Fix safestack issues in x509v3.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

.gitignore

@@ -27,6 +27,7 @@
 /include/openssl/fipskey.h
 /include/openssl/ssl.h
 /include/openssl/x509.h
+/include/openssl/x509v3.h
 
 # Auto generated doc files
 doc/man1/openssl-*.pod

apps/cms.c

@@ -24,8 +24,6 @@
 # include <openssl/cms.h>
 
 DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_NAMES)
 DEFINE_STACK_OF_STRING()
 
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);

apps/lib/apps.c

@@ -63,9 +63,6 @@ static int WIN32_rename(const char *from, const char *to);
 
 DEFINE_STACK_OF(CONF)
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_POLICY_NODE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
 DEFINE_STACK_OF_STRING()
 
 typedef struct {

build.info

@@ -17,6 +17,7 @@ DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \
          include/openssl/fipskey.h \
          include/openssl/ssl.h \
          include/openssl/x509.h \
+         include/openssl/x509v3.h \
          include/crypto/bn_conf.h include/crypto/dso_conf.h \
          doc/man7/openssl_user_macros.pod
 
@@ -25,6 +26,7 @@ GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ssl.h]=include/openssl/ssl.h.in
 GENERATE[include/openssl/x509.h]=include/openssl/x509.h.in
+GENERATE[include/openssl/x509v3.h]=include/openssl/x509v3.h.in
 GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
 GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
 GENERATE[doc/man7/openssl_user_macros.pod]=doc/man7/openssl_user_macros.pod.in

crypto/cmp/cmp_ctx.c

@@ -21,9 +21,7 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(POLICYINFO)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
 
 /*

crypto/cmp/cmp_msg.c

@@ -23,7 +23,6 @@
 
 DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
 DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)

crypto/cms/cms_ess.c

@@ -20,7 +20,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAMES)
 DEFINE_STACK_OF(CMS_SignerInfo)
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)

crypto/ess/ess_lib.c

@@ -16,7 +16,6 @@
 
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)
-DEFINE_STACK_OF(GENERAL_NAME)
 
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,

crypto/ocsp/ocsp_ext.c

@@ -17,7 +17,6 @@
 #include <openssl/x509v3.h>
 
 DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
 
 /* Standard wrapper functions for extensions */
 

crypto/ocsp/v3_ocsp.c

@@ -16,8 +16,6 @@
 # include <openssl/x509v3.h>
 # include "../x509/ext_dat.h"
 
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-
 /*
  * OCSP extensions and a couple of CRL entry extensions
  */

crypto/ts/ts_rsp_verify.c

@@ -19,7 +19,6 @@ DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
 
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);

crypto/x509/pcy_cache.c

@@ -14,8 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(POLICYINFO)
-
 static int policy_data_cmp(const X509_POLICY_DATA *const *a,
                            const X509_POLICY_DATA *const *b);
 static int policy_cache_set_int(long *out, ASN1_INTEGER *value);

crypto/x509/pcy_data.c

@@ -14,7 +14,6 @@
 #include "pcy_local.h"
 
 DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(POLICYQUALINFO)
 
 /* Policy Node routines */
 

crypto/x509/pcy_lib.c

@@ -13,8 +13,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(X509_POLICY_NODE)
-
 /* accessor functions */
 
 /* X509_POLICY_TREE stuff */

crypto/x509/pcy_map.c

@@ -14,7 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(POLICY_MAPPING)
 DEFINE_STACK_OF(ASN1_OBJECT)
 
 /*

crypto/x509/pcy_node.c

@@ -14,7 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(X509_POLICY_NODE)
 DEFINE_STACK_OF(ASN1_OBJECT)
 
 static int node_cmp(const X509_POLICY_NODE *const *a,

crypto/x509/pcy_tree.c

@@ -15,7 +15,6 @@
 #include "pcy_local.h"
 
 DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509_POLICY_NODE)
 
 static void expected_print(BIO *channel,
                            X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,

crypto/x509/v3_addr.c

@@ -26,8 +26,6 @@
 
 #ifndef OPENSSL_NO_RFC3779
 
-DEFINE_STACK_OF(IPAddressOrRange)
-DEFINE_STACK_OF(IPAddressFamily)
 DEFINE_STACK_OF(CONF_VALUE)
 
 /*

crypto/x509/v3_admis.c

@@ -20,9 +20,6 @@
 #include "v3_admis.h"
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(ADMISSIONS)
-DEFINE_STACK_OF(PROFESSION_INFO)
-DEFINE_STACK_OF(ASN1_STRING)
 DEFINE_STACK_OF(ASN1_OBJECT)
 
