Fix safestack issues in cmp.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

16 files changed, 24 insertions, 33 deletions

diff --git a/.gitignore b/.gitignore
index 0565a0c3d3..edf56c7f3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@
 /crypto/buildinf.h
 /include/crypto/*_conf.h
 /include/openssl/asn1.h
+/include/openssl/cmp.h
 /include/openssl/configuration.h
 /include/openssl/fipskey.h
 /include/openssl/opensslv.h
diff --git a/apps/cmp.c b/apps/cmp.c
index 4d77b541c4..083425c08f 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -42,8 +42,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static char *opt_config = NULL;
 #define CMP_SECTION "cmp"
 #define SECTION_NAME_MAX 40 /* max length of section name */
diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c
index 89db709f94..057f9d9a5e 100644
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@@ -14,8 +14,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 #include <openssl/cmperr.h>
-
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
  
 /* the context for the CMP mock server */
 typedef struct
diff --git a/build.info b/build.info
index 33022e8bb3..97b882af7f 100644
--- a/build.info
+++ b/build.info
@@ -14,6 +14,7 @@ DEPEND[libssl]=libcrypto
 # Empty DEPEND "indices" means the dependencies are expected to be built
 # unconditionally before anything else.
 DEPEND[]=include/openssl/asn1.h \
+         include/openssl/cmp.h \
          include/openssl/configuration.h \
          include/openssl/fipskey.h \
          include/openssl/opensslv.h \
@@ -26,6 +27,7 @@ DEPEND[]=include/openssl/asn1.h \
 
 GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
+GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
 GENERATE[include/openssl/safestack.h]=include/openssl/safestack.h.in
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index f109af0502..d9013911a0 100644
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -17,8 +17,6 @@
 #include <openssl/cmp.h>
 #include <openssl/crmf.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /* ASN.1 declarations from RFC4210 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 3889d63fcd..ad34b978c7 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -21,8 +21,6 @@
 
 #include "openssl/cmp_util.h"
 
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_CERTID)
 
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index fdbd90a076..d960167bc0 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -21,8 +21,6 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /*
  * Get current certificate store containing trusted root CA certs
  */
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index 2691fce1b5..947f984505 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -20,8 +20,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {
     if (!ossl_assert(hdr != NULL))
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index c11fe4ca93..73246ffaee 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -21,11 +21,7 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h" /* for x509_set0_libctx() */
 
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
 DEFINE_STACK_OF(OSSL_CRMF_CERTID)
 
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 3c247336fc..94aa9aac8b 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -20,8 +20,6 @@
 #include <openssl/err.h>
 
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
 
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st
diff --git a/fuzz/cmp.c b/fuzz/cmp.c
index 44a0c1adeb..a0dc20c619 100644
--- a/fuzz/cmp.c
+++ b/fuzz/cmp.c
@@ -18,8 +18,6 @@
 #include "fuzzer.h"
 #include "rand.inc"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int FuzzerInitialize(int *argc, char ***argv)
 {
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h.in
index 9fc281a705..0df3777e3c 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
@@ -9,6 +11,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CMP_H
 # define OPENSSL_CMP_H
 
@@ -210,21 +216,31 @@ typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS)
+{-
+    generate_stack_macros("OSSL_CMP_CERTSTATUS");
+-}
 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV)
+{-
+    generate_stack_macros("OSSL_CMP_ITAV");
+-}
 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI)
+{-
+    generate_stack_macros("OSSL_CMP_PKISI");
+-}
 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
+-}
 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
 typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTRESPONSE");
+-}
 typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
 
 /*
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 9c72c58ad3..169f63a822 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -15,8 +15,6 @@
 
 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static const char *server_key_f;
 static const char *server_cert_f;
 static const char *client_key_f;
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 58c3fc85f7..72972fbaca 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -13,8 +13,6 @@
 
 #include <openssl/x509_vfy.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 typedef struct test_fixture {
     const char *test_case_name;
     OSSL_CMP_CTX *ctx;
diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c
index 344df43fea..75baefb7b9 100644
--- a/test/cmp_hdr_test.c
+++ b/test/cmp_hdr_test.c
@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
 
 typedef struct test_fixture {
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index a593f37cfc..3a0db7ece3 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-
 static const char *newkey_f;
 static const char *server_cert_f;
 static const char *pkcs10_f;