From f2716dada0527bcf200e628fd572514bd395fbfb Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Tue, 16 May 2000 19:53:50 +0000 Subject: [PATCH] Typesafety Thought Police Part 2. --- apps/pkcs12.c | 37 +++++++++++++++++++-------------- crypto/asn1/asn1.h | 25 +++++++++++++++++++--- crypto/pkcs12/p12_add.c | 10 +++++---- crypto/pkcs12/p12_crt.c | 16 +++++++------- crypto/pkcs12/p12_kiss.c | 25 ++++++++++++---------- crypto/pkcs12/p12_npas.c | 21 ++++++++++++------- crypto/pkcs12/p12_sbag.c | 21 ++++++++++++------- crypto/pkcs12/pkcs12.h | 45 ++++++++++++++++++++++++++++++++-------- crypto/stack/safestack.h | 7 ++++--- 9 files changed, 139 insertions(+), 68 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0c03801afe..a0822be61e 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -80,7 +80,8 @@ EVP_CIPHER *enc; int get_cert_chain(X509 *cert, STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); -int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass); +int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, + int passlen, int options, char *pempass); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -360,7 +361,8 @@ int MAIN(int argc, char **argv) if (export_cert) { EVP_PKEY *key; - STACK *bags, *safes; + STACK_OF(PKCS12_SAFEBAG) *bags; + STACK *safes; PKCS12_SAFEBAG *bag; PKCS8_PRIV_KEY_INFO *p8; PKCS7 *authsafe; @@ -405,7 +407,7 @@ int MAIN(int argc, char **argv) goto end; } - bags = sk_new (NULL); + bags = sk_PKCS12_SAFEBAG_new (NULL); /* Add any more certificates asked for */ if (certsin) { @@ -445,7 +447,7 @@ int MAIN(int argc, char **argv) PKCS12_add_localkeyid(bag, keyid, keyidlen); } else if((catmp = sk_shift(canames))) PKCS12_add_friendlyname(bag, catmp, -1); - sk_push(bags, (char *)bag); + sk_PKCS12_SAFEBAG_push(bags, bag); } sk_X509_pop_free(certs, X509_free); if (canames) sk_free(canames); @@ -459,7 +461,7 @@ int MAIN(int argc, char **argv) /* Turn certbags into encrypted authsafe */ authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, iter, bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if (!authsafe) { ERR_print_errors (bio_err); @@ -477,11 +479,11 @@ int MAIN(int argc, char **argv) PKCS8_PRIV_KEY_INFO_free(p8); if (name) PKCS12_add_friendlyname (bag, name, -1); PKCS12_add_localkeyid (bag, keyid, keyidlen); - bags = sk_new(NULL); - sk_push (bags, (char *)bag); + bags = sk_PKCS12_SAFEBAG_new(NULL); + sk_PKCS12_SAFEBAG_push (bags, bag); /* Turn it into unencrypted safe bag */ authsafe = PKCS12_pack_p7data (bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_push (safes, (char *)authsafe); p12 = PKCS12_init (NID_pkcs7_data); @@ -571,7 +573,8 @@ int MAIN(int argc, char **argv) int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass) { - STACK *asafes, *bags; + STACK *asafes; + STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; @@ -592,23 +595,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, if (!bags) return 0; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, options, pempass)) { - sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); return 0; } - sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); } sk_pop_free (asafes, (void(*)(void *)) PKCS7_free); return 1; } -int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass, - int passlen, int options, char *pempass) +int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, + char *pass, int passlen, int options, char *pempass) { int i; - for (i = 0; i < sk_num (bags); i++) { + for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) { if (!dump_certs_pkeys_bag (out, - (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen, - options, pempass)) return 0; + sk_PKCS12_SAFEBAG_value (bags, i), + pass, passlen, + options, pempass)) + return 0; } return 1; } diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index f340ed41df..1e45aefc7a 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -140,6 +140,8 @@ extern "C" { #define MBSTRING_UNIV (MBSTRING_FLAG|3) #define MBSTRING_UTF8 (MBSTRING_FLAG|4) +struct X509_algor_st; + #define DECLARE_ASN1_SET_OF(type) \ int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ int (*func)(type *,unsigned char **), int ex_tag, \ @@ -149,7 +151,14 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ type *(*func)(type **, \ unsigned char **,long), \ void (*free_func)(type *), \ - int ex_tag,int ex_class); + int ex_tag,int ex_class); \ +unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \ + int (*i2d)(type *,unsigned char **), \ + unsigned char **buf,int *len); \ +STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \ + type *(*d2i)(type **,unsigned char **, \ + long), \ + void (*free_func)(type *)); #define IMPLEMENT_ASN1_SET_OF(type) \ int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ @@ -165,7 +174,17 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \ (char *(*)())func, \ (void (*)())free_func, \ - ex_tag,ex_class); } + ex_tag,ex_class); } \ +unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \ + int (*i2d)(type *,unsigned char **), \ + unsigned char **buf,int *len) \ + { return ASN1_seq_pack((STACK *)st,i2d,buf,len); } \ +STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \ + type *(*d2i)(type **,unsigned char **, \ + long), \ + void (*free_func)(type *)) \ + { return (STACK_OF(type) *)ASN1_seq_unpack(buf,len,(char *(*)())d2i, \ + (void(*)(void *))free_func); } typedef struct asn1_ctx_st { @@ -771,7 +790,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), void (*free_func)() ); unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len ); + int *len ); void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index d045cbba8d..b563656895 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, } /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ -PKCS7 *PKCS12_pack_p7data (STACK *sk) +PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk) { PKCS7 *p7; if (!