Another safe stack.

7 files changed, 69 insertions, 54 deletions

diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index 0497805590..f0ab1e9069 100644
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -154,6 +154,10 @@ err:\
 		M_ASN1_D2I_get_imp_set(r,func,free_func, \
 			V_ASN1_SET,V_ASN1_UNIVERSAL);
 
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
 #define M_ASN1_D2I_get_set_opt(r,func,free_func) \
 	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
 		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index c26c1ce01a..5df74b9f45 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -113,7 +113,7 @@ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
 static int i2d_X509_NAME_entries(X509_NAME *a)
 	{
 	X509_NAME_ENTRY *ne,*fe=NULL;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 	BUF_MEM *buf=NULL;
 	int set=0,r,ret=0;
 	int i;
@@ -121,9 +121,9 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 	int size=0;
 
 	sk=a->entries;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+		ne=sk_X509_NAME_ENTRY_value(sk,i);
 		if (fe == NULL)
 			{
 			fe=ne;
@@ -154,9 +154,9 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
 	set= -1;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+		ne=sk_X509_NAME_ENTRY_value(sk,i);
 		if (set != ne->set)
 			{
 			set=ne->set;
@@ -179,11 +179,11 @@ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
 	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
 
 	orig= *pp;
-	if (sk_num(ret->entries) > 0)
+	if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
 		{
-		while (sk_num(ret->entries) > 0)
-			X509_NAME_ENTRY_free((X509_NAME_ENTRY *)
-				sk_pop(ret->entries));
+		while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
+			X509_NAME_ENTRY_free(
+				       sk_X509_NAME_ENTRY_pop(ret->entries));
 		}
 
 	M_ASN1_D2I_Init();
@@ -191,12 +191,12 @@ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
 	for (;;)
 		{
 		if (M_ASN1_D2I_end_sequence()) break;
-		M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY,
-			X509_NAME_ENTRY_free);
-		for (; idx < sk_num(ret->entries); idx++)
+		M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
+					d2i_X509_NAME_ENTRY,
+					X509_NAME_ENTRY_free);
+		for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
 			{
-			((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set=
-				set;
+			sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
 			}
 		set++;
 		}
@@ -216,7 +216,7 @@ X509_NAME *X509_NAME_new(void)
 	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_NAME);
-	if ((ret->entries=sk_new(NULL)) == NULL)
+	if ((ret->entries=sk_X509_NAME_ENTRY_new(NULL)) == NULL)
 		{ c.line=__LINE__; goto err2; }
 	M_ASN1_New(ret->bytes,BUF_MEM_new);
 	ret->modified=1;
@@ -244,8 +244,8 @@ void X509_NAME_free(X509_NAME *a)
 	    return;
 
 	BUF_MEM_free(a->bytes);
-	sk_pop_free(a->entries,X509_NAME_ENTRY_free);
-	Free((char *)a);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	Free(a);
 	}
 
 void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
@@ -253,7 +253,7 @@ void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->object);
 	ASN1_BIT_STRING_free(a->value);
-	Free((char *)a);
+	Free(a);
 	}
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
@@ -274,3 +274,5 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	return(*xn != NULL);
 	}
 	
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 3fed5f1735..37f68b9633 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -73,8 +73,9 @@ type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \
 void sk_##type##_zero(STACK_OF(type) *sk); \
 int sk_##type##_push(STACK_OF(type) *sk,type *v); \
 int sk_##type##_find(STACK_OF(type) *sk,type *v); \
-void sk_##type##_delete(STACK_OF(type) *sk,int n); \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n); \
 void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \
 void sk_##type##_set_cmp_func(STACK_OF(type) *sk,int (*cmp)(type **,type **)); \
 STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \
 void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \
@@ -100,10 +101,12 @@ int sk_##type##_push(STACK_OF(type) *sk,type *v) \
     { return sk_push((STACK *)sk,(char *)v); } \
 int sk_##type##_find(STACK_OF(type) *sk,type *v) \
     { return sk_find((STACK *)sk,(char *)v); } \
-void sk_##type##_delete(STACK_OF(type) *sk,int n) \
-    { sk_delete((STACK *)sk,n); } \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n) \
+    { return (type *)sk_delete((STACK *)sk,n); } \
 void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \
     { sk_delete_ptr((STACK *)sk,(char *)v); } \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \
+    { return sk_insert((STACK *)sk,(char *)v,n); } \
 void sk_##type##_set_cmp_func(STACK_OF(type) *sk,int (*cmp)(type **,type **)) \
     { sk_set_cmp_func((STACK *)sk,cmp); } \
 STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 7c3ab2fedb..df04cfed01 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -136,10 +136,13 @@ typedef struct X509_name_entry_st
 	int size; 	/* temp variable */
 	} X509_NAME_ENTRY;
 
