From a368d7d1ad18232edb9c26f24d9e2d17f03c3f97 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 30 May 2019 21:23:19 -0700
Subject: Check for X509_STORE_get_ex_new_index function separately

Don't assume that just because X509_STORE_set_ex_data is defined
that the second one is defined.  Some versions of LibreSSL need
this. See
https://github.com/openbsd/ports/commit/23f03b0df4af7e0606fd73c551a39430234b7449
---
 ext/openssl/extconf.rb        | 1 +
 ext/openssl/openssl_missing.h | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 4f218562..d86e1301 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -144,6 +144,7 @@ have_func("HMAC_CTX_free")
 OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
+have_func("X509_STORE_get_ex_new_index")
 have_func("X509_CRL_get0_signature")
 have_func("X509_REQ_get0_signature")
 have_func("X509_REVOKED_get0_serialNumber")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 09998214..f81c64e8 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -72,6 +72,9 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
 #if !defined(HAVE_X509_STORE_SET_EX_DATA)
 #  define X509_STORE_set_ex_data(x, idx, data) \
 	CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
+#endif
+
+#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX)
 #  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
 	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
 				(newf), (dupf), (freef))
-- 
cgit v1.2.3


From 057691e2bd3a2af4654d793bad78db3b991c9e19 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 30 May 2019 21:26:46 -0700
Subject: Treat LibreSSL 2.7+ like OpenSSL 1.1 in terms of opaqueness

LibreSSL does not define HAVE_OPAQUE_OPENSSL, but operates
similarly.

See:

https://github.com/openbsd/ports/commit/24f62d13dcefff26ade5088b7cdd9238a805450d
https://github.com/openbsd/ports/commit/c8307509d3638d5e5e6c1b7be411f4cdeba0e113
---
 ext/openssl/openssl_missing.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index f81c64e8..645e90a0 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -148,6 +148,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
 #endif
 
 #if !defined(HAVE_OPAQUE_OPENSSL)
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL
 #define IMPL_PKEY_GETTER(_type, _name) \
 static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
 	return pkey->pkey._name; }
@@ -199,6 +200,7 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #undef IMPL_PKEY_GETTER
 #undef IMPL_KEY_ACCESSOR2
 #undef IMPL_KEY_ACCESSOR3
+#endif
 #endif /* HAVE_OPAQUE_OPENSSL */
 
 #if !defined(EVP_CTRL_AEAD_GET_TAG)
-- 
cgit v1.2.3


From e6a027d2e6fb6aa261226b526cdc4e159697af2b Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 30 May 2019 22:00:32 -0700
Subject: Fix opaque check to work correctly on OpenSSL <1.1

---
 ext/openssl/openssl_missing.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 645e90a0..7ef64780 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -147,8 +147,8 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
 	CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #endif
 
-#if !defined(HAVE_OPAQUE_OPENSSL)
-#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL
+#if !defined(HAVE_OPAQUE_OPENSSL) && \
+    (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 #define IMPL_PKEY_GETTER(_type, _name) \
 static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
 	return pkey->pkey._name; }
@@ -200,7 +200,6 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #undef IMPL_PKEY_GETTER
 #undef IMPL_KEY_ACCESSOR2
 #undef IMPL_KEY_ACCESSOR3
-#endif
 #endif /* HAVE_OPAQUE_OPENSSL */
 
 #if !defined(EVP_CTRL_AEAD_GET_TAG)
-- 
cgit v1.2.3


From 5353140cc11c9a5f744e920a458250730e93848a Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 30 May 2019 22:08:53 -0700
Subject: Handle case where X509_STORE_get_ex_new_index is a macro

Looks like at least some versions of OpenSSL define this as a macro.
---
 ext/openssl/openssl_missing.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 7ef64780..10afed2a 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -74,7 +74,7 @@ void ossl_HMAC_CTX_free(HMAC_CTX *);
 	CRYPTO_set_ex_data(&(x)->ex_data, (idx), (data))
 #endif
 
-#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX)
+#if !defined(HAVE_X509_STORE_GET_EX_NEW_INDEX) && !defined(X509_STORE_get_ex_new_index)
 #  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
 	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
 				(newf), (dupf), (freef))
-- 
cgit v1.2.3