New functions sk_set, sk_value and sk_num to replace existing macros: this is

to minimise the effects on existing code.

11 files changed, 61 insertions, 18 deletions

diff --git a/CHANGES b/CHANGES
index 97e9dcb..9f04291 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,18 @@
                                    [23-Dec-1998] down below; but in later
                                    versions, these hyphens are gone.]
 
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
   *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
      correctly handle encrypted S/MIME data.
      [Steve Henson]
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 190efc7..13544dd 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -69,7 +69,6 @@
 
 EVP_CIPHER *enc;
 
-#define _ITER_ 2048
 
 #define NOKEYS		0x1
 #define NOCERTS 	0x2
@@ -99,7 +98,7 @@ int MAIN(int argc, char **argv)
     int options = 0;
     int chain = 0;
     int badarg = 0;
-    int iter = _ITER_;
+    int iter = PKCS12_DEFAULT_ITER;
     int maciter = 1;
     int twopass = 0;
     int keytype = 0;
@@ -140,7 +139,8 @@ int MAIN(int argc, char **argv)
 #endif
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-noiter")) iter = 1;
-		else if (!strcmp (*args, "-maciter")) maciter = _ITER_;
+		else if (!strcmp (*args, "-maciter"))
+					 maciter = PKCS12_DEFAULT_ITER;
 		else if (!strcmp (*args, "-nodes")) enc=NULL;
 		else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index a60d58e..741bb57 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -97,7 +97,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK **skp, long argl, char *argp,
 			goto err;
 			}
 		}
-	sk_value(*skp,idx)=(char *)a;
+	sk_set(*skp,idx, (char *)a);
 	ret=idx;
 err:
 	MemCheck_on();
@@ -127,7 +127,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, char *val)
 			}
 		i++;
 		}
-	sk_value(ad->sk,idx)=val;
+	sk_set(ad->sk,idx,val);
 	return(1);
 	}
 
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 22edb0e..4da5e45 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -56,11 +56,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(),
 		MemCheck_on();
 		}
 	if (hash_func != NULL)
-		sk_value(names_hash,ret)=(char *)hash_func;
+		sk_set(names_hash,ret,(char *)hash_func);
 	if (cmp_func != NULL)
-		sk_value(names_cmp,ret)= (char *)cmp_func;
+		sk_set(names_cmp,ret,(char *)cmp_func);
 	if (free_func != NULL)
-		sk_value(names_free,ret)=(char *)free_func;
+		sk_set(names_free,ret,(char *)free_func);
 	return(ret);
 	}
 
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 96cecc6..56d88b0 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -77,7 +77,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	/* Set defaults */
 	if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
 	if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-	if(!iter) iter = 2048;
+	if(!iter) iter = PKCS12_DEFAULT_ITER;
 	if(!mac_iter) mac_iter = 1;
 
 	if(!pkey || !cert) {
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index 6a489a4..34ca002 100644
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -70,6 +70,11 @@ extern "C" {
 #define PKCS12_IV_ID	2
 #define PKCS12_MAC_ID	3
 
+/* Default iteration count */
+#ifndef PKCS12_DEFAULT_ITER
+#define PKCS12_DEFAULT_ITER	2048
+#endif
+
 #define PKCS12_MAC_KEY_LENGTH 20
 
 #define PKCS12_SALT_LEN	8
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 49e19fe..47855bd 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -823,8 +823,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
 	p7si->auth_attr=sk_dup(sk);
 	for (i=0; i<sk_num(sk); i++)
 		{
-		if ((sk_value(p7si->auth_attr,i)=(char *)X509_ATTRIBUTE_dup(
-			(X509_ATTRIBUTE *)sk_value(sk,i))) == NULL)
+		if ((sk_set(p7si->auth_attr,i,(char *)X509_ATTRIBUTE_dup(
+			(X509_ATTRIBUTE *)sk_value(sk,i)))) == NULL)
 			return(0);
 		}
 	return(1);
@@ -839,8 +839,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
 	p7si->unauth_attr=sk_dup(sk);
 	for (i=0; i<sk_num(sk); i++)
 		{
-		if ((sk_value(p7si->unauth_attr,i)=(char *)X509_ATTRIBUTE_dup(
-			(X509_ATTRIBUTE *)sk_value(sk,i))) == NULL)
+		if ((sk_set(p7si->unauth_attr,i,(char *)X509_ATTRIBUTE_dup(
+			(X509_ATTRIBUTE *)sk_value(sk,i)))) == NULL)
 			return(0);
 		}
 	return(1);
@@ -880,7 +880,7 @@ new_attrib:
 				{
 				X509_ATTRIBUTE_free(attr);
 				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-				sk_value(*sk,i)=(char *)attr;
+				sk_set(*sk,i,(char *)attr);
 				goto end;
 				}
 			}
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 3c9fdba..d0823c0 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -92,11 +92,11 @@ STACK_OF(type) *sk_##type##_new_null() \
 void sk_##type##_free(STACK_OF(type) *sk) \
     { sk_free((STACK *)sk); } \
 int sk_##type##_num(const STACK_OF(type) *sk) \
-    { return sk_num((const STACK *)sk); } \
+    { return M_sk_num((const STACK *)sk); } \
 type *sk_##type##_value(const STACK_OF(type) *sk,int n) \
     { return (type *)sk_value((STACK *)sk,n); } \
 type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \
-    { return (type *)(sk_value((STACK *)sk,n)=(char *)v); } \
+    { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \
 void sk_##type##_zero(STACK_OF(type) *sk) \
     { sk_zero((STACK *)sk); } \
 int sk_##type##_push(STACK_OF(type) *sk,type *v) \
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 5a15a24..f1165b3 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -284,3 +284,20 @@ void sk_free(STACK *st)
 	Free((char *)st);
 	}
 
+int sk_num(STACK *st)
+{
+	if(st == NULL) return -1;
+	return st->num;
+}
+
+char *sk_value(STACK *st, int i)
+{
+	if(st == NULL) return NULL;
+	return st->data[i];
+}
+
+char *sk_set(STACK *st, int i, char *value)
+{
+	if(st == NULL) return NULL;
+	return (st->data[i] = value);
+}
diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h
index 3629b0d..ec629d0 100644
--- a/crypto/stack/stack.h
+++ b/crypto/stack/stack.h
@@ -73,11 +73,17 @@ typedef struct stack_st
 	int (*comp)();
 	} STACK;
 
-#define sk_num(sk)		((sk)->num)
-#define sk_value(sk,n)		((sk)->data[n])
 
 #define sk_new_null()	sk_new(NULL)
 
+#define M_sk_num(sk)		((sk)->num)
+#define M_sk_value(sk,n)	((sk)->data[n])
+
+int sk_num(STACK *);
+char *sk_value(STACK *, int);
+
+char *sk_set(STACK *, int, char *);
+
 STACK *sk_new(int (*cmp)());
 void sk_free(STACK *);
 void sk_pop_free(STACK *st, void (*func)());
diff --git a/util/libeay.num b/util/libeay.num
index 7be174a..604295b 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1625,3 +1625,6 @@ EVP_CIPHER_type                         1649
 EVP_PBE_CipherInit                      1650
 X509V3_add_value_bool_nf                1651
 d2i_ASN1_UINTEGER                       1652
+sk_value                                1653
+sk_num                                  1654
+sk_set                                  1655