Fix safestack issues in cmp.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

.gitignore

@@ -23,6 +23,7 @@
 /crypto/buildinf.h
 /include/crypto/*_conf.h
 /include/openssl/asn1.h
+/include/openssl/cmp.h
 /include/openssl/configuration.h
 /include/openssl/fipskey.h
 /include/openssl/opensslv.h

apps/cmp.c

@@ -42,8 +42,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static char *opt_config = NULL;
 #define CMP_SECTION "cmp"
 #define SECTION_NAME_MAX 40 /* max length of section name */

apps/cmp_mock_srv.c

@@ -14,8 +14,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 #include <openssl/cmperr.h>
-
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
  
 /* the context for the CMP mock server */
 typedef struct

build.info

@@ -14,6 +14,7 @@ DEPEND[libssl]=libcrypto
 # Empty DEPEND "indices" means the dependencies are expected to be built
 # unconditionally before anything else.
 DEPEND[]=include/openssl/asn1.h \
+         include/openssl/cmp.h \
          include/openssl/configuration.h \
          include/openssl/fipskey.h \
          include/openssl/opensslv.h \
@@ -26,6 +27,7 @@ DEPEND[]=include/openssl/asn1.h \
 
 GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
+GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
 GENERATE[include/openssl/safestack.h]=include/openssl/safestack.h.in

crypto/cmp/cmp_asn.c

@@ -17,8 +17,6 @@
 #include <openssl/cmp.h>
 #include <openssl/crmf.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /* ASN.1 declarations from RFC4210 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */

crypto/cmp/cmp_client.c

@@ -21,8 +21,6 @@
 
 #include "openssl/cmp_util.h"
 
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_CERTID)
 
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \

crypto/cmp/cmp_ctx.c

@@ -21,8 +21,6 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /*
  * Get current certificate store containing trusted root CA certs
  */

crypto/cmp/cmp_hdr.c

@@ -20,8 +20,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {
     if (!ossl_assert(hdr != NULL))

crypto/cmp/cmp_msg.c

@@ -21,11 +21,7 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h" /* for x509_set0_libctx() */
 
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
 DEFINE_STACK_OF(OSSL_CRMF_CERTID)
 
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)

crypto/cmp/cmp_server.c

@@ -20,8 +20,6 @@
 #include <openssl/err.h>
 
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
 
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st

fuzz/cmp.c

@@ -18,8 +18,6 @@
 #include "fuzzer.h"
 #include "rand.inc"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int FuzzerInitialize(int *argc, char ***argv)
 {
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

include/openssl/cmp.h.in

@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
@@ -9,6 +11,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CMP_H
 # define OPENSSL_CMP_H
 
@@ -210,21 +216,31 @@ typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS)
+{-
+    generate_stack_macros("OSSL_CMP_CERTSTATUS");
+-}
 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV)
+{-
+    generate_stack_macros("OSSL_CMP_ITAV");
+-}
 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI)
+{-
+    generate_stack_macros("OSSL_CMP_PKISI");
+-}
 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
+-}
 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
 typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTRESPONSE");
+-}
 typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
 
 /*

test/cmp_client_test.c

@@ -15,8 +15,6 @@
 
 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static const char *server_key_f;
 static const char *server_cert_f;
 static const char *client_key_f;

test/cmp_ctx_test.c

@@ -13,8 +13,6 @@
 
 #include <openssl/x509_vfy.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 typedef struct test_fixture {
     const char *test_case_name;
     OSSL_CMP_CTX *ctx;

test/cmp_hdr_test.c

@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
 
 typedef struct test_fixture {

test/cmp_msg_test.c

@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-
 static const char *newkey_f;
 static const char *server_cert_f;
 static const char *pkcs10_f;