Fix safestack issues in ess.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

.gitignore

@@ -29,6 +29,7 @@
 /include/openssl/configuration.h
 /include/openssl/crmf.h
 /include/openssl/ct.h
+/include/openssl/ess.h
 /include/openssl/fipskey.h
 /include/openssl/ocsp.h
 /include/openssl/opensslv.h

build.info

@@ -20,6 +20,7 @@ DEPEND[]=include/openssl/asn1.h \
          include/openssl/configuration.h \
          include/openssl/crmf.h \
          include/openssl/ct.h \
+         include/openssl/ess.h \
          include/openssl/fipskey.h \
          include/openssl/opensslv.h \
          include/openssl/ocsp.h \
@@ -40,6 +41,7 @@ GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
 GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
+GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in

crypto/cms/cms_ess.c

@@ -20,9 +20,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services */

crypto/ess/ess_lib.c

@@ -14,9 +14,6 @@
 #include "crypto/ess.h"
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
                                                X509 *cert, int issuer_needed);

crypto/ts/ts_rsp_verify.c

@@ -15,9 +15,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,

include/openssl/ess.h → include/openssl/ess.h.in

@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ESS_H
 # define OPENSSL_ESS_H
 
@@ -24,12 +30,18 @@ typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
 typedef struct ESS_cert_id ESS_CERT_ID;
 typedef struct ESS_signing_cert ESS_SIGNING_CERT;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID)
+{-
+    generate_stack_macros("ESS_CERT_ID");
+-}
+
 
 typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2)
+{-
+    generate_stack_macros("ESS_CERT_ID_V2");
+-}
+
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)