From 65d4927b8d645d9bcb5f6085a107d314794e8e34 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 1 May 1999 17:40:57 +0000 Subject: [PATCH] Another safe stack. --- apps/req.c | 2 +- crypto/asn1/asn1_mac.h | 4 ++++ crypto/asn1/x_name.c | 38 +++++++++++++++++---------------- crypto/stack/safestack.h | 9 +++++--- crypto/x509/x509.h | 5 ++++- crypto/x509/x509_cmp.c | 18 +++++++++------- crypto/x509/x509_obj.c | 4 ++-- crypto/x509/x509name.c | 45 ++++++++++++++++++++-------------------- 8 files changed, 70 insertions(+), 55 deletions(-) diff --git a/apps/req.c b/apps/req.c index 5678b707f8..b7342f071d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -907,7 +907,7 @@ start: for (;;) min,max)) goto err; } - if (sk_num(ri->subject->entries) == 0) + if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0) { BIO_printf(bio_err,"error, no objects specified in config file\n"); goto err; diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index 0497805590..f0ab1e9069 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -154,6 +154,10 @@ err:\ M_ASN1_D2I_get_imp_set(r,func,free_func, \ V_ASN1_SET,V_ASN1_UNIVERSAL); +#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ + M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ + V_ASN1_SET,V_ASN1_UNIVERSAL); + #define M_ASN1_D2I_get_set_opt(r,func,free_func) \ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index c26c1ce01a..5df74b9f45 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -113,7 +113,7 @@ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp) static int i2d_X509_NAME_entries(X509_NAME *a) { X509_NAME_ENTRY *ne,*fe=NULL; - STACK *sk; + STACK_OF(X509_NAME_ENTRY) *sk; BUF_MEM *buf=NULL; int set=0,r,ret=0; int i; @@ -121,9 +121,9 @@ static int i2d_X509_NAME_entries(X509_NAME *a) int size=0; sk=a->entries; - for (i=0; iset) { set=ne->set; @@ -179,11 +179,11 @@ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length) M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new); orig= *pp; - if (sk_num(ret->entries) > 0) + if (sk_X509_NAME_ENTRY_num(ret->entries) > 0) { - while (sk_num(ret->entries) > 0) - X509_NAME_ENTRY_free((X509_NAME_ENTRY *) - sk_pop(ret->entries)); + while (sk_X509_NAME_ENTRY_num(ret->entries) > 0) + X509_NAME_ENTRY_free( + sk_X509_NAME_ENTRY_pop(ret->entries)); } M_ASN1_D2I_Init(); @@ -191,12 +191,12 @@ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length) for (;;) { if (M_ASN1_D2I_end_sequence()) break; - M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY, - X509_NAME_ENTRY_free); - for (; idx < sk_num(ret->entries); idx++) + M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries, + d2i_X509_NAME_ENTRY, + X509_NAME_ENTRY_free); + for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++) { - ((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set= - set; + sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set; } set++; } @@ -216,7 +216,7 @@ X509_NAME *X509_NAME_new(void) ASN1_CTX c; M_ASN1_New_Malloc(ret,X509_NAME); - if ((ret->entries=sk_new(NULL)) == NULL) + if ((ret->entries=sk_X509_NAME_ENTRY_new(NULL)) == NULL) { c.line=__LINE__; goto err2; } M_ASN1_New(ret->bytes,BUF_MEM_new); ret->modified=1; @@ -244,8 +244,8 @@ void X509_NAME_free(X509_NAME *a) return; BUF_MEM_free(a->bytes); - sk_pop_free(a->entries,X509_NAME_ENTRY_free); - Free((char *)a); + sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); + Free(a); } void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a) @@ -253,7 +253,7 @@ void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a) if (a == NULL) return; ASN1_OBJECT_free(a->object); ASN1_BIT_STRING_free(a->value); - Free((char *)a); + Free(a); } int X509_NAME_set(X509_NAME **xn, X509_NAME *name) @@ -274,3 +274,5 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) return(*xn != NULL); } +IMPLEMENT_STACK_OF(X509_NAME_ENTRY) +IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 3fed5f1735..37f68b9633 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -73,8 +73,9 @@ type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \ void sk_##type##_zero(STACK_OF(type) *sk); \ int sk_##type##_push(STACK_OF(type) *sk,type *v); \ int sk_##type##_find(STACK_OF(type) *sk,type *v); \ -void sk_##type##_delete(STACK_OF(type) *sk,int n); \ +type *sk_##type##_delete(STACK_OF(type) *sk,int n); \ void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \ +int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \ void sk_##type##_set_cmp_func(STACK_OF(type) *sk,int (*cmp)(type **,type **)); \ STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \ void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \ @@ -100,10 +101,12 @@ int sk_##type##_push(STACK_OF(type) *sk,type *v) \ { return sk_push((STACK *)sk,(char *)v); } \ int sk_##type##_find(STACK_OF(type) *sk,type *v) \ { return sk_find((STACK *)sk,(char *)v); } \ -void sk_##type##_delete(STACK_OF(type) *sk,int n) \ - { sk_delete((STACK *)sk,n); } \ +type *sk_##type##_delete(STACK_OF(type) *sk,int n) \ + { return (type *)sk_delete((STACK *)sk,n); } \ void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \ { sk_delete_ptr((STACK *)sk,(char *)v); } \ +int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \ + { return sk_insert((STACK *)sk,(char *)v,n); } \ void sk_##type##_set_cmp_func(STACK_OF(type) *sk,int (*cmp)(type **,type **)) \ { sk_set_cmp_func((STACK *)sk,cmp); } \ STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \ diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 7c3ab2fedb..df04cfed01 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -136,10 +136,13 @@ typedef struct X509_name_entry_st int size; /* temp variable */ } X509_NAME_ENTRY; +DECLARE_STACK_OF(X509_NAME_ENTRY) +DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) + /* we