From fd3ed85c67174a0d3b6639ba9b237351d1c2201f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 3 Sep 2020 15:05:30 +0100 Subject: [PATCH] Fix safestack issues in ocsp.h Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12781) --- .gitignore | 1 + apps/ocsp.c | 1 - build.info | 2 ++ crypto/ocsp/ocsp_cl.c | 3 --- crypto/ocsp/ocsp_prn.c | 3 --- crypto/ocsp/ocsp_srv.c | 3 --- crypto/ocsp/ocsp_vfy.c | 3 --- include/openssl/{ocsp.h => ocsp.h.in} | 20 ++++++++++++++++---- ssl/ssl_lib.c | 1 - ssl/statem/extensions_clnt.c | 2 -- ssl/statem/extensions_srvr.c | 2 -- test/sslapitest.c | 1 - 12 files changed, 19 insertions(+), 23 deletions(-) rename include/openssl/{ocsp.h => ocsp.h.in} (98%) diff --git a/.gitignore b/.gitignore index f0c19f434f..6d6850c104 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ /include/openssl/cms.h /include/openssl/configuration.h /include/openssl/fipskey.h +/include/openssl/ocsp.h /include/openssl/opensslv.h /include/openssl/safestack.h /include/openssl/ssl.h diff --git a/apps/ocsp.c b/apps/ocsp.c index 6943267bde..2540ce118e 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -33,7 +33,6 @@ #include #include -DEFINE_STACK_OF(OCSP_CERTID) DEFINE_STACK_OF(CONF_VALUE) #if defined(__TANDEM) diff --git a/build.info b/build.info index 8729d6c5aa..406ce29af0 100644 --- a/build.info +++ b/build.info @@ -19,6 +19,7 @@ DEPEND[]=include/openssl/asn1.h \ include/openssl/configuration.h \ include/openssl/fipskey.h \ include/openssl/opensslv.h \ + include/openssl/ocsp.h \ include/openssl/safestack.h \ include/openssl/ssl.h \ include/openssl/x509.h \ @@ -31,6 +32,7 @@ GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in +GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in GENERATE[include/openssl/safestack.h]=include/openssl/safestack.h.in GENERATE[include/openssl/ssl.h]=include/openssl/ssl.h.in diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index b977e88d03..33d77af426 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -18,9 +18,6 @@ #include #include "ocsp_local.h" -DEFINE_STACK_OF(OCSP_ONEREQ) -DEFINE_STACK_OF(OCSP_SINGLERESP) - /* * Utility functions related to sending OCSP requests and extracting relevant * information from the response. diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index c4917ee184..654ddbc7ff 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -14,9 +14,6 @@ #include "internal/cryptlib.h" #include -DEFINE_STACK_OF(OCSP_ONEREQ) -DEFINE_STACK_OF(OCSP_SINGLERESP) - static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) { BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index a87fea892d..ee0e8a612c 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -16,9 +16,6 @@ #include #include "ocsp_local.h" -DEFINE_STACK_OF(OCSP_ONEREQ) -DEFINE_STACK_OF(OCSP_SINGLERESP) - /* * Utility functions related to sending OCSP responses and extracting * relevant information from the request. diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 35a01c444d..3138716a0a 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -12,9 +12,6 @@ #include #include -DEFINE_STACK_OF(OCSP_ONEREQ) -DEFINE_STACK_OF(OCSP_SINGLERESP) - static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h.in similarity index 98% rename from include/openssl/ocsp.h rename to include/openssl/ocsp.h.in index 939a90877d..bf1e5a37fd 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h.in @@ -1,4 +1,6 @@ /* + * {- join("\n * ", @autowarntext) -} + * * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -7,6 +9,10 @@ * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::stackhash qw(generate_stack_macros); +-} + #ifndef OPENSSL_OCSP_H # define OPENSSL_OCSP_H # pragma once @@ -110,8 +116,10 @@ typedef struct ocsp_req_info_st OCSP_REQINFO; typedef struct ocsp_signature_st OCSP_SIGNATURE; typedef struct ocsp_request_st OCSP_REQUEST; -DEFINE_OR_DECLARE_STACK_OF(OCSP_CERTID) -DEFINE_OR_DECLARE_STACK_OF(OCSP_ONEREQ) +{- + generate_stack_macros("OCSP_CERTID") + .generate_stack_macros("OCSP_ONEREQ"); +-} # define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 # define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 @@ -125,7 +133,9 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; # define V_OCSP_RESPID_NAME 0 # define V_OCSP_RESPID_KEY 1 -DEFINE_OR_DECLARE_STACK_OF(OCSP_RESPID) +{- + generate_stack_macros("OCSP_RESPID"); +-} typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; @@ -136,7 +146,9 @@ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; -DEFINE_OR_DECLARE_STACK_OF(OCSP_SINGLERESP) +{- + generate_stack_macros("OCSP_SINGLERESP"); +-} typedef struct ocsp_response_data_st OCSP_RESPDATA; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ccb0a6087f..e4cc6efa76 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -28,7 +28,6 @@ #include "internal/refcount.h" #include "internal/ktls.h" -DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(SCT) static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index f8ae0612e3..189e2c9e5e 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -12,8 +12,6 @@ #include "internal/cryptlib.h" #include "statem_local.h" -DEFINE_STACK_OF(OCSP_RESPID) - EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6adb9cab82..46a8e44442 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -12,8 +12,6 @@ #include "statem_local.h" #include "internal/cryptlib.h" -DEFINE_STACK_OF(OCSP_RESPID) - #define COOKIE_STATE_FORMAT_VERSION 0 /* diff --git a/test/sslapitest.c b/test/sslapitest.c index 2451f3f832..7f444c5456 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -47,7 +47,6 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx); -DEFINE_STACK_OF(OCSP_RESPID) static OPENSSL_CTX *libctx = NULL; static OSSL_PROVIDER *defctxnull = NULL; -- 2.39.2