 ASN1_SEQUENCE(NAMING_AUTHORITY) = {

crypto/x509/v3_akey.c

@@ -16,7 +16,6 @@
 #include "ext_dat.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                  AUTHORITY_KEYID *akeyid,

crypto/x509/v3_alt.c

@@ -15,7 +15,6 @@
 #include "ext_dat.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
 
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,

crypto/x509/v3_asid.c

@@ -56,7 +56,6 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
 
-DEFINE_STACK_OF(ASIdOrRange)
 DEFINE_STACK_OF(CONF_VALUE)
 
 /*

crypto/x509/v3_cpols.c

@@ -19,8 +19,6 @@
 #include "ext_dat.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(POLICYINFO)
-DEFINE_STACK_OF(POLICYQUALINFO)
 DEFINE_STACK_OF(ASN1_INTEGER)
 
 /* Certificate policies extension support: this one is a bit complex... */

crypto/x509/v3_crld.c

@@ -19,8 +19,6 @@
 #include "x509_local.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
 
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);

crypto/x509/v3_info.c

@@ -15,7 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
 DEFINE_STACK_OF(CONF_VALUE)
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD

crypto/x509/v3_lib.c

@@ -16,8 +16,6 @@
 
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(X509V3_EXT_METHOD)
-
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
 static int ext_cmp(const X509V3_EXT_METHOD *const *a,

crypto/x509/v3_ncons.c

@@ -21,8 +21,6 @@
 #include "ext_dat.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_SUBTREE)
 
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,

crypto/x509/v3_pmaps.c

@@ -14,7 +14,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(POLICY_MAPPING)
 DEFINE_STACK_OF(CONF_VALUE)
 
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,

crypto/x509/v3_purp.c

@@ -16,9 +16,6 @@
 #include "internal/tsan_assist.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF(X509_PURPOSE)
 DEFINE_STACK_OF(ASN1_OBJECT)
 
 static int check_ssl_ca(const X509 *x);

crypto/x509/v3_sxnet.c

@@ -15,7 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(SXNETID)
 DEFINE_STACK_OF(CONF_VALUE)
 
 /* Support for Thawte strong extranet extension */

crypto/x509/v3_utl.c

@@ -22,8 +22,6 @@
 #include "x509_local.h"
 
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
 DEFINE_STACK_OF_STRING()
 
 static char *strip_spaces(char *name);

crypto/x509/x509_vfy.c

@@ -25,8 +25,6 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
 DEFINE_STACK_OF_STRING()
 
 /* CRL score values */

crypto/x509/x_crl.c

@@ -15,9 +15,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_NAMES)
-
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b);
 static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);

crypto/x509/x_x509.c

@@ -15,10 +15,6 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
 
-#ifndef OPENSSL_NO_RFC3779
-DEFINE_STACK_OF(IPAddressFamily)
-#endif
-
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
         ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),

include/openssl/x509.h.in

@@ -11,7 +11,7 @@
  */
 
 {-
-use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros);
+use OpenSSL::stackhash qw(generate_stack_macros);
 -}
 
 #ifndef OPENSSL_X509_H

include/openssl/x509v3.h.in

@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_X509V3_H
 # define OPENSSL_X509V3_H
 # pragma once
@@ -97,7 +103,9 @@ struct v3_ext_ctx {
 
 typedef struct v3_ext_method X509V3_EXT_METHOD;
 
-DEFINE_OR_DECLARE_STACK_OF(X509V3_EXT_METHOD)
+{-
+    generate_stack_macros("X509V3_EXT_METHOD");
+-}
 
 /* ext_flags values */
 # define X509V3_EXT_DYNAMIC      0x1
@@ -163,15 +171,19 @@ typedef struct ACCESS_DESCRIPTION_st {
     GENERAL_NAME *location;
 } ACCESS_DESCRIPTION;
 
-DEFINE_OR_DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAME)
+{-
+    generate_stack_macros("ACCESS_DESCRIPTION")
+    .generate_stack_macros("GENERAL_NAME");
+-}
 
 typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
 typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
 
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAMES)
+{-
+    generate_stack_macros("GENERAL_NAMES");
+-}
 
 typedef struct DIST_POINT_NAME_st {
     int type;
@@ -204,7 +216,9 @@ struct DIST_POINT_st {
     int dp_reasons;
 };
 