(p7 = PKCS7_new())) { @@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) return NULL; } - if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, - &p7->d.data->length)) { + if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG, + &p7->d.data->data, + &p7->d.data->length)) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); return NULL; } @@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, STACK *bags) + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags) { PKCS7 *p7; X509_ALGOR *pbe; diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index a60b128a3b..37850a089b 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, int keytype) { PKCS12 *p12; - STACK *bags, *safes; + STACK_OF(PKCS12_SAFEBAG) *bags; + STACK *safes; PKCS12_SAFEBAG *bag; PKCS8_PRIV_KEY_INFO *p8; PKCS7 *authsafe; @@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, return NULL; } - if(!(bags = sk_new (NULL))) { + if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, X509_digest(cert, EVP_sha1(), keyid, &keyidlen); if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; - if(!sk_push(bags, (char *)bag)) { + if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, for(i = 0; i < sk_X509_num(ca); i++) { tcert = sk_X509_value(ca, i); if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; - if(!sk_push(bags, (char *)bag)) { + if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } @@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Turn certbags into encrypted authsafe */ authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, iter, bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if (!authsafe) return NULL; @@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, PKCS8_PRIV_KEY_INFO_free(p8); if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; - if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { + if(!(bags = sk_PKCS12_SAFEBAG_new(NULL)) + || !sk_PKCS12_SAFEBAG_push (bags, bag)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; } /* Turn it into unencrypted safe bag */ if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if(!sk_push(safes, (char *)authsafe)) { PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 2ebaecf79f..f49d2e5249 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -65,9 +65,10 @@ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); -static int parse_bags( STACK *bags, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); +static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, @@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - STACK *asafes, *bags; + STACK *asafes; + STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; ASN1_OCTET_STRING *keyid = NULL; @@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, } if (!parse_bags(bags, pass, passlen, pkey, cert, ca, &keyid, &keymatch)) { - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; } - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); if (keyid) M_ASN1_OCTET_STRING_free(keyid); @@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, } -static int parse_bags (STACK *bags, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch) +static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, + char *keymatch) { int i; - for (i = 0; i < sk_num(bags); i++) { - if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i), + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), pass, passlen, pkey, cert, ca, keyid, keymatch)) return 0; } diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 4fb0cf74ab..cccea84508 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -66,7 +66,8 @@ /* PKCS#12 password change routine */ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); -static int newpass_bags(STACK *bags, char *oldpass, char *newpass); +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, + char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); @@ -104,12 +105,14 @@ return 1; static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) { - STACK *asafes, *newsafes, *bags; + STACK *asafes, *newsafes; + STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; if(!