freebsd-ports/net-mgmt/send/files/patch-libs-libpkixipext-x509.c

--- libs/libpkixipext/x509.c.orig	2019-02-27 16:25:45 UTC
+++ libs/libpkixipext/x509.c
@@ -57,34 +57,54 @@ static char nbuf[1024];
 extern int pkixip_verify_cb(int, X509_STORE_CTX *);
 
 X509V3_EXT_METHOD pkix_ip_ext_method = {
-	ext_flags : X509V3_EXT_MULTILINE,
-	it : ASN1_ITEM_ref(IPAddrBlocks),
-	i2v : (X509V3_EXT_I2V)i2v_IPAddrBlocks,
+	.ext_flags = X509V3_EXT_MULTILINE,
+	.it = ASN1_ITEM_ref(IPAddrBlocks),
+	.i2v = (X509V3_EXT_I2V)i2v_IPAddrBlocks,
 };
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static STACK *stores[PKIXIP_MAX_STORES];
+#else
+static STACK_OF(X509_OBJECT) *stores[PKIXIP_MAX_STORES];
+#endif
 static X509_STORE_CTX *ctx_bysubj;
 static int next_store = 1;
 static void *(*wrap_store_cert)(X509 *x);
 static void (*trustanchor_cb)(X509 *x);
 pthread_mutex_t stores_lock = PTHREAD_MUTEX_INITIALIZER;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static STACK *mychain;
+#else
+static STACK_OF(X509_OBJECT) *mychain;
+#endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define	X509_OBJECT_get_type(a)	((a)->type)
+#define	X509_OBJECT_get0_X509(a)	((a)->data.x509)
+#define	X509_OBJECT_get0_X509_CRL(a)	((a)->data.crl)
+#define	X509_STORE_get0_objects(a)	((a)->objs)
+#define	X509_STORE_CTX_get0_chain(a)	((a)->chain)
+#endif
 /* Lifted from openssl x509_lu.c */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static int
 x509_object_cmp(X509_OBJECT **a, X509_OBJECT **b)
+#else
+static int
+x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+#endif
 {
  	int ret;
 
- 	ret=((*a)->type - (*b)->type);
+ 	ret=(X509_OBJECT_get_type(*a) - X509_OBJECT_get_type(*b));
  	if (ret) return ret;
- 	switch ((*a)->type) {
+ 	switch (X509_OBJECT_get_type(*a)) {
  	case X509_LU_X509:
- 		ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
+ 		ret=X509_subject_name_cmp(X509_OBJECT_get0_X509(*a),X509_OBJECT_get0_X509(*b));
  		break;
  	case X509_LU_CRL:
- 		ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
+ 		ret=X509_CRL_cmp(X509_OBJECT_get0_X509_CRL(*a),X509_OBJECT_get0_X509_CRL(*b));
  		break;
 	default:
 		/* abort(); */
@@ -243,7 +263,11 @@ pkixip_load_pkey(const char *f)
 	return (pkey);
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static STACK *
+#else
+static STACK_OF(X509_OBJECT) *
+#endif
 pkixip_get_store(int handle)
 {
 	if (handle >= PKIXIP_MAX_STORES || handle < 0) {
@@ -257,7 +281,11 @@ pkixip_get_store(int handle)
 void
 pkixip_walk_store(int (*cb)(X509 *, void *), void *cookie, int handle)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	STACK *objs;
+#else
+	STACK_OF(X509_OBJECT) *objs;
+#endif
 	int i;
 	X509_OBJECT *xo;
 
@@ -266,12 +294,16 @@ pkixip_walk_store(int (*cb)(X509 *, void *), void *coo
 		goto done;
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	for (i = 0; i < sk_num(objs); i++) {
+#else
+	for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+#endif
 		xo = sk_X509_OBJECT_value(objs, i);
-		if (xo->type != X509_LU_X509) {
+		if (X509_OBJECT_get_type(xo) != X509_LU_X509) {
 			continue;
 		}
-		if (!cb(xo->data.x509, cookie)) {
+		if (!cb(X509_OBJECT_get0_X509(xo), cookie)) {
 			break;
 		}
 	}
@@ -282,7 +314,11 @@ done:
 void *
 pkixip_find_cert(void *k, int handle)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	STACK *store;
+#else
+	STACK_OF(X509_OBJECT) *store;
+#endif
 	int i;
 	void *r = NULL;
 
@@ -291,11 +327,19 @@ pkixip_find_cert(void *k, int handle)
 		goto done;
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if ((i = sk_find(store, k)) < 0) {
+#else
+	if ((i = sk_X509_OBJECT_find(store, k)) < 0) {
+#endif
 		goto done;
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	r = sk_value(store, i);
+#else
+	r = sk_X509_OBJECT_value(store, i);
+#endif
 
 done:
 	pthread_mutex_unlock(&stores_lock);
@@ -304,8 +348,13 @@ done:
 
