From 7c346f5b7f582f02ec5b1d353739734c97d2eeb1 Mon Sep 17 00:00:00 2001
From: Chris Novakovic <chris@chrisn.me.uk>
Date: Sun, 18 Dec 2022 23:34:33 +0000
Subject: [PATCH] RSA_generate_key: declare all variables in PREINIT

The default values for perl_cb and perl_data in the type signature of
RSA_generate_key cause xsubpp to emit code that sets the default values
before the CODE section. The declarations that follow in the CODE
section therefore trigger compilation failures under
-Werror=declaration-after-statement.

Move the declarations in the CODE section into the PREINIT section,
which is emitted before the default parameter values are set.

Fixes #407.
---
 Changes   |  3 +++
 SSLeay.xs | 13 