From 25606f09b22630e684bbbc1e75727ffa0d7a88a5 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Sat, 2 Dec 2023 16:13:38 -0500
Subject: [PATCH 1/2] Use X509_PURPOSE_get_id instead of struct access

The accessor was added at the same version as the struct, so better to
just use it. As with X509_PURPOSE_get_by_sname, it was const-corrected
later on.
---
 openssl-sys/src/handwritten/x509.rs | 13 ++-----------
 openssl/src/x509/mod.rs             | 12 +++++++++---
 2 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
index c5419ed6eb..6fa5179abf 100644
--- a/openssl-sys/src/handwritten/x509.rs
+++ b/openssl-sys/src/handwritten/x509.rs
@@ -687,21 +687,12 @@ extern "C" {
     pub fn X509_REQ_print(bio: *mut BIO, req: *mut X509_REQ) -> c_int;
 }
 
-#[repr(C)]
-pub struct X509_PURPOSE {
-    pub purpose: c_int,
-    pub trust: c_int, // Default trust ID
-    pub flags: c_int,
-    pub check_purpose:
-        Option<unsafe extern "C" fn(*const X509_PURPOSE, *const X509, c_int) -> c_int>,
-    pub name: *mut c_char,
-    pub sname: *mut c_char,
-    pub usr_data: *mut c_void,
-}
+pub enum X509_PURPOSE {}
 
 const_ptr_api! {
     extern "C" {
         pub fn X509_PURPOSE_get_by_sname(sname: #[const_ptr_if(any(ossl110, libressl280))] c_char) -> c_int;
+        pub fn X509_PURPOSE_get_id(purpose: #[const_ptr_if(any(ossl110, libressl280))] X509_PURPOSE) -> c_int;
     }
 }
 extern "C" {
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 197afb0bbb..8458e7313d 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -2538,7 +2538,7 @@ impl X509PurposeRef {
         unsafe {
             let sname = CString::new(sname).unwrap();
             cfg_if! {
-                if #[cfg(any(ossl110, libressl280))] {
+                if #[cfg(any(ossl110, libressl280, boringssl))] {
                     let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *const _))?;
                 } else {
                     let purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() as *mut _))?;
@@ -2569,8 +2569,14 @@ impl X509PurposeRef {
     /// - `X509_PURPOSE_TIMESTAMP_SIGN`
     pub fn purpose(&self) -> X509PurposeId {
         unsafe {
-            let x509_purpose: *mut ffi::X509_PURPOSE = self.as_ptr();
-            X509PurposeId::from_raw((*x509_purpose).purpose)
+            cfg_if! {
+                if #[cfg(any(ossl110, libressl280, boringssl))] {
+                    let x509_purpose = self.as_ptr() as *const ffi::X509_PURPOSE;
+                } else {
+                    let x509_purpose = self.as_ptr() as *mut ffi::X509_PURPOSE;
+                }
+            }
+            X509PurposeId::from_raw(ffi::X509_PURPOSE_get_id(x509_purpose))
         }
     }
 }

From 9cafc739d2bc92ca3333504539e2c4d5787be810 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Sat, 2 Dec 2023 16:57:15 -0500
Subject: [PATCH 2/2] Restore struct in handwritten, memory-unsafe bindings

---
 openssl-sys/src/handwritten/x509.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
index 6fa5179abf..a93142cd2a 100644
--- a/openssl-sys/src/handwritten/x509.rs
+++ b/openssl-sys/src/handwritten/x509.rs
@@ -687,7 +687,17 @@ extern "C" {
     pub fn X509_REQ_print(bio: *mut BIO, req: *mut X509_REQ) -> c_int;
 }
 
-pub enum X509_PURPOSE {}
+#[repr(C)]
+pub struct X509_PURPOSE {
+    pub purpose: c_int,
+    pub trust: c_int, // Default trust ID
+    pub flags: c_int,
+    pub check_purpose:
+        Option<unsafe extern "C" fn(*const X509_PURPOSE, *const X509, c_int) -> c_int>,
+    pub name: *mut c_char,
+    pub sname: *mut c_char,
+    pub usr_data: *mut c_void,
+}
 
 const_ptr_api! {
     extern "C" {