 /* Caller must hold stores_lock */
 static int
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **),
     STACK *objs)
+#else
+pkixip_do_add_store(int handle, int (*cmp)(const X509_OBJECT * const *, X509_OBJECT * const *),
+    STACK_OF(X509_OBJECT) *objs)
+#endif
 {
 	if (objs == NULL && (objs = sk_X509_OBJECT_new(cmp)) == NULL) {
 		applog(LOG_CRIT, "no memory");
@@ -316,8 +365,13 @@ pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT
 	return (0);
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 int
 pkixip_add_store(int *handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **))
+#else
+int
+pkixip_add_store(int *handle, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *))
+#endif
 {
 	int r = 0;
 
@@ -369,7 +423,7 @@ pkixip_get_store_ctx(void)
 	}
 
 	pthread_mutex_lock(&stores_lock);
-	if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, st->objs)
+	if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, X509_STORE_get0_objects(st))
 	    < 0) {
 		X509_STORE_free(st);
 		X509_STORE_CTX_free(ctx_bysubj);
@@ -396,17 +450,24 @@ pkixip_store_ctx_light_cleanup(X509_STORE_CTX *ctx)
 {
 //	X509_STORE_CTX_cleanup(ctx);
 
-	if (ctx->chain != NULL) {
-		sk_X509_pop_free(ctx->chain, noop_free);
+	if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+		sk_X509_pop_free(X509_STORE_CTX_get0_chain(ctx), noop_free);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		ctx->chain=NULL;
+#endif
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
 			    &(ctx->ex_data));
 	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+#else
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+			    X509_STORE_CTX_get_app_data(ctx));
+#endif
 
 #if 0
-	while (sk_num(ctx->chain) > 0) {
-		sk_pop(ctx->chain);
+	while (sk_num(X509_STORE_CTX_get0_chain(ctx)) > 0) {
+		sk_pop(X509_STORE_CTX_get0_chain(ctx));
 	}
 #endif
 }
@@ -445,10 +506,19 @@ pkixip_add2stores_cert(X509 *x)
 	int i, r = 0;
 	X509_STORE_CTX *ctx;
 	void *wrapper;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	X509_OBJECT o[1];
+#else
+	X509_OBJECT *o;
 
-	if ((ctx = pkixip_get_store_ctx()) == NULL) {
+	o = X509_OBJECT_new();
+	if (o == NULL)
 		return (-1);
+#endif
+
+	if ((ctx = pkixip_get_store_ctx()) == NULL) {
+		r = -1;
+		goto done2;
 	}
 
 	pthread_mutex_lock(&stores_lock);
@@ -459,7 +529,11 @@ pkixip_add2stores_cert(X509 *x)
 		goto done;
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if (X509_STORE_add_cert(ctx->ctx, x) != 1) {
+#else
+	if (X509_STORE_add_cert(X509_STORE_CTX_get0_store(ctx), x) != 1) {
+#endif
 		pkixip_ssl_err(__FUNCTION__, "X509_STORE_add_cert() failed");
 		r = -1;
 		goto done;
@@ -467,7 +541,8 @@ pkixip_add2stores_cert(X509 *x)
 
 	if (wrap_store_cert) {
 		if ((wrapper = wrap_store_cert(x)) == NULL) {
-			return (-1);
+			r = -1;
+			goto done2;
 		}
 	} else {
 		wrapper = x;
@@ -475,7 +550,11 @@ pkixip_add2stores_cert(X509 *x)
 
 	for (i = 1; i < PKIXIP_MAX_STORES; i++) {
 		if (stores[i]) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 			sk_push(stores[i], wrapper);
+#else
+			sk_X509_OBJECT_push(stores[i], wrapper);
+#endif
 		}
 	}
 
@@ -484,6 +563,10 @@ pkixip_add2stores_cert(X509 *x)
 
 done:
 	pthread_mutex_unlock(&stores_lock);
+done2:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	free(o);
+#endif
 	return (r);
 }
 
@@ -523,14 +606,26 @@ pkixip_my_chain_init(X509 *mycert)
 	}
 
 	if (mychain != NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		sk_free(mychain);
+#else
+		sk_X509_OBJECT_free(mychain);
+#endif
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if ((mychain = sk_dup(ctx->chain)) == NULL) {
+#else
+	if ((mychain = sk_X509_OBJECT_dup(X509_STORE_CTX_get0_chain(ctx))) == NULL) {
+#endif
 		APPLOG_NOMEM();
 		r = -1;
 		goto done;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	sk_set_cmp_func(mychain, x509_bysubj_cmp);
+#else
+	sk_X509_OBJECT_set_cmp_func(mychain, x509_bysubj_cmp);
+#endif
 	DBG(&dbg_x509, "mychain verified and set");
 
 done:
@@ -538,7 +633,11 @@ done:
 	return (r);
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 STACK *
+#else
+STACK_OF(X509_OBJECT) *
+#endif
 pkixip_get_mychain(void)
 {
 	return (mychain);