Fix safestack issues in ess.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

6 files changed, 17 insertions, 11 deletions

diff --git a/.gitignore b/.gitignore
index 535792bd74..f1aeaddcee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,6 +29,7 @@
 /include/openssl/configuration.h
 /include/openssl/crmf.h
 /include/openssl/ct.h
+/include/openssl/ess.h
 /include/openssl/fipskey.h
 /include/openssl/ocsp.h
 /include/openssl/opensslv.h
diff --git a/build.info b/build.info
index 8f7f9f8395..7c5388b96c 100644
--- a/build.info
+++ b/build.info
@@ -20,6 +20,7 @@ DEPEND[]=include/openssl/asn1.h \
          include/openssl/configuration.h \
          include/openssl/crmf.h \
          include/openssl/ct.h \
+         include/openssl/ess.h \
          include/openssl/fipskey.h \
          include/openssl/opensslv.h \
          include/openssl/ocsp.h \
@@ -40,6 +41,7 @@ GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
 GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
+GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 9903c444fa..fa81b65c7b 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -20,9 +20,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services */
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index c8e1bb8eba..325acddb95 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -14,9 +14,6 @@
 #include "crypto/ess.h"
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
                                                X509 *cert, int issuer_needed);
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index cec15bd094..69ce5dc806 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -15,9 +15,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
diff --git a/include/openssl/ess.h b/include/openssl/ess.h.in
index 17962473c1..185bdd8f8b 100644
--- a/include/openssl/ess.h
+++ b/include/openssl/ess.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ESS_H
 # define OPENSSL_ESS_H
 
@@ -24,12 +30,18 @@ typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
 typedef struct ESS_cert_id ESS_CERT_ID;
 typedef struct ESS_signing_cert ESS_SIGNING_CERT;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID)
+{-
+    generate_stack_macros("ESS_CERT_ID");
+-}
+
 
 typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2)
+{-
+    generate_stack_macros("ESS_CERT_ID_V2");
+-}
+
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)