-DEFINE_OR_DECLARE_STACK_OF(DIST_POINT)
+{-
+    generate_stack_macros("DIST_POINT");
+-}
 
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 
@@ -221,7 +235,10 @@ typedef struct SXNET_ID_st {
     ASN1_OCTET_STRING *user;
 } SXNETID;
 
-DEFINE_OR_DECLARE_STACK_OF(SXNETID)
+{-
+    generate_stack_macros("SXNETID");
+-}
+
 
 typedef struct SXNET_st {
     ASN1_INTEGER *version;
@@ -254,14 +271,19 @@ typedef struct POLICYQUALINFO_st {
     } d;
 } POLICYQUALINFO;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICYQUALINFO)
+{-
+    generate_stack_macros("POLICYQUALINFO");
+-}
+
 
 typedef struct POLICYINFO_st {
     ASN1_OBJECT *policyid;
     STACK_OF(POLICYQUALINFO) *qualifiers;
 } POLICYINFO;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICYINFO)
+{-
+    generate_stack_macros("POLICYINFO");
+-}
 
 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 
@@ -270,7 +292,9 @@ typedef struct POLICY_MAPPING_st {
     ASN1_OBJECT *subjectDomainPolicy;
 } POLICY_MAPPING;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICY_MAPPING)
+{-
+    generate_stack_macros("POLICY_MAPPING");
+-}
 
 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
 
@@ -280,7 +304,9 @@ typedef struct GENERAL_SUBTREE_st {
     ASN1_INTEGER *maximum;
 } GENERAL_SUBTREE;
 
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_SUBTREE)
+{-
+    generate_stack_macros("GENERAL_SUBTREE");
+-}
 
 struct NAME_CONSTRAINTS_st {
     STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
@@ -423,7 +449,10 @@ typedef struct x509_purpose_st {
     void *usr_data;
 } X509_PURPOSE;
 
-DEFINE_OR_DECLARE_STACK_OF(X509_PURPOSE)
+{-
+    generate_stack_macros("X509_PURPOSE");
+-}
+
 
 # define X509_PURPOSE_SSL_CLIENT         1
 # define X509_PURPOSE_SSL_SERVER         2
@@ -735,7 +764,10 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype);
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DEFINE_OR_DECLARE_STACK_OF(X509_POLICY_NODE)
+{-
+    generate_stack_macros("X509_POLICY_NODE");
+-}
+
 
 #ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
@@ -753,7 +785,9 @@ typedef struct ASIdOrRange_st {
     } u;
 } ASIdOrRange;
 
-DEFINE_OR_DECLARE_STACK_OF(ASIdOrRange)
+{-
+    generate_stack_macros("ASIdOrRange");
+-}
 
 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
 
@@ -792,7 +826,9 @@ typedef struct IPAddressOrRange_st {
     } u;
 } IPAddressOrRange;
 
-DEFINE_OR_DECLARE_STACK_OF(IPAddressOrRange)
+{-
+    generate_stack_macros("IPAddressOrRange");
+-}
 
 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
 
@@ -812,7 +848,10 @@ typedef struct IPAddressFamily_st {
     IPAddressChoice *ipAddressChoice;
 } IPAddressFamily;
 
-DEFINE_OR_DECLARE_STACK_OF(IPAddressFamily)
+{-
+    generate_stack_macros("IPAddressFamily");
+-}
+
 
 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
 
@@ -886,7 +925,9 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 
 #endif                         /* OPENSSL_NO_RFC3779 */
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING)
+{-
+    generate_stack_macros("ASN1_STRING");
+-}
 
 /*
  * Admission Syntax
@@ -899,8 +940,10 @@ DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
 DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
 DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
 DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
-DEFINE_OR_DECLARE_STACK_OF(PROFESSION_INFO)
-DEFINE_OR_DECLARE_STACK_OF(ADMISSIONS)
+{-
+    generate_stack_macros("PROFESSION_INFO")
+    .generate_stack_macros("ADMISSIONS");
+-}
 typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
 
 const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(

test/cmp_ctx_test.c

@@ -15,7 +15,6 @@
 
 DEFINE_STACK_OF(ASN1_UTF8STRING)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(POLICYINFO)
 
 typedef struct test_fixture {
     const char *test_case_name;

test/v3nametest.c

@@ -19,8 +19,6 @@
 # define strcasecmp _stricmp
 #endif
 
-DEFINE_STACK_OF(GENERAL_NAME)
-
 static const char *const names[] = {
     "a", "b", ".", "*", "@",
     ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",