In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this.  Most of all, ParseC needed to be more
consistent.  The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns.  There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)

7 files changed, 26 insertions, 0 deletions

diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 4117ccdd87..8d2d7129f9 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -15,6 +15,10 @@
 #include <openssl/engine.h>
 #include <openssl/ts.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* Macro definitions for the configuration file. */
 #define BASE_SECTION                    "tsa"
 #define ENV_DEFAULT_TSA                 "default_tsa"
diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c
index 8b95097935..ec36868d88 100644
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@@ -14,6 +14,8 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
     return ASN1_INTEGER_set(a->version, version);
diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c
index 8593e2d9e3..5334cea534 100644
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -15,6 +15,9 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(CONF_VALUE)
+
 struct status_map_st {
     int bit;
     const char *text;
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index ed0979e584..ba69cbece2 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -17,6 +17,12 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF_CONST(EVP_MD)
+
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
 static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
 static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
index 6017e8d16d..b9ec82a2e6 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -14,6 +14,8 @@
 #include <openssl/pkcs7.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
     TS_STATUS_INFO *new_status_info;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 1f20fb9c0e..b872f75bea 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -15,6 +15,13 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(ESS_CERT_ID)
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 3c8340137f..2205345b0f 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -12,6 +12,8 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509)
+
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
     TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));