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
 /* we always keep X509_NAMEs in 2 forms. */
 typedef struct X509_name_st
 	{
-	STACK *entries; /* of X509_NAME_ENTRY */
+	STACK_OF(X509_NAME_ENTRY) *entries;
 	int modified;	/* true if 'bytes' needs to be built */
 #ifdef HEADER_BUFFER_H
 	BUF_MEM *bytes;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 7063fee2a4..9a93bae3ff 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -143,12 +143,14 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
 	int i,j;
 	X509_NAME_ENTRY *na,*nb;
 
-	if (sk_num(a->entries) != sk_num(b->entries))
-		return(sk_num(a->entries)-sk_num(b->entries));
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	if (sk_X509_NAME_ENTRY_num(a->entries)
+	    != sk_X509_NAME_ENTRY_num(b->entries))
+		return sk_X509_NAME_ENTRY_num(a->entries)
+		  -sk_X509_NAME_ENTRY_num(b->entries);
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=na->value->length-nb->value->length;
 		if (j) return(j);
 		j=memcmp(na->value->data,nb->value->data,
@@ -161,10 +163,10 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
 	/* We will check the object types after checking the values
 	 * since the values will more often be different than the object
 	 * types. */
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=OBJ_cmp(na->object,nb->object);
 		if (j) return(j);
 		}
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 188457872a..b2a33a42b9 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -96,9 +96,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 
 	len--; /* space for '\0' */
 	l=0;
-	for (i=0; (int)i<sk_num(a->entries); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
 		n=OBJ_obj2nid(ne->object);
 		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
 			{
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index d5172a9b03..2a422be350 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -92,7 +92,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
 int X509_NAME_entry_count(X509_NAME *name)
 	{
 	if (name == NULL) return(0);
-	return(sk_num(name->entries));
+	return(sk_X509_NAME_ENTRY_num(name->entries));
 	}
 
 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
@@ -110,16 +110,16 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
 	{
 	int n;
 	X509_NAME_ENTRY *ne;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(-1);
 	if (lastpos < 0)
 		lastpos= -1;
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	for (lastpos++; lastpos < n; lastpos++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
+		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
 		if (OBJ_cmp(ne->object,obj) == 0)
 			return(lastpos);
 		}
@@ -128,32 +128,34 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
 
 X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
 	{
-	if (	(name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	   || loc < 0)
 		return(NULL);
 	else
-		return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
+		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
 	}
 
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 	{
 	X509_NAME_ENTRY *ret;
 	int i,n,set_prev,set_next;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
-	if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	    || loc < 0)
 		return(NULL);
 	sk=name->entries;
-	ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
-	n=sk_num(sk);
+	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	name->modified=1;
 	if (loc == n) return(ret);
 
 	/* else we need to fixup the set field */
 	if (loc != 0)
-		set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
 	else
 		set_prev=ret->set-1;
-	set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 
 	/* set_prev is the previous set
 	 * set is the current set
@@ -165,7 +167,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 	 * re-number down by 1 */
 	if (set_prev+1 < set_next)
 		for (i=loc; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,i))->set--;
+			sk_X509_NAME_ENTRY_value(sk,i)->set--;
 	return(ret);
 	}
 
@@ -176,11 +178,11 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
 	{
 	X509_NAME_ENTRY *new_name=NULL;
 	int n,i,inc;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(0);
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	if (loc > n) loc=n;
 	else if (loc < 0) loc=n;
 
@@ -195,7 +197,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
 			}
 		else
 			{
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
 			inc=0;
 			}
 		}
@@ -204,29 +206,28 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
 		if (loc >= n)
 			{
 			if (loc != 0)
-				set=((X509_NAME_ENTRY *)
-					sk_value(sk,loc-1))->set+1;
+				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
 			else
 				set=0;
 			}
 		else
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 		inc=(set == 0)?1:0;
 		}
 
 	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
 		goto err;
 	new_name->set=set;
-	if (!sk_insert(sk,(char *)new_name,loc))
+	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
 		{
 		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	if (inc)
 		{
-		n=sk_num(sk);
+		n=sk_X509_NAME_ENTRY_num(sk);
 		for (i=loc+1; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
+			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
 		}	
 	return(1);
 err: