafe)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 2ebaecf79f..f49d2e5249 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -65,9 +65,10 @@
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
 
-static int parse_bags( STACK *bags, const char *pass, int passlen,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch);
 
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
@@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
-	STACK *asafes, *bags;
+	STACK *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	PKCS7 *p7;
 	ASN1_OCTET_STRING *keyid = NULL;
@@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 		}
 	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
 							 &keyid, &keymatch)) {
-			sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
 		}
-		sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	}
 	sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 	if (keyid) M_ASN1_OCTET_STRING_free(keyid);
@@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 }
 
 
-static int parse_bags (STACK *bags, const char *pass, int passlen,
-		       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		       ASN1_OCTET_STRING **keyid, char *keymatch)
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch)
 {
 	int i;
-	for (i = 0; i < sk_num(bags); i++) {
-		if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
 			 pass, passlen, pkey, cert, ca, keyid,
 							 keymatch)) return 0;
 	}
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index 4fb0cf74ab..cccea84508 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -66,7 +66,8 @@
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 
@@ -104,12 +105,14 @@ return 1;
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 {
-	STACK *asafes, *newsafes, *bags;
+	STACK *asafes, *newsafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
 	PKCS7 *p7, *p7new;
 	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
+
 	if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
 	if(!(newsafes = sk_new(NULL))) return 0;
 	for (i = 0; i < sk_num (asafes); i++) {
@@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 			return 0;
 		}
 	    	if (!newpass_bags(bags, oldpass, newpass)) {
-			sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
 		}
@@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
 		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
 						 pbe_saltlen, pbe_iter, bags);
-		sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 		if(!p7new) {
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 }
 
 
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass)
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass)
 {
 	int i;
-	for (i = 0; i < sk_num(bags); i++) {
-		if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
-						 oldpass, newpass)) return 0;
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+				 oldpass, newpass))
+		    return 0;
 	}
 	return 1;
 }
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index 1b3addece1..6ae209693d 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes,
-				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+			M_ASN1_I2D_len_EXP_SEQUENCE_opt_type
+			  (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+			   0, V_ASN1_SEQUENCE, v);
 		break;
 
 		case NID_certBag:
@@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes,
-				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+			M_ASN1_I2D_put_EXP_SEQUENCE_opt_type
+			  (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+			   0, V_ASN1_SEQUENCE, v);
 		break;
 
 		case NID_certBag:
@@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_D2I_get_EXP_set_opt(ret->value.safes,
-				d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free,
-							 0, V_ASN1_SEQUENCE);
+			M_ASN1_D2I_get_EXP_set_opt_type
+			  (PKCS12_SAFEBAG, ret->value.safes,
+			   d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0,
+			   V_ASN1_SEQUENCE);
 		break;
 
 		case NID_certBag:
@@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
 	sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
 	Free (a);
 }
+
+IMPLEMENT_STACK_OF(PKCS12_SAFEBAG)
+IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG)
+IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG)
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index c5bafc4fea..232eab3d4c 100644
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -66,6 +66,27 @@
 extern "C" {
 #endif
 
+#define DECLARE_PKCS12_STACK_OF(type) \
+STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
+				          type *(*d2i)(type **, \
+						       unsigned char **, \
+						       long), \
+					  void (*free_func)(type *), \
+					  const char *pass, int passlen, \
+					  ASN1_STRING *oct, int seq);
+
+#define IMPLEMENT_PKCS12_STACK_OF(type) \
+STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
+				          type *(*d2i)(type **, \
+						       unsigned char **, \
+						       long), \
+					  void (*free_func)(type *), \
+					  const char *pass, int passlen, \
+					  ASN1_STRING *oct, int seq) \
+    { return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \
+						  (void(*)(void *))free_func, \
+						  pass,passlen,oct,seq); }
+
 #define PKCS12_KEY_ID	1
 #define PKCS12_IV_ID	2
 #define PKCS12_MAC_ID	3
@@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;
 
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct {
 ASN1_OBJECT *type;
 union {
 	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
 	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
 	X509_SIG *shkeybag; /* shrouded key bag */
-	STACK /* PKCS12_SAFEBAG */ *safes;
+	STACK_OF(PKCS12_SAFEBAG) *safes;
 	ASN1_TYPE *other;
 }value;
 STACK_OF(X509_ATTRIBUTE) *attrib;
 ASN1_TYPE *rest;
 } PKCS12_SAFEBAG;
 
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct pkcs12_bag_st {
 ASN1_OBJECT *type;
 union {
@@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
 (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
 
 #define M_PKCS12_unpack_p7data(p7) \
-ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
-			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
+ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \
+			        d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
 
 #define M_PKCS12_pack_authsafes(p12, safes) \
 ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
@@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \
 							PKCS7_free)
 
 #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
-(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
-			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
-							(pass), (passlen), \
-			(p7)->d.encrypted->enc_data->enc_data, 3)
+PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\
+			           d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
+				   (pass), (passlen), \
+			           (p7)->d.encrypted->enc_data->enc_data, 3)
 
 #define M_PKCS12_decrypt_skey(bag, pass, passlen) \
 (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
@@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 				     int passlen, unsigned char *salt,
 				     int saltlen, int iter,
 				     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK *sk);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 			     unsigned char *salt, int saltlen, int iter,
-			     STACK *bags);
+			     STACK_OF(PKCS12_SAFEBAG) *bags);
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
 				int namelen);
author	Ben Laurie <ben@openssl.org>	2000-05-16 19:53:50 +0000
committer	Ben Laurie <ben@openssl.org>	2000-05-16 19:53:50 +0000
commit	f2716dada0527bcf200e628fd572514bd395fbfb (patch)
tree	553848697e188489bedef2341b6f1889503cfe73 /crypto/pkcs12
parent	b4604683fa66963af4596aff7517c3a009ba7087 (diff)
download	openssl-f2716dada0527bcf200e628fd572514bd395fbfb.tar.gz