security/xmlsec1: Fix build with LibreSSL 2.7

 - LibreSSL 2.7 implements most of OpenSSL 1.1 API

PR:		D14851
Submitted by:	Charlie Li <ml+freebsd vishwin info>
Approved by:	maintainer time-out
Obtained from:	https://github.com/lsh123/xmlsec/pull/167
Differential Revision:	https://reviews.freebsd.org/D14851

4 files changed, 135 insertions, 19 deletions

diff --git a/security/xmlsec1/files/patch-configure b/security/xmlsec1/files/patch-configure
index d99faf24bdcf..7416f99ad25a 100644
--- a/security/xmlsec1/files/patch-configure
+++ b/security/xmlsec1/files/patch-configure
@@ -1,6 +1,6 @@
---- configure.orig	2016-10-17 07:49:05.000000000 +0900
-+++ configure	2017-01-05 18:09:44.486857000 +0900
-@@ -12141,7 +12141,7 @@
+--- configure.orig	2017-09-12 13:21:59 UTC
++++ configure
+@@ -12661,7 +12649,7 @@ CC=$lt_save_CC
  
  
  
@@ -9,16 +9,16 @@
      # Extract the first word of "rm", so it can be a program name with args.
  set dummy rm; ac_word=$2
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-@@ -13143,7 +13143,7 @@
- fi
- 
+@@ -13648,7 +13636,7 @@ case "${host}" in
+         ;;
+ esac
  
 -if test "z$shrext" == "z" ; then
 +if test "z$shrext" = "z" ; then
      shrext=$shrext_cmds
  fi
  
-@@ -13858,6 +13858,7 @@
+@@ -14384,6 +14372,7 @@ elif test "z$with_openssl" != "z" ; then
  	*-*-osf5*) openssl_exlibs=;;
  	*-*-openbsd*) openssl_exlibs=;;
  	*-*-netbsd*) openssl_exlibs=;;
@@ -26,7 +26,7 @@
  	#FIXME: check if lib "dl" is required
  	*)          openssl_exlibs=-ldl;;
      esac
-@@ -14189,9 +14190,9 @@
+@@ -14641,9 +14630,9 @@ if test "z$OPENSSL_FOUND" = "zno" ; then
      for dir in $ac_openssl_lib_dir ; do
  	if test -f $dir/libcrypto.a ; then
  	    	    if test "z$dir" = "z/usr/lib" ; then
@@ -38,18 +38,60 @@
  	    fi
  	    OPENSSL_LIBS_FOUND="yes"
  	    ac_found_openssl_lib_dir=$dir
-@@ -14240,7 +14241,7 @@
+@@ -14668,7 +14669,7 @@ $as_echo_n "checking for openssl librari
+ /* end confdefs.h.  */
+
+             #include <openssl/opensslv.h>
+-        #if OPENSSL_VERSION_NUMBER == 0x20000000L && defined(LIBRESSL_VERSION_NUMBER)
++        #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
+         yes
+         #endif
+
+@@ -14676,7 +14665,7 @@ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+   $EGREP "yes" >/dev/null 2>&1; then :
+ 
+-        OPENSSL_VERSION="1.0.0 (libressl)"
++        OPENSSL_VERSION="1.0.0 (LibreSSL < 2.7)"
+ 
+ else
+ 
+@@ -14692,7 +14681,31 @@ rm -f conftest*
  /* end confdefs.h.  */
  
-     	    #include <openssl/opensslv.h>
--	    #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-+	    #if OPENSSL_VERSION_NUMBER >= 0x10000000L || defined(LIBRESSL_VERSION_NUMBER)
- 		yes
- 	    #endif
+             #include <openssl/opensslv.h>
+-        #if OPENSSL_VERSION_NUMBER >= 0x10100000L
++        #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++        yes
++        #endif
++
++_ACEOF
++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
++  $EGREP "yes" >/dev/null 2>&1; then :
++
++        OPENSSL_VERSION="1.1.0 (LibreSSL >= 2.7)"
++
++else
++
++        OPENSSL_VERSION=""
++
++fi
++rm -f conftest*
++
++    fi
++
++    if test "z$OPENSSL_VERSION" = "z" ; then
++        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++            #include <openssl/opensslv.h>
++        #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+         yes
+         #endif
  
