Typesafety Thought Police Part 2.

int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);

int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);

int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);

int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,

			  int passlen, int options, char *pempass);

int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);

int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);

void hex_prin(BIO *out, unsigned char *buf, int len);

    if (export_cert) {

	EVP_PKEY *key;

	STACK *bags, *safes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	STACK *safes;

	PKCS12_SAFEBAG *bag;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS7 *authsafe;

		goto end;

	}

	bags = sk_new (NULL);

	bags = sk_PKCS12_SAFEBAG_new (NULL);

	/* Add any more certificates asked for */

	if (certsin) {

			PKCS12_add_localkeyid(bag, keyid, keyidlen);

		} else if((catmp = sk_shift(canames))) 

				PKCS12_add_friendlyname(bag, catmp, -1);

		sk_push(bags, (char *)bag);

		sk_PKCS12_SAFEBAG_push(bags, bag);

	}

	sk_X509_pop_free(certs, X509_free);

	if (canames) sk_free(canames);

	/* Turn certbags into encrypted authsafe */

	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,

								 iter, bags);

	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	if (!authsafe) {

		ERR_print_errors (bio_err);

	PKCS8_PRIV_KEY_INFO_free(p8);

        if (name) PKCS12_add_friendlyname (bag, name, -1);

	PKCS12_add_localkeyid (bag, keyid, keyidlen);

	bags = sk_new(NULL);

	sk_push (bags, (char *)bag);

	bags = sk_PKCS12_SAFEBAG_new(NULL);

	sk_PKCS12_SAFEBAG_push (bags, bag);

	/* Turn it into unencrypted safe bag */

	authsafe = PKCS12_pack_p7data (bags);

	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	sk_push (safes, (char *)authsafe);

	p12 = PKCS12_init (NID_pkcs7_data);

int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,

	     int passlen, int options, char *pempass)

{

	STACK *asafes, *bags;

	STACK *asafes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	int i, bagnid;

	PKCS7 *p7;

	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;

		if (!bags) return 0;

	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 

						 options, pempass)) {

			sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);

			return 0;

		}

		sk_pop_free (bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);

	}

	sk_pop_free (asafes, (void(*)(void *)) PKCS7_free);

	return 1;

}

int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,

	     int passlen, int options, char *pempass)

int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,

			   char *pass, int passlen, int options, char *pempass)

{

	int i;

	for (i = 0; i < sk_num (bags); i++) {

	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {

		if (!dump_certs_pkeys_bag (out,

			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,

					 	options, pempass)) return 0;

					   sk_PKCS12_SAFEBAG_value (bags, i),

					   pass, passlen,

					   options, pempass))

		    return 0;

	}

	return 1;

}

#define MBSTRING_UNIV		(MBSTRING_FLAG|3)

#define MBSTRING_UTF8		(MBSTRING_FLAG|4)

struct X509_algor_st;

#define DECLARE_ASN1_SET_OF(type) \

int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \

			   int (*func)(type *,unsigned char **), int ex_tag, \

				       type *(*func)(type **, \

						     unsigned char **,long), \

				       void (*free_func)(type *), \

				       int ex_tag,int ex_class);

				       int ex_tag,int ex_class); \

unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \

				    int (*i2d)(type *,unsigned char **), \

				    unsigned char **buf,int *len); \

STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \

				       type *(*d2i)(type **,unsigned char **, \

						    long), \

				       void (*free_func)(type *));

#define IMPLEMENT_ASN1_SET_OF(type) \

int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \

    { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \

					    (char *(*)())func, \

					    (void (*)())free_func, \

					    ex_tag,ex_class); }

					    ex_tag,ex_class); } \

unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \

				    int (*i2d)(type *,unsigned char **), \

				    unsigned char **buf,int *len) \

    { return ASN1_seq_pack((STACK *)st,i2d,buf,len); } \

STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \

				       type *(*d2i)(type **,unsigned char **, \

						    long), \

				       void (*free_func)(type *)) \

    { return (STACK_OF(type) *)ASN1_seq_unpack(buf,len,(char *(*)())d2i, \

					       (void(*)(void *))free_func); }

typedef struct asn1_ctx_st

	{

}

/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */

PKCS7 *PKCS12_pack_p7data (STACK *sk)

PKCS7 *PKCS12_pack_p7data (STACK_OF(PKCS12_SAFEBAG) *sk)

{

	PKCS7 *p7;

	if (!(p7 = PKCS7_new())) {

		return NULL;

	}

	if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data,

	if (!ASN1_seq_pack_PKCS12_SAFEBAG(sk, i2d_PKCS12_SAFEBAG,

					  &p7->d.data->data,

					  &p7->d.data->length)) {

		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);

		return NULL;

/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */

PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen,

	     unsigned char *salt, int saltlen, int iter, STACK *bags)

			      unsigned char *salt, int saltlen, int iter,

			      STACK_OF(PKCS12_SAFEBAG) *bags)

{

	PKCS7 *p7;

	X509_ALGOR *pbe;

	     int keytype)

{

	PKCS12 *p12;

	STACK *bags, *safes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	STACK *safes;

	PKCS12_SAFEBAG *bag;

	PKCS8_PRIV_KEY_INFO *p8;

	PKCS7 *authsafe;

		return NULL;

	}

	if(!(bags = sk_new (NULL))) {

	if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

	}

	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);

	if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;

	if(!sk_push(bags, (char *)bag)) {

	if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

	}

		for(i = 0; i < sk_X509_num(ca); i++) {

			tcert = sk_X509_value(ca, i);

			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;

			if(!sk_push(bags, (char *)bag)) {

			if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {

				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

				return NULL;

			}

	/* Turn certbags into encrypted authsafe */

	authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,

					  iter, bags);

	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	if (!authsafe) return NULL;

	PKCS8_PRIV_KEY_INFO_free(p8);

        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;

	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;

	if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) {

	if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))

	   || !sk_PKCS12_SAFEBAG_push (bags, bag)) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

	}

	/* Turn it into unencrypted safe bag */

	if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;

	sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	if(!sk_push(safes, (char *)authsafe)) {

		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

		return NULL;

static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,

		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);

static int parse_bags( STACK *bags, const char *pass, int passlen,

		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,

		ASN1_OCTET_STRING **keyid, char *keymatch);

static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,

		       int passlen, EVP_PKEY **pkey, X509 **cert,

		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,

		       char *keymatch);

static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,

			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,

static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,

	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)

{

	STACK *asafes, *bags;

	STACK *asafes;

	STACK_OF(PKCS12_SAFEBAG) *bags;

	int i, bagnid;

	PKCS7 *p7;

	ASN1_OCTET_STRING *keyid = NULL;

		}

	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,

							 &keyid, &keymatch)) {

			sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

			sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);

			return 0;

		}

		sk_pop_free(bags, (void(*)(void *)) PKCS12_SAFEBAG_free);

		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

	}

	sk_pop_free(asafes, (void(*)(void *)) PKCS7_free);

	if (keyid) M_ASN1_OCTET_STRING_free(keyid);

}

static int parse_bags (STACK *bags, const char *pass, int passlen,

		       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,

		       ASN1_OCTET_STRING **keyid, char *keymatch)

static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,

		       int passlen, EVP_PKEY **pkey, X509 **cert,

		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,

		       char *keymatch)

{

	int i;

	for (i = 0; i < sk_num(bags); i++) {

		if (!parse_bag((PKCS12_SAFEBAG *)sk_value (bags, i),

	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {

		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),

			 pass, passlen, pkey, cert, ca, keyid,

							 keymatch)) return 0;

	}