提交 f2716dad 编写于 作者: B Ben Laurie

Typesafety Thought Police Part 2.

上级 b4604683
...@@ -80,7 +80,8 @@ EVP_CIPHER *enc; ...@@ -80,7 +80,8 @@ EVP_CIPHER *enc;
int get_cert_chain(X509 *cert, STACK_OF(X509) **chain); int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
void hex_prin(BIO *out, unsigned char *buf, int len); void hex_prin(BIO *out, unsigned char *buf, int len);
...@@ -360,7 +361,8 @@ int MAIN(int argc, char **argv) ...@@ -360,7 +361,8 @@ int MAIN(int argc, char **argv)
if (export_cert) { if (export_cert) {
EVP_PKEY *key; EVP_PKEY *key;
STACK *bags, *safes; STACK_OF(PKCS12_SAFEBAG) *bags;
STACK *safes;
PKCS12_SAFEBAG *bag; PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8; PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe; PKCS7 *authsafe;
...@@ -405,7 +407,7 @@ int MAIN(int argc, char **argv) ...@@ -405,7 +407,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
bags = sk_new (NULL); bags = sk_PKCS12_SAFEBAG_new (NULL);
/* Add any more certificates asked for */ /* Add any more certificates asked for */
if (certsin) { if (certsin) {
...@@ -445,7 +447,7 @@ int MAIN(int argc, char **argv) ...@@ -445,7 +447,7 @@ int MAIN(int argc, char **argv)
PKCS12_add_localkeyid(bag, keyid, keyidlen); PKCS12_add_localkeyid(bag, keyid, keyidlen);
} else if((catmp = sk_shift(canames))) } else if((catmp = sk_shift(canames)))
PKCS12_add_friendlyname(bag, catmp, -1); PKCS12_add_friendlyname(bag, catmp, -1);
sk_push(bags, (char *)bag); sk_PKCS12_SAFEBAG_push(bags, bag);
} }
sk_X509_pop_free(certs, X509_free); sk_X509_pop_free(certs, X509_free);
if (canames) sk_free(canames); if (canames) sk_free(canames);
...@@ -459,7 +461,7 @@ int MAIN(int argc, char **argv) ...@@ -459,7 +461,7 @@ int MAIN(int argc, char **argv)
/* Turn certbags into encrypted authsafe */ /* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
iter, bags); iter, bags);
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (!authsafe) { if (!authsafe) {
ERR_print_errors (bio_err); ERR_print_errors (bio_err);
...@@ -477,11 +479,11 @@ int MAIN(int argc, char **argv) ...@@ -477,11 +479,11 @@ int MAIN(int argc, char **argv)
PKCS8_PRIV_KEY_INFO_free(p8); PKCS8_PRIV_KEY_INFO_free(p8);
if (name) PKCS12_add_friendlyname (bag, name, -1); if (name) PKCS12_add_friendlyname (bag, name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen); PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_new(NULL); bags = sk_PKCS12_SAFEBAG_new(NULL);
sk_push (bags, (char *)bag); sk_PKCS12_SAFEBAG_push (bags, bag);
/* Turn it into unencrypted safe bag */ /* Turn it into unencrypted safe bag */
authsafe = PKCS12_pack_p7data (bags); authsafe = PKCS12_pack_p7data (bags);
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_push (safes, (char *)authsafe); sk_push (safes, (char *)authsafe);
p12 = PKCS12_init (NID_pkcs7_data); p12 = PKCS12_init (NID_pkcs7_data);
...@@ -571,7 +573,8 @@ int MAIN(int argc, char **argv) ...@@ -571,7 +573,8 @@ int MAIN(int argc, char **argv)
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass) int passlen, int options, char *pempass)
{ {
STACK *asafes, *bags; STACK *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid; int i, bagnid;
PKCS7 *p7; PKCS7 *p7;
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
...@@ -592,23 +595,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, ...@@ -592,23 +595,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
if (!bags) return 0; if (!bags) return 0;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen, if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) { options, pempass)) {
sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
return 0; return 0;
} }
sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
} }
sk_pop_free (asafes, (void(*)(void *)) PKCS7_free); sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);
return 1; return 1;
} }
int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass, int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
int passlen, int options, char *pempass) char *pass, int passlen, int options, char *pempass)
{ {
int i; int i;
for (i = 0; i < sk_num (bags); i++) { for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
if (!dump_certs_pkeys_bag (out, if (!dump_certs_pkeys_bag (out,
(PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen, sk_PKCS12_SAFEBAG_value (bags, i),
options, pempass)) return 0; pass, passlen,
options, pempass))
return 0;
} }
return 1; return 1;
} }
......