-@@ -14330,12 +14331,12 @@
-     	OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_110=1"
-     fi
+@@ -14749,12 +14762,12 @@ fi
+ if test "z$OPENSSL_FOUND" = "zyes" ; then
+     XMLSEC_NO_OPENSSL="0"
      OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_CRYPTO_OPENSSL=1"
 -    XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST openssl"
 +    XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST openssl"; CPPFLAGS="$CPPFLAGS $OPENSSL_CFLAGS"
@@ -62,7 +104,7 @@
    XMLSEC_NO_OPENSSL_TRUE=
    XMLSEC_NO_OPENSSL_FALSE='#'
  else
-@@ -14357,7 +14358,7 @@
+@@ -14776,7 +14789,7 @@ NSPR_MIN_VERSION="4.4.1"
  NSS_CFLAGS=""
  NSS_LIBS=""
  NSS_LIBS_LIST="-lnss3 -lsmime3"
@@ -71,7 +113,7 @@
  NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
  NSS_FOUND="no"
  NSPR_PACKAGE=mozilla-nspr
-@@ -14792,15 +14793,15 @@
+@@ -15211,15 +15224,15 @@ $as_echo_n "checking for nss libraries >
      NSS_NSS_H=""
  
      if test "z$with_nss" != "z" ; then
diff --git a/security/xmlsec1/files/patch-configure.ac b/security/xmlsec1/files/patch-configure.ac
new file mode 100644
index 000000000000..aec06e241c83
--- /dev/null
+++ b/security/xmlsec1/files/patch-configure.ac
@@ -0,0 +1,33 @@
+--- configure.ac.orig	2017-09-12 13:21:09 UTC
++++ configure.ac
+@@ -493,7 +493,7 @@ if test "z$OPENSSL_FOUND" = "zyes" -a "z
+         yes
+         #endif
+     ],[
+-        OPENSSL_VERSION="1.0.0 (libressl)"
++        OPENSSL_VERSION="1.0.0 (libressl < 2.7)"
+     ],[
+         OPENSSL_VERSION=""
+     ])
+@@ -502,7 +502,20 @@ if test "z$OPENSSL_FOUND" = "zyes" -a "z
+     if test "z$OPENSSL_VERSION" = "z" ; then
+         AC_EGREP_CPP(yes,[
+             #include <openssl/opensslv.h>
+-        #if OPENSSL_VERSION_NUMBER >= 0x10100000L
++        #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++        yes
++        #endif
++    ],[
++        OPENSSL_VERSION="1.1.0 (libressl >= 2.7)"
++    ],[
++        OPENSSL_VERSION=""
++    ])
++    fi
++
++    if test "z$OPENSSL_VERSION" = "z" ; then
++        AC_EGREP_CPP(yes,[
++            #include <openssl/opensslv.h>
++        #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+         yes
+         #endif
+     ],[
diff --git a/security/xmlsec1/files/patch-include_xmlsec_openssl_crypto.h b/security/xmlsec1/files/patch-include_xmlsec_openssl_crypto.h
new file mode 100644
index 000000000000..5e8c9d1ee352
--- /dev/null
+++ b/security/xmlsec1/files/patch-include_xmlsec_openssl_crypto.h
@@ -0,0 +1,19 @@
+--- include/xmlsec/openssl/crypto.h.orig	2017-09-12 13:21:09 UTC
++++ include/xmlsec/openssl/crypto.h
+@@ -43,11 +43,14 @@ XMLSEC_CRYPTO_EXPORT const xmlChar*     
+  * What version of the openssl API do we have? (also see configure.ac)
+  *
+  *******************************************************************/
+-#if OPENSSL_VERSION_NUMBER == 0x20000000L && defined(LIBRESSL_VERSION_NUMBER)
+-/* Libressl decided to take over OpenSSL version 2.0.0, likely will create
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L
++/* LibreSSL decided to take over OpenSSL version 2.0.0, likely will create
+  * issues down the road...
+  */
+ #define XMLSEC_OPENSSL_API_100      1
++#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++/* LibreSSL 2.7 implements OpenSSL 1.1 API */
++#define XMLSEC_OPENSSL_API_110      1
+ #elif OPENSSL_VERSION_NUMBER >= 0x10100000L
+ #define XMLSEC_OPENSSL_API_110      1
+ #elif OPENSSL_VERSION_NUMBER >= 0x10000000L
diff --git a/security/xmlsec1/files/patch-src_openssl_openssl__compat.h b/security/xmlsec1/files/patch-src_openssl_openssl__compat.h
new file mode 100644
index 000000000000..ab20e6310f2d
--- /dev/null
+++ b/security/xmlsec1/files/patch-src_openssl_openssl__compat.h
@@ -0,0 +1,22 @@
+--- src/openssl/openssl_compat.h.orig	2017-09-12 13:21:09 UTC
++++ src/openssl/openssl_compat.h
+@@ -49,4 +49,19 @@
+ 
+ #endif /* !defined(XMLSEC_OPENSSL_API_110) */
+ 
++/******************************************************************************
++ *
++ * LibreSSL 2.7+ compatibility (implements most of OpenSSL 1.1 API)
++ *
++ *****************************************************************************/
++#if defined(XMLSEC_OPENSSL_API_110) && defined(LIBRESSL_VERSION_NUMBER) 
++/* EVP_CIPHER_CTX stuff */
++#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)
++
++/* X509 stuff */
++#define X509_STORE_CTX_get_by_subject      X509_STORE_get_by_subject
++#define X509_OBJECT_new()                  (calloc(1, sizeof(X509_OBJECT)))
++#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); }
++#endif
++
+ #endif /* __XMLSEC_OPENSSL_OPENSSL_COMPAT_H__ */