(newsafes = sk_new(NULL))) return 0; for (i = 0; i < sk_num (asafes); i++) { @@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) return 0; } if (!newpass_bags(bags, oldpass, newpass)) { - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; } @@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, pbe_saltlen, pbe_iter, bags); - sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if(!p7new) { sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); return 0; @@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) } -static int newpass_bags(STACK *bags, char *oldpass, char *newpass) +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, + char *newpass) { int i; - for (i = 0; i < sk_num(bags); i++) { - if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), - oldpass, newpass)) return 0; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { + if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), + oldpass, newpass)) + return 0; } return 1; } diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 1b3addece1..6ae209693d 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) break; case NID_safeContentsBag: - M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes, - i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); + M_ASN1_I2D_len_EXP_SEQUENCE_opt_type + (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG, + 0, V_ASN1_SEQUENCE, v); break; case NID_certBag: @@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) break; case NID_safeContentsBag: - M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes, - i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); + M_ASN1_I2D_put_EXP_SEQUENCE_opt_type + (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG, + 0, V_ASN1_SEQUENCE, v); break; case NID_certBag: @@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp, break; case NID_safeContentsBag: - M_ASN1_D2I_get_EXP_set_opt(ret->value.safes, - d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, - 0, V_ASN1_SEQUENCE); + M_ASN1_D2I_get_EXP_set_opt_type + (PKCS12_SAFEBAG, ret->value.safes, + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0, + V_ASN1_SEQUENCE); break; case NID_certBag: @@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a) sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free); Free (a); } + +IMPLEMENT_STACK_OF(PKCS12_SAFEBAG) +IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG) +IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG) diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index c5bafc4fea..232eab3d4c 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -66,6 +66,27 @@ extern "C" { #endif +#define DECLARE_PKCS12_STACK_OF(type) \ +STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \ + type *(*d2i)(type **, \ + unsigned char **, \ + long), \ + void (*free_func)(type *), \ + const char *pass, int passlen, \ + ASN1_STRING *oct, int seq); + +#define IMPLEMENT_PKCS12_STACK_OF(type) \ +STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \ + type *(*d2i)(type **, \ + unsigned char **, \ + long), \ + void (*free_func)(type *), \ + const char *pass, int passlen, \ + ASN1_STRING *oct, int seq) \ + { return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \ + (void(*)(void *))free_func, \ + pass,passlen,oct,seq); } + #define PKCS12_KEY_ID 1 #define PKCS12_IV_ID 2 #define PKCS12_MAC_ID 3 @@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac; PKCS7 *authsafes; } PKCS12; +PREDECLARE_STACK_OF(PKCS12_SAFEBAG) + typedef struct { ASN1_OBJECT *type; union { struct pkcs12_bag_st *bag; /* secret, crl and certbag */ struct pkcs8_priv_key_info_st *keybag; /* keybag */ X509_SIG *shkeybag; /* shrouded key bag */ - STACK /* PKCS12_SAFEBAG */ *safes; + STACK_OF(PKCS12_SAFEBAG) *safes; ASN1_TYPE *other; }value; STACK_OF(X509_ATTRIBUTE) *attrib; ASN1_TYPE *rest; } PKCS12_SAFEBAG; +DECLARE_STACK_OF(PKCS12_SAFEBAG) +DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) +DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + typedef struct pkcs12_bag_st { ASN1_OBJECT *type; union { @@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag) (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/ #define M_PKCS12_unpack_p7data(p7) \ -ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \ - (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) +ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \ + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) #define M_PKCS12_pack_authsafes(p12, safes) \ ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\ @@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \ PKCS7_free) #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \ -(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\ - (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ - (pass), (passlen), \ - (p7)->d.encrypted->enc_data->enc_data, 3) +PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\ + d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ + (pass), (passlen), \ + (p7)->d.encrypted->enc_data->enc_data, 3) #define M_PKCS12_decrypt_skey(bag, pass, passlen) \ (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \ @@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS7 *PKCS12_pack_p7data(STACK *sk); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, - STACK *bags); + STACK_OF(PKCS12_SAFEBAG) *bags); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index c3b2dd799d..da631581f6 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -57,13 +57,14 @@ #include -#define STACK_OF(type) STACK_##type +#define STACK_OF(type) struct stack_st_##type +#define PREDECLARE_STACK_OF(type) STACK_OF(type); #define DECLARE_STACK_OF(type) \ -typedef struct stack_st_##type \ +STACK_OF(type) \ { \ STACK stack; \ - } STACK_OF(type); \ + }; \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ STACK_OF(type) *sk_##type##_new_null(void); \ void sk_##type##_free(STACK_OF(type) *sk); \