always keep X509_NAMEs in 2 forms. */ typedef struct X509_name_st { - STACK *entries; /* of X509_NAME_ENTRY */ + STACK_OF(X509_NAME_ENTRY) *entries; int modified; /* true if 'bytes' needs to be built */ #ifdef HEADER_BUFFER_H BUF_MEM *bytes; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7063fee2a4..9a93bae3ff 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -143,12 +143,14 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) int i,j; X509_NAME_ENTRY *na,*nb; - if (sk_num(a->entries) != sk_num(b->entries)) - return(sk_num(a->entries)-sk_num(b->entries)); - for (i=sk_num(a->entries)-1; i>=0; i--) + if (sk_X509_NAME_ENTRY_num(a->entries) + != sk_X509_NAME_ENTRY_num(b->entries)) + return sk_X509_NAME_ENTRY_num(a->entries) + -sk_X509_NAME_ENTRY_num(b->entries); + for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) { - na=(X509_NAME_ENTRY *)sk_value(a->entries,i); - nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); + na=sk_X509_NAME_ENTRY_value(a->entries,i); + nb=sk_X509_NAME_ENTRY_value(b->entries,i); j=na->value->length-nb->value->length; if (j) return(j); j=memcmp(na->value->data,nb->value->data, @@ -161,10 +163,10 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b) /* We will check the object types after checking the values * since the values will more often be different than the object * types. */ - for (i=sk_num(a->entries)-1; i>=0; i--) + for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) { - na=(X509_NAME_ENTRY *)sk_value(a->entries,i); - nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); + na=sk_X509_NAME_ENTRY_value(a->entries,i); + nb=sk_X509_NAME_ENTRY_value(b->entries,i); j=OBJ_cmp(na->object,nb->object); if (j) return(j); } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 188457872a..b2a33a42b9 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -96,9 +96,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) len--; /* space for '\0' */ l=0; - for (i=0; (int)ientries); i++) + for (i=0; ientries); i++) { - ne=(X509_NAME_ENTRY *)sk_value(a->entries,i); + ne=sk_X509_NAME_ENTRY_value(a->entries,i); n=OBJ_obj2nid(ne->object); if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) { diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index d5172a9b03..2a422be350 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -92,7 +92,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, int X509_NAME_entry_count(X509_NAME *name) { if (name == NULL) return(0); - return(sk_num(name->entries)); + return(sk_X509_NAME_ENTRY_num(name->entries)); } int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) @@ -110,16 +110,16 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, { int n; X509_NAME_ENTRY *ne; - STACK *sk; + STACK_OF(X509_NAME_ENTRY) *sk; if (name == NULL) return(-1); if (lastpos < 0) lastpos= -1; sk=name->entries; - n=sk_num(sk); + n=sk_X509_NAME_ENTRY_num(sk); for (lastpos++; lastpos < n; lastpos++) { - ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos); + ne=sk_X509_NAME_ENTRY_value(sk,lastpos); if (OBJ_cmp(ne->object,obj) == 0) return(lastpos); } @@ -128,32 +128,34 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) { - if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) + if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc + || loc < 0) return(NULL); else - return((X509_NAME_ENTRY *)sk_value(name->entries,loc)); + return(sk_X509_NAME_ENTRY_value(name->entries,loc)); } X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) { X509_NAME_ENTRY *ret; int i,n,set_prev,set_next; - STACK *sk; + STACK_OF(X509_NAME_ENTRY) *sk; - if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) + if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc + || loc < 0) return(NULL); sk=name->entries; - ret=(X509_NAME_ENTRY *)sk_delete(sk,loc); - n=sk_num(sk); + ret=sk_X509_NAME_ENTRY_delete(sk,loc); + n=sk_X509_NAME_ENTRY_num(sk); name->modified=1; if (loc == n) return(ret); /* else we need to fixup the set field */ if (loc != 0) - set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; + set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; else set_prev=ret->set-1; - set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; /* set_prev is the previous set * set is the current set @@ -165,7 +167,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) * re-number down by 1 */ if (set_prev+1 < set_next) for (i=loc; iset--; + sk_X509_NAME_ENTRY_value(sk,i)->set--; return(ret); } @@ -176,11 +178,11 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, { X509_NAME_ENTRY *new_name=NULL; int n,i,inc; - STACK *sk; + STACK_OF(X509_NAME_ENTRY) *sk; if (name == NULL) return(0); sk=name->entries; - n=sk_num(sk); + n=sk_X509_NAME_ENTRY_num(sk); if (loc > n) loc=n; else if (loc < 0) loc=n; @@ -195,7 +197,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, } else { - set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; + set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; inc=0; } } @@ -204,29 +206,28 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, if (loc >= n) { if (loc != 0) - set=((X509_NAME_ENTRY *) - sk_value(sk,loc-1))->set+1; + set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; else set=0; } else - set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; + set=sk_X509_NAME_ENTRY_value(sk,loc)->set; inc=(set == 0)?1:0; } if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) goto err; new_name->set=set; - if (!sk_insert(sk,(char *)new_name,loc)) + if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) { X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); goto err; } if (inc) { - n=sk_num(sk); + n=sk_X509_NAME_ENTRY_num(sk); for (i=loc+1; iset+=1; + sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1; } return(1); err: -- GitLab