From fc7bfd5046f6f875446aa2ee96797fbc4337e143 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 5 Aug 2023 14:16:39 -0600
Subject: [PATCH] Move OpenSSL compat defines to sudo_ssl_compat.h

---
 include/hostcheck.h       |  7 +++++++
 include/sudo_compat.h     | 15 ---------------
 include/sudo_ssl_compat.h | 15 +++++++++++++++
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/include/hostcheck.h b/include/hostcheck.h
index 5c05d3605..ed5a97386 100644
--- a/include/hostcheck.h
+++ b/include/hostcheck.h
@@ -21,6 +21,13 @@
 
 # include <openssl/x509v3.h>
 
+/*
+ * Compatibility defines for OpenSSL 1.0.2 (not needed for 1.1.x)
+ */
+# if !defined(HAVE_ASN1_STRING_GET0_DATA) && !defined(HAVE_WOLFSSL)
+#  define ASN1_STRING_get0_data(x)	ASN1_STRING_data(x)
+# endif /* !HAVE_ASN1_STRING_GET0_DATA && !HAVE_WOLFSSL */
+
 typedef enum {
     MatchFound,
     MatchNotFound,
diff --git a/include/sudo_compat.h b/include/sudo_compat.h
index 0996ec7c8..80fb01a74 100644
--- a/include/sudo_compat.h
+++ b/include/sudo_compat.h
@@ -305,21 +305,6 @@ int getdomainname(char *, size_t);
 # define fseeko(f, o, w)	fseek((f), (long)(o), (w))
 #endif
 
-/*
- * Compatibility defines for OpenSSL 1.0.2 (not needed for 1.1.x)
- */
-#if defined(HAVE_OPENSSL) && !defined(HAVE_WOLFSSL)
-# ifndef HAVE_X509_STORE_CTX_GET0_CERT
-#  define X509_STORE_CTX_get0_cert(x)   ((x)->cert)
-# endif
-# ifndef HAVE_ASN1_STRING_GET0_DATA
-#  define ASN1_STRING_get0_data(x)      ASN1_STRING_data(x)
-# endif
-# ifndef HAVE_TLS_METHOD
-#  define TLS_method()                  SSLv23_method()
-# endif
-#endif /* HAVE_OPENSSL && !HAVE_WOLFSSL */
-
 /*
  * Functions "missing" from libc.
  * All libc replacements are prefixed with "sudo_" to avoid namespace issues.
diff --git a/include/sudo_ssl_compat.h b/include/sudo_ssl_compat.h
index a10169120..1f0947236 100644
--- a/include/sudo_ssl_compat.h
+++ b/include/sudo_ssl_compat.h
@@ -21,6 +21,21 @@
 
 # ifdef HAVE_OPENSSL
 
+/*
+ * Compatibility defines for OpenSSL 1.0.2 (not needed for 1.1.x)
+ */
+#  ifndef HAVE_WOLFSSL
+#   ifndef HAVE_X509_STORE_CTX_GET0_CERT
+#    define X509_STORE_CTX_get0_cert(x)   ((x)->cert)
+#   endif
+#   ifndef HAVE_TLS_METHOD
+#    define TLS_method()                  SSLv23_method()
+#   endif
+#  endif /* !HAVE_WOLFSSL */
+
+/*
+ * SSL_read_ex() and SSL_write_ex() were added in OpenSSL 1.1.1.
+ */
 #  ifndef HAVE_SSL_READ_EX
 int SSL_read_ex(SSL *, void *, size_t, size_t *);
 int SSL_write_ex(SSL *, const void *, size_t, size_t *);