From f2716dada0527bcf200e628fd572514bd395fbfb Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Tue, 16 May 2000 19:53:50 +0000 Subject: Typesafety Thought Police Part 2. --- crypto/pkcs12/p12_add.c | 10 ++++++---- crypto/pkcs12/p12_crt.c | 16 +++++++++------- crypto/pkcs12/p12_kiss.c | 25 ++++++++++++++----------- crypto/pkcs12/p12_npas.c | 21 +++++++++++++-------- crypto/pkcs12/p12_sbag.c | 21 ++++++++++++++------- crypto/pkcs12/pkcs12.h | 45 ++++++++++++++++++++++++++++++++++++--------- 6 files changed, 92 insertions(+), 46 deletions(-) (limited to 'crypto/pkcs12') diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index d045cbba8d..b563656895 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, } /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ -PKCS7 *PKCS12_pack_p7data (STACK *sk) +PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk) { PKCS7 *p7; if (!(p7 = PKCS7_new())) { @@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) return NULL; } - if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, - &p7->d.data->length)) { + if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG, + &p7->d.data->data, + &p7->d.data->length)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); return NULL; } @@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, STACK *bags) + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags) { PKCS7 *p7; X509_ALGOR *pbe; diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index a60b128a3b..37850a089b 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, int keytype) { PKCS12 *p12; - STACK *bags, *safes; + STACK_OF(PKCS12_SAFEBAG) *bags; + STACK *safes; PKCS12_SAFEBAG *bag; PKCS8_PRIV_KEY_INFO *p8; PKCS7 *authsafe; @@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, return NULL; } - if(!(bags = sk_new (NULL))) { + if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, X509_digest(cert, EVP_sha1(), keyid, &keyidlen); if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; - if(!sk_push(bags, (char *)bag)) { + if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, for(i = 0; i < sk_X509_num(ca); i++) { tcert = sk_X509_value(ca, i); if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; - if(!sk_push(bags, (char *)bag)) { + if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Turn certbags into encrypted authsafe */ authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, iter, bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if (!authsafe) return NULL; @@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, PKCS8_PRIV_KEY_INFO_free(p8); if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; - if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { + if(!(bags = sk_PKCS12_SAFEBAG_new(NULL)) + || !sk_PKCS12_SAFEBAG_push (bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } /* Turn it into unencrypted safe bag */ if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if(!sk_push(safes, (char *)authsafe)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 2ebaecf79f..f49d2e5249 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -65,9 +65,10 @@ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); -static int parse_bags( STACK *bags, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); +static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, @@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - STACK *asafes, *bags; + STACK *asafes; + STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; ASN1_OCTET_STRING *keyid = NULL; @@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, } if (!parse_bags(bags, pass, passlen, pkey, cert, ca, &keyid, &keymatch)) { - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; } - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); if (keyid) M_ASN1_OCTET_STRING_free(keyid); @@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, } -static int parse_bags (STACK *bags, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch) +static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch) { int i; - for (i = 0; i < sk_num(bags); i++) { - if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i), + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), pass, passlen, pkey, cert, ca, keyid, keymatch)) return 0; } diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 4fb0cf74ab..cccea84508 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -66,7 +66,8 @@ /* PKCS#12 password change routine */ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); -static int newpass_bags(STACK *bags, char *oldpass, char *newpass); +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, + char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); @@ -104,12 +105,14 @@ return 1; static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) { - STACK *asafes, *newsafes, *bags; + STACK *asafes, *newsafes; + STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; if(!(newsafes = sk_new(NULL))) return 0; for (i = 0; i < sk_num (asafes); i++) { @@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) return 0; } if (!newpass_bags(bags, oldpass, newpass)) { - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; } @@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, pbe_saltlen, pbe_iter, bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if(!p7new) { sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; @@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) } -static int newpass_bags(STACK *bags, char *oldpass, char *newpass) +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, + char *newpass) { int i; - for (i = 0; i < sk_num(bags); i++) { - if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), - oldpass, newpass)) return 0; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), + oldpass, newpass)) + return 0; } return 1; } diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 1b3addece1..6ae209693d 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) break; case NID_safeContentsBag: - M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes, - i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); + M_ASN1_I2D_len_EXP_SEQUENCE_opt_type + (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG, + 0, V_ASN1_SEQUENCE, v); break; case NID_certBag: @@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) break; case NID_safeContentsBag: - M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes, - i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); + M_ASN1_I2D_put_EXP_SEQUENCE_opt_type + (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG, + 0, V_ASN1_SEQUENCE, v); break; case NID_certBag: @@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp, break; case NID_safeContentsBag: - M_ASN1_D2I_get_EXP_set_opt(ret->value.safes, - d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, - 0, V_ASN1_SEQUENCE); + M_ASN1_D2I_get_EXP_set_opt_type + (PKCS12_SAFEBAG, ret->value.safes, + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0, + V_ASN1_SEQUENCE); break; case NID_certBag: @@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a) sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free); Free (a); } + +IMPLEMENT_STACK_OF(PKCS12_SAFEBAG) +IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG) +IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG) diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index c5bafc4fea..232eab3d4c 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -66,6 +66,27 @@ extern "C" { #endif +#define DECLARE_PKCS12_STACK_OF(type) \ +STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \ + type *(*d2i)(type **, \ + unsigned char **, \ + long), \ + void (*free_func)(type *), \ + const char *pass, int passlen, \ + ASN1_STRING *oct, int seq); + +#define IMPLEMENT_PKCS12_STACK_OF(type) \ +STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \ + type *(*d2i)(type **, \ + unsigned char **, \ + long), \ + void (*free_func)(type *), \ + const char *pass, int passlen, \ + ASN1_STRING *oct, int seq) \ + { return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \ + (void(*)(void *))free_func, \ + pass,passlen,oct,seq); } + #define PKCS12_KEY_ID 1 #define PKCS12_IV_ID 2 #define PKCS12_MAC_ID 3 @@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac; PKCS7 *authsafes; } PKCS12; +PREDECLARE_STACK_OF(PKCS12_SAFEBAG) + typedef struct { ASN1_OBJECT *type; union { struct pkcs12_bag_st *bag; /* secret, crl and certbag */ struct pkcs8_priv_key_info_st *keybag; /* keybag */ X509_SIG *shkeybag; /* shrouded key bag */ - STACK /* PKCS12_SAFEBAG */ *safes; + STACK_OF(PKCS12_SAFEBAG) *safes; ASN1_TYPE *other; }value; STACK_OF(X509_ATTRIBUTE) *attrib; ASN1_TYPE *rest; } PKCS12_SAFEBAG; +DECLARE_STACK_OF(PKCS12_SAFEBAG) +DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) +DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + typedef struct pkcs12_bag_st { ASN1_OBJECT *type; union { @@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag) (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/ #define M_PKCS12_unpack_p7data(p7) \ -ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \ - (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) +ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \ + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) #define M_PKCS12_pack_authsafes(p12, safes) \ ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\ @@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \ PKCS7_free) #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \ -(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\ - (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ - (pass), (passlen), \ - (p7)->d.encrypted->enc_data->enc_data, 3) +PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\ + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ + (pass), (passlen), \ + (p7)->d.encrypted->enc_data->enc_data, 3) #define M_PKCS12_decrypt_skey(bag, pass, passlen) \ (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \ @@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS7 *PKCS12_pack_p7data(STACK *sk); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, - STACK *bags); + STACK_OF(PKCS12_SAFEBAG) *bags); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); -- cgit v1.2.3