Fix safestack issues in ct.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

diff --git a/.gitignore b/.gitignore
index aca011b2c165f57b55fcfc55bc9ac6a1da3d081b..0cad330e0a0384c1ff39f99a0b4fd3fab2a30cd2 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@
 /include/openssl/cms.h
 /include/openssl/configuration.h
 /include/openssl/crmf.h
+/include/openssl/ct.h
 /include/openssl/fipskey.h
 /include/openssl/ocsp.h
 /include/openssl/opensslv.h

diff --git a/apps/s_client.c b/apps/s_client.c
index ecd737ef691944cac85d3e25cc9ef4e64db8943c..ca9891aba842b773190a7a8c4a8436284371cd7a 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -59,8 +59,6 @@ typedef unsigned int u_int;
 # endif
 #endif
 
-DEFINE_STACK_OF(SCT)
-
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
 #define S_CLIENT_IRC_READ_TIMEOUT 8

diff --git a/build.info b/build.info
index 828918c6c6c68e28b05f26f58e38d6228cc3aa41..01e26704ef1ca251339a96ef9d8bae59830d1330 100644 (file)
--- a/build.info
+++ b/build.info
@@ -18,6 +18,7 @@ DEPEND[]=include/openssl/asn1.h \
          include/openssl/cms.h \
          include/openssl/configuration.h \
          include/openssl/crmf.h \
+         include/openssl/ct.h \
          include/openssl/fipskey.h \
          include/openssl/opensslv.h \
          include/openssl/ocsp.h \
@@ -36,6 +37,7 @@ GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
 GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
+GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in

diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 73eeee9d7d0b8a61878bfe70878283ee24eec9f4..32a29ed6995ad0c77a0442e4904219315b627334 100644 (file)
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -18,8 +18,6 @@
 
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(CTLOG)
-
 /*
  * Information about a CT log server.
  */

diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index 4aca0385d0f8f1e6358cb1acfbbc3ffabfab99ec..712fc563c42a95cc4b7ea19d420dd0c3a81a2da0 100644 (file)
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -21,8 +21,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
 {
     size_t siglen;

diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index a89b4aa6e7f11d939f947c58d5a2ddf640a8babe..374235b7ec57eb7ba872228e6e9d7fe920d0c1b4 100644 (file)
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -16,8 +16,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
 {
     int nid = SCT_get_signature_nid(sct);

diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index f6c262c967687b4c0be1411c4a7eae9b5a0b289a..1b8e1dc61ef70adfd60e40d0a4d5f30bb0059b16 100644 (file)
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -19,8 +19,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 SCT *SCT_new(void)
 {
     SCT *sct = OPENSSL_zalloc(sizeof(*sct));

diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 51dd779a3a9a6dca69de839cba0da53252145fd9..085402b046fe404185abbdf64ee84206350cc23c 100644 (file)
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -13,8 +13,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
 {
     return OPENSSL_strdup("NULL");

diff --git a/include/openssl/ct.h b/include/openssl/ct.h.in
similarity index 99%
rename from include/openssl/ct.h
rename to include/openssl/ct.h.in
index a69c986f062fe907a322588c5456a46dc5c8e222..e72fe4b6b7181fe5b72dbb4004108905a13f8ab5 100644 (file)
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CT_H
 # define OPENSSL_CT_H
 # pragma once
@@ -34,8 +40,11 @@ extern "C" {
 /* All hashes are SHA256 in v1 of Certificate Transparency */
 # define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
 
-DEFINE_OR_DECLARE_STACK_OF(SCT)
-DEFINE_OR_DECLARE_STACK_OF(CTLOG)
+{-
+    generate_stack_macros("SCT")
+    .generate_stack_macros("CTLOG");
+-}
+
 
 typedef enum {
     CT_LOG_ENTRY_TYPE_NOT_SET = -1,

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e4cc6efa7683a2d959f1dd98f3f0514d4a95fc93..64ecdccb8f007345891d56cb8f3a7889596c14e0 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -28,8 +28,6 @@
 #include "internal/refcount.h"
 #include "internal/ktls.h"
 
-DEFINE_STACK_OF(SCT)
-
 static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t,
                                     SSL_MAC_BUF *mac, size_t macsize)
 {

diff --git a/test/ct_test.c b/test/ct_test.c
index 2e161a74d2425ccc7779d48cb1f1258e46378fac..d1799fa7a236834cc20651f29d64df438e4e339f 100644 (file)
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -22,8 +22,6 @@
 
 #ifndef OPENSSL_NO_CT
 
-DEFINE_STACK_OF(SCT)
-
 /* Used when declaring buffers to read text files into */
 # define CT_TEST_MAX_FILE_SIZE 8096