Typesafety Thought Police Part 2.

apps/pkcs12.c

@@ -80,7 +80,8 @@ EVP_CIPHER *enc;
 
 int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
+			  int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -360,7 +361,8 @@ int MAIN(int argc, char **argv)
 
     if (export_cert) {
 	EVP_PKEY *key;
-	STACK *bags, *safes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	STACK *safes;
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
@@ -405,7 +407,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	
-	bags = sk_new (NULL);
+	bags = sk_PKCS12_SAFEBAG_new (NULL);
 
 	/* Add any more certificates asked for */
 	if (certsin) {
@@ -445,7 +447,7 @@ int MAIN(int argc, char **argv)
 			PKCS12_add_localkeyid(bag, keyid, keyidlen);
 		} else if((catmp = sk_shift(canames))) 
 				PKCS12_add_friendlyname(bag, catmp, -1);
-		sk_push(bags, (char *)bag);
+		sk_PKCS12_SAFEBAG_push(bags, bag);
 	}
 	sk_X509_pop_free(certs, X509_free);
 	if (canames) sk_free(canames);
@@ -459,7 +461,7 @@ int MAIN(int argc, char **argv)
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
 	if (!authsafe) {
 		ERR_print_errors (bio_err);
@@ -477,11 +479,11 @@ int MAIN(int argc, char **argv)
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name) PKCS12_add_friendlyname (bag, name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
-	bags = sk_new(NULL);
-	sk_push (bags, (char *)bag);
+	bags = sk_PKCS12_SAFEBAG_new(NULL);
+	sk_PKCS12_SAFEBAG_push (bags, bag);
 	/* Turn it into unencrypted safe bag */
 	authsafe = PKCS12_pack_p7data (bags);
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	sk_push (safes, (char *)authsafe);
 
 	p12 = PKCS12_init (NID_pkcs7_data);
@@ -571,7 +573,8 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK *asafes, *bags;
+	STACK *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	PKCS7 *p7;
 	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
@@ -592,23 +595,25 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
-			sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
 			return 0;
 		}
-		sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
 	}
 	sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);
 	return 1;
 }
 
-int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
-	     int passlen, int options, char *pempass)
+int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+			   char *pass, int passlen, int options, char *pempass)
 {
 	int i;
-	for (i = 0; i < sk_num (bags); i++) {
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
 		if (!dump_certs_pkeys_bag (out,
-			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
-					 	options, pempass)) return 0;
+					   sk_PKCS12_SAFEBAG_value (bags, i),
+					   pass, passlen,
+					   options, pempass))
+		    return 0;
 	}
 	return 1;
 }

crypto/asn1/asn1.h

@@ -140,6 +140,8 @@ extern "C" {
 #define MBSTRING_UNIV		(MBSTRING_FLAG|3)
 #define MBSTRING_UTF8		(MBSTRING_FLAG|4)
 
+struct X509_algor_st;
+
 #define DECLARE_ASN1_SET_OF(type) \
 int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
 			   int (*func)(type *,unsigned char **), int ex_tag, \
@@ -149,7 +151,14 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
 				       type *(*func)(type **, \
 						     unsigned char **,long), \
 				       void (*free_func)(type *), \
-				       int ex_tag,int ex_class);
+				       int ex_tag,int ex_class); \
+unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
+				    int (*i2d)(type *,unsigned char **), \
+				    unsigned char **buf,int *len); \
+STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
+				       type *(*d2i)(type **,unsigned char **, \
+						    long), \
+				       void (*free_func)(type *));
 
 #define IMPLEMENT_ASN1_SET_OF(type) \
 int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
@@ -165,7 +174,17 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
     { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
 					    (char *(*)())func, \
 					    (void (*)())free_func, \
-					    ex_tag,ex_class); }
+					    ex_tag,ex_class); } \
+unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
+				    int (*i2d)(type *,unsigned char **), \
+				    unsigned char **buf,int *len) \
+    { return ASN1_seq_pack((STACK *)st,i2d,buf,len); } \
+STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
+				       type *(*d2i)(type **,unsigned char **, \
+						    long), \
+				       void (*free_func)(type *)) \
+    { return (STACK_OF(type) *)ASN1_seq_unpack(buf,len,(char *(*)())d2i, \
+					       (void(*)(void *))free_func); }
 
 typedef struct asn1_ctx_st
 	{
@@ -771,7 +790,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 						 void (*free_func)() ); 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-								 int *len );
+			     int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 

crypto/pkcs12/p12_add.c

@@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass,
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data (STACK *sk)
+PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)
 {
 	PKCS7 *p7;
 	if (!(p7 = PKCS7_new())) {
@@ -138,8 +138,9 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
 		return NULL;
 	}
 	