...@@ -140,6 +140,8 @@ extern "C" { ...@@ -140,6 +140,8 @@ extern "C" {
#define MBSTRING_UNIV (MBSTRING_FLAG|3) #define MBSTRING_UNIV (MBSTRING_FLAG|3)
#define MBSTRING_UTF8 (MBSTRING_FLAG|4) #define MBSTRING_UTF8 (MBSTRING_FLAG|4)
struct X509_algor_st;
#define DECLARE_ASN1_SET_OF(type) \ #define DECLARE_ASN1_SET_OF(type) \
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
int (*func)(type *,unsigned char **), int ex_tag, \ int (*func)(type *,unsigned char **), int ex_tag, \
...@@ -149,7 +151,14 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ ...@@ -149,7 +151,14 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
type *(*func)(type **, \ type *(*func)(type **, \
unsigned char **,long), \ unsigned char **,long), \
void (*free_func)(type *), \ void (*free_func)(type *), \
int ex_tag,int ex_class); int ex_tag,int ex_class); \
unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
int (*i2d)(type *,unsigned char **), \
unsigned char **buf,int *len); \
STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
type *(*d2i)(type **,unsigned char **, \
long), \
void (*free_func)(type *));
#define IMPLEMENT_ASN1_SET_OF(type) \ #define IMPLEMENT_ASN1_SET_OF(type) \
int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \ int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
...@@ -165,7 +174,17 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \ ...@@ -165,7 +174,17 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
{ return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \ { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
(char *(*)())func, \ (char *(*)())func, \
(void (*)())free_func, \ (void (*)())free_func, \
ex_tag,ex_class); } ex_tag,ex_class); } \
unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
int (*i2d)(type *,unsigned char **), \
unsigned char **buf,int *len) \
{ return ASN1_seq_pack((STACK *)st,i2d,buf,len); } \
STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
type *(*d2i)(type **,unsigned char **, \
long), \
void (*free_func)(type *)) \
{ return (STACK_OF(type) *)ASN1_seq_unpack(buf,len,(char *(*)())d2i, \
(void(*)(void *))free_func); }
typedef struct asn1_ctx_st typedef struct asn1_ctx_st
{ {
...@@ -771,7 +790,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, ...@@ -771,7 +790,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
void (*free_func)() ); void (*free_func)() );
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
int *len ); int *len );
void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
......
...@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, ...@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
} }
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *PKCS12_pack_p7data (STACK *sk) PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
{ {
PKCS7 *p7; PKCS7 *p7;
if (!(p7 = PKCS7_new())) { if (!(p7 = PKCS7_new())) {
...@@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) ...@@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
return NULL; return NULL;
} }
if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
&p7->d.data->length)) { &p7->d.data->data,
&p7->d.data->length)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
return NULL; return NULL;
} }
...@@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) ...@@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter, STACK *bags) unsigned char *salt, int saltlen, int iter,
STACK_OF(PKCS12_SAFEBAG) *bags)
{ {
PKCS7 *p7; PKCS7 *p7;
X509_ALGOR *pbe; X509_ALGOR *pbe;
......
...@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
int keytype) int keytype)
{ {
PKCS12 *p12; PKCS12 *p12;
STACK *bags, *safes; STACK_OF(PKCS12_SAFEBAG) *bags;
STACK *safes;
PKCS12_SAFEBAG *bag; PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8; PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe; PKCS7 *authsafe;
...@@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
return NULL; return NULL;
} }
if(!(bags = sk_new (NULL))) { if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
...@@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
X509_digest(cert, EVP_sha1(), keyid, &keyidlen); X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
if(!sk_push(bags, (char *)bag)) { if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
...@@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
for(i = 0; i < sk_X509_num(ca); i++) { for(i = 0; i < sk_X509_num(ca); i++) {
tcert = sk_X509_value(ca, i); tcert = sk_X509_value(ca, i);
if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
if(!sk_push(bags, (char *)bag)) { if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
...@@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
/* Turn certbags into encrypted authsafe */ /* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
iter, bags); iter, bags);
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (!authsafe) return NULL; if (!authsafe) return NULL;
...@@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ...@@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
PKCS8_PRIV_KEY_INFO_free(p8); PKCS8_PRIV_KEY_INFO_free(p8);
if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
|| !sk_PKCS12_SAFEBAG_push (bags, bag)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
/* Turn it into unencrypted safe bag */ /* Turn it into unencrypted safe bag */
if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if(!sk_push(safes, (char *)authsafe)) { if(!sk_push(safes, (char *)authsafe)) {
PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
......
...@@ -65,9 +65,10 @@ ...@@ -65,9 +65,10 @@
static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
static int parse_bags( STACK *bags, const char *pass, int passlen, static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, int passlen, EVP_PKEY **pkey, X509 **cert,
ASN1_OCTET_STRING **keyid, char *keymatch); STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
char *keymatch);
static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
...@@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, ...@@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{ {
STACK *asafes, *bags; STACK *asafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid; int i, bagnid;
PKCS7 *p7; PKCS7 *p7;
ASN1_OCTET_STRING *keyid = NULL; ASN1_OCTET_STRING *keyid = NULL;
...@@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, ...@@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
} }
if (!parse_bags(bags, pass, passlen, pkey, cert, ca, if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
&keyid, &keymatch)) { &keyid, &keymatch)) {
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
return 0; return 0;
} }
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
} }
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
if (keyid) M_ASN1_OCTET_STRING_free(keyid); if (keyid) M_ASN1_OCTET_STRING_free(keyid);
...@@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, ...@@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
} }
static int parse_bags (STACK *bags, const char *pass, int passlen, static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, int passlen, EVP_PKEY **pkey, X509 **cert,
ASN1_OCTET_STRING **keyid, char *keymatch) STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
char *keymatch)
{ {
int i; int i;
for (i = 0; i < sk_num(bags); i++) { for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i), if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
pass, passlen, pkey, cert, ca, keyid, pass, passlen, pkey, cert, ca, keyid,
keymatch)) return 0; keymatch)) return 0;
} }
......
...@@ -66,7 +66,8 @@ ...@@ -66,7 +66,8 @@
/* PKCS#12 password change routine */ /* PKCS#12 password change routine */
static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
static int newpass_bags(STACK *bags, char *oldpass, char *newpass); static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
char *newpass);
static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
...@@ -104,12 +105,14 @@ return 1; ...@@ -104,12 +105,14 @@ return 1;
static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
{ {
STACK *asafes, *newsafes, *bags; STACK *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
PKCS7 *p7, *p7new; PKCS7 *p7, *p7new;
ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
unsigned char mac[EVP_MAX_MD_SIZE]; unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen; unsigned int maclen;
if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
if(!(newsafes = sk_new(NULL))) return 0; if(!(newsafes = sk_new(NULL))) return 0;
for (i = 0; i < sk_num (asafes); i++) { for (i = 0; i < sk_num (asafes); i++) {
...@@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) ...@@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
return 0; return 0;
} }
if (!newpass_bags(bags, oldpass, newpass)) { if (!newpass_bags(bags, oldpass, newpass)) {
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
return 0; return 0;
} }
...@@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) ...@@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
pbe_saltlen, pbe_iter, bags); pbe_saltlen, pbe_iter, bags);
sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if(!p7new) { if(!p7new) {
sk_pop_free(asafes, (void(*)(void *)) PKCS7_free); sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
return 0; return 0;
...@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) ...@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
} }
static int newpass_bags(STACK *bags, char *oldpass, char *newpass) static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
char *newpass)
{ {
int i; int i;
for (i = 0; i < sk_num(bags); i++) { for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
oldpass, newpass)) return 0; oldpass, newpass))
return 0;
} }
return 1; return 1;
} }
......
...@@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) ...@@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
break; break;
case NID_safeContentsBag: case NID_safeContentsBag:
M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes, M_ASN1_I2D_len_EXP_SEQUENCE_opt_type
i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
0, V_ASN1_SEQUENCE, v);
break; break;
case NID_certBag: case NID_certBag:
...@@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp) ...@@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
break; break;
case NID_safeContentsBag: case NID_safeContentsBag:
M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes, M_ASN1_I2D_put_EXP_SEQUENCE_opt_type
i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v); (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
0, V_ASN1_SEQUENCE, v);
break; break;
case NID_certBag: case NID_certBag:
...@@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp, ...@@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
break; break;
case NID_safeContentsBag: case NID_safeContentsBag:
M_ASN1_D2I_get_EXP_set_opt(ret->value.safes, M_ASN1_D2I_get_EXP_set_opt_type
d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, (PKCS12_SAFEBAG, ret->value.safes,
0, V_ASN1_SEQUENCE); d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0,
V_ASN1_SEQUENCE);
break; break;
case NID_certBag: case NID_certBag:
...@@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a) ...@@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free); sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
Free (a); Free (a);
} }
IMPLEMENT_STACK_OF(PKCS12_SAFEBAG)
IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG)
IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG)
...@@ -66,6 +66,27 @@ ...@@ -66,6 +66,27 @@
extern "C" { extern "C" {
#endif #endif
#define DECLARE_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq);
#define IMPLEMENT_PKCS12_STACK_OF(type) \
STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
type *(*d2i)(type **, \
unsigned char **, \
long), \
void (*free_func)(type *), \
const char *pass, int passlen, \
ASN1_STRING *oct, int seq) \
{ return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \
(void(*)(void *))free_func, \
pass,passlen,oct,seq); }
#define PKCS12_KEY_ID 1 #define PKCS12_KEY_ID 1
#define PKCS12_IV_ID 2 #define PKCS12_IV_ID 2
#define PKCS12_MAC_ID 3 #define PKCS12_MAC_ID 3
...@@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac; ...@@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac;
PKCS7 *authsafes; PKCS7 *authsafes;
} PKCS12; } PKCS12;
PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
typedef struct { typedef struct {
ASN1_OBJECT *type; ASN1_OBJECT *type;
union { union {
struct pkcs12_bag_st *bag; /* secret, crl and certbag */ struct pkcs12_bag_st *bag; /* secret, crl and certbag */
struct pkcs8_priv_key_info_st *keybag; /* keybag */ struct pkcs8_priv_key_info_st *keybag; /* keybag */
X509_SIG *shkeybag; /* shrouded key bag */ X509_SIG *shkeybag; /* shrouded key bag */
STACK /* PKCS12_SAFEBAG */ *safes; STACK_OF(PKCS12_SAFEBAG) *safes;
ASN1_TYPE *other; ASN1_TYPE *other;
}value; }value;
STACK_OF(X509_ATTRIBUTE) *attrib; STACK_OF(X509_ATTRIBUTE) *attrib;
ASN1_TYPE *rest; ASN1_TYPE *rest;
} PKCS12_SAFEBAG; } PKCS12_SAFEBAG;
DECLARE_STACK_OF(PKCS12_SAFEBAG)
DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
typedef struct pkcs12_bag_st { typedef struct pkcs12_bag_st {
ASN1_OBJECT *type; ASN1_OBJECT *type;
union { union {
...@@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag) ...@@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
(RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/ (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
#define M_PKCS12_unpack_p7data(p7) \ #define M_PKCS12_unpack_p7data(p7) \
ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \ ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \
(char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
#define M_PKCS12_pack_authsafes(p12, safes) \ #define M_PKCS12_pack_authsafes(p12, safes) \
ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\ ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
...@@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \ ...@@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \
PKCS7_free) PKCS7_free)
#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \ #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\ PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\
(char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
(pass), (passlen), \ (pass), (passlen), \
(p7)->d.encrypted->enc_data->enc_data, 3) (p7)->d.encrypted->enc_data->enc_data, 3)
#define M_PKCS12_decrypt_skey(bag, pass, passlen) \ #define M_PKCS12_decrypt_skey(bag, pass, passlen) \
(PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \ (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
...@@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, ...@@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
int passlen, unsigned char *salt, int passlen, unsigned char *salt,
int saltlen, int iter, int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *p8);
PKCS7 *PKCS12_pack_p7data(STACK *sk); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter, unsigned char *salt, int saltlen, int iter,
STACK *bags); STACK_OF(PKCS12_SAFEBAG) *bags);
int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
int namelen); int namelen);
......
...@@ -57,13 +57,14 @@ ...@@ -57,13 +57,14 @@
#include <openssl/stack.h> #include <openssl/stack.h>
#define STACK_OF(type) STACK_##type #define STACK_OF(type) struct stack_st_##type
#define PREDECLARE_STACK_OF(type) STACK_OF(type);
#define DECLARE_STACK_OF(type) \ #define DECLARE_STACK_OF(type) \
typedef struct stack_st_##type \ STACK_OF(type) \
{ \ { \
STACK stack; \ STACK stack; \
} STACK_OF(type); \ }; \
STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \
STACK_OF(type) *sk_##type##_new_null(void); \ STACK_OF(type) *sk_##type##_new_null(void); \
void sk_##type##_free(STACK_OF(type) *sk); \ void sk_##type##_free(STACK_OF(type) *sk); \
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册