Fix safestack issues in ess.h

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-03 16:01:51 +01:00 · 2020-09-03 16:01:51 +01:00 · 1e14bca233
parent 0b28254015
commit 1e14bca233
6 changed files with 17 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -29,6 +29,7 @@
 /include/openssl/configuration.h
 /include/openssl/crmf.h
 /include/openssl/ct.h
+/include/openssl/ess.h
 /include/openssl/fipskey.h
 /include/openssl/ocsp.h
 /include/openssl/opensslv.h
--- a/build.info
+++ b/build.info
@ -20,6 +20,7 @@ DEPEND[]=include/openssl/asn1.h \
         include/openssl/configuration.h \
         include/openssl/crmf.h \
         include/openssl/ct.h \
+         include/openssl/ess.h \
         include/openssl/fipskey.h \
         include/openssl/opensslv.h \
         include/openssl/ocsp.h \
@ -40,6 +41,7 @@ GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
 GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
+GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@ -20,9 +20,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"

-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)

 /* ESS services */
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@ -14,9 +14,6 @@
 #include "crypto/ess.h"
 #include "crypto/x509.h"

-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
                                               X509 *cert, int issuer_needed);
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@ -15,9 +15,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"

-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                          X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
--- a/include/openssl/ess.h.in
+++ b/include/openssl/ess.h.in
@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -7,6 +9,10 @@
 * https://www.openssl.org/source/license.html
 */

+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ESS_H
 # define OPENSSL_ESS_H

@ -24,12 +30,18 @@ typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
 typedef struct ESS_cert_id ESS_CERT_ID;
 typedef struct ESS_signing_cert ESS_SIGNING_CERT;

-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID)
+{-
+    generate_stack_macros("ESS_CERT_ID");
+-}
+

 typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;

-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2)
+{-
+    generate_stack_macros("ESS_CERT_ID_V2");
+-}
+

 DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)