-	if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,
-					&p7->d.data->length)) {
+	if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,
+					  &p7->d.data->data,
+					  &p7->d.data->length)) {
 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
 		return NULL;
 	}
@@ -149,7 +150,8 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk)
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
 
 PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, STACK *bags)
+			      unsigned char *salt, int saltlen, int iter,
+			      STACK_OF(PKCS12_SAFEBAG) *bags)
 {
 	PKCS7 *p7;
 	X509_ALGOR *pbe;

crypto/pkcs12/p12_crt.c

@@ -65,7 +65,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	     int keytype)
 {
 	PKCS12 *p12;
-	STACK *bags, *safes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	STACK *safes;
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
@@ -85,7 +86,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 		return NULL;
 	}
 
-	if(!(bags = sk_new (NULL))) {
+	if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -96,7 +97,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
 	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
 
-	if(!sk_push(bags, (char *)bag)) {
+	if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -106,7 +107,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 		for(i = 0; i < sk_X509_num(ca); i++) {
 			tcert = sk_X509_value(ca, i);
 			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
-			if(!sk_push(bags, (char *)bag)) {
+			if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
 				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 				return NULL;
 			}
@@ -116,7 +117,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
 					  iter, bags);
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 
 	if (!authsafe) return NULL;
 
@@ -133,13 +134,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
 	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-	if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {
+	if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
+	   || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 	/* Turn it into unencrypted safe bag */
 	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	if(!sk_push(safes, (char *)authsafe)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;

crypto/pkcs12/p12_kiss.c

@@ -65,9 +65,10 @@
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
 
-static int parse_bags( STACK *bags, const char *pass, int passlen,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch);
 
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
@@ -146,7 +147,8 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
-	STACK *asafes, *bags;
+	STACK *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	PKCS7 *p7;
 	ASN1_OCTET_STRING *keyid = NULL;
@@ -166,11 +168,11 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 		}
 	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
 							 &keyid, &keymatch)) {
-			sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
 		}
-		sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 	}
 	sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 	if (keyid) M_ASN1_OCTET_STRING_free(keyid);
@@ -178,13 +180,14 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 }
 
 
-static int parse_bags (STACK *bags, const char *pass, int passlen,
-		       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		       ASN1_OCTET_STRING **keyid, char *keymatch)
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch)
 {
 	int i;
-	for (i = 0; i < sk_num(bags); i++) {
-		if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
 			 pass, passlen, pkey, cert, ca, keyid,
 							 keymatch)) return 0;
 	}

crypto/pkcs12/p12_npas.c

@@ -66,7 +66,8 @@
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 
@@ -104,12 +105,14 @@ return 1;
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 {
-	STACK *asafes, *newsafes, *bags;
+	STACK *asafes, *newsafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
 	PKCS7 *p7, *p7new;
 	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
+
 	if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
 	if(!(newsafes = sk_new(NULL))) return 0;
 	for (i = 0; i < sk_num (asafes); i++) {
@@ -127,7 +130,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 			return 0;
 		}
 	    	if (!newpass_bags(bags, oldpass, newpass)) {
-			sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
 		}
@@ -135,7 +138,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
 		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
 						 pbe_saltlen, pbe_iter, bags);
-		sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
 		if(!p7new) {
 			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);
 			return 0;
@@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 }
 
 
-static int newpass_bags(STACK *bags, char *oldpass,  char *newpass)
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass)
 {
 	int i;
-	for (i = 0; i < sk_num(bags); i++) {
-		if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i),
-						 oldpass, newpass)) return 0;
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+				 oldpass, newpass))
+		    return 0;
 	}
 	return 1;
 }

crypto/pkcs12/p12_sbag.c

@@ -81,8 +81,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_I2D_len_EXP_SEQUENCE_opt (a->value.safes,
-				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+			M_ASN1_I2D_len_EXP_SEQUENCE_opt_type
+			  (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+			   0, V_ASN1_SEQUENCE, v);
 		break;
 
 		case NID_certBag:
@@ -117,8 +118,9 @@ int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp)
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_I2D_put_EXP_SEQUENCE_opt (a->value.safes,
-				 i2d_PKCS12_SAFEBAG, 0, V_ASN1_SEQUENCE, v);
+			M_ASN1_I2D_put_EXP_SEQUENCE_opt_type
+			  (PKCS12_SAFEBAG, a->value.safes, i2d_PKCS12_SAFEBAG,
+			   0, V_ASN1_SEQUENCE, v);
 		break;
 
 		case NID_certBag:
@@ -175,9 +177,10 @@ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
 		break;
 
 		case NID_safeContentsBag:
-			M_ASN1_D2I_get_EXP_set_opt(ret->value.safes,
-				d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free,
-							 0, V_ASN1_SEQUENCE);
+			M_ASN1_D2I_get_EXP_set_opt_type
+			  (PKCS12_SAFEBAG, ret->value.safes,
+			   d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, 0,
+			   V_ASN1_SEQUENCE);
 		break;
 
 		case NID_certBag:
@@ -225,3 +228,7 @@ void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
 	sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
 	Free (a);
 }
+
+IMPLEMENT_STACK_OF(PKCS12_SAFEBAG)
+IMPLEMENT_ASN1_SET_OF(PKCS12_SAFEBAG)
+IMPLEMENT_PKCS12_STACK_OF(PKCS12_SAFEBAG)

crypto/pkcs12/pkcs12.h

@@ -66,6 +66,27 @@
 extern "C" {
 #endif
 
+#define DECLARE_PKCS12_STACK_OF(type) \
+STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
+				          type *(*d2i)(type **, \
+						       unsigned char **, \
+						       long), \
+					  void (*free_func)(type *), \
+					  const char *pass, int passlen, \
+					  ASN1_STRING *oct, int seq);
+
+#define IMPLEMENT_PKCS12_STACK_OF(type) \
+STACK_OF(type) *PKCS12_decrypt_d2i_##type(struct X509_algor_st *algor, \
+				          type *(*d2i)(type **, \
+						       unsigned char **, \
+						       long), \
+					  void (*free_func)(type *), \
+					  const char *pass, int passlen, \
+					  ASN1_STRING *oct, int seq) \
+    { return (STACK_OF(type) *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i, \
+						  (void(*)(void *))free_func, \
+						  pass,passlen,oct,seq); }
+
 #define PKCS12_KEY_ID	1
 #define PKCS12_IV_ID	2
 #define PKCS12_MAC_ID	3
@@ -108,19 +129,25 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;
 
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct {
 ASN1_OBJECT *type;
 union {
 	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
 	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
 	X509_SIG *shkeybag; /* shrouded key bag */
-	STACK /* PKCS12_SAFEBAG */ *safes;
+	STACK_OF(PKCS12_SAFEBAG) *safes;
 	ASN1_TYPE *other;
 }value;
 STACK_OF(X509_ATTRIBUTE) *attrib;
 ASN1_TYPE *rest;
 } PKCS12_SAFEBAG;
 
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct pkcs12_bag_st {
 ASN1_OBJECT *type;
 union {
@@ -157,8 +184,8 @@ PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag)
 (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/
 
 #define M_PKCS12_unpack_p7data(p7) \
-ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \
-			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
+ASN1_seq_unpack_PKCS12_SAFEBAG ((p7)->d.data->data, p7->d.data->length, \
+			        d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free)
 
 #define M_PKCS12_pack_authsafes(p12, safes) \
 ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\
@@ -170,10 +197,10 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \
 							PKCS7_free)
 
 #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \
-(STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\
-			 (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
-							(pass), (passlen), \
-			(p7)->d.encrypted->enc_data->enc_data, 3)
+PKCS12_decrypt_d2i_PKCS12_SAFEBAG ((p7)->d.encrypted->enc_data->algorithm,\
+			           d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \
+				   (pass), (passlen), \
+			           (p7)->d.encrypted->enc_data->enc_data, 3)
 
 #define M_PKCS12_decrypt_skey(bag, pass, passlen) \
 (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \
@@ -205,10 +232,10 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
 				     int passlen, unsigned char *salt,
 				     int saltlen, int iter,
 				     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK *sk);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 			     unsigned char *salt, int saltlen, int iter,
-			     STACK *bags);
+			     STACK_OF(PKCS12_SAFEBAG) *bags);
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
 				int namelen);

crypto/stack/safestack.h

@@ -57,13 +57,14 @@
 
 #include <openssl/stack.h>
 
-#define STACK_OF(type)	STACK_##type
+#define STACK_OF(type) struct stack_st_##type
+#define PREDECLARE_STACK_OF(type) STACK_OF(type);
 
 #define DECLARE_STACK_OF(type) \
-typedef struct stack_st_##type	\
+STACK_OF(type) \
     { \
     STACK stack; \
-    } STACK_OF(type); \
+    }; \
 STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \
 STACK_OF(type) *sk_##type##_new_null(void); \
 void sk_##type##_free(STACK_OF(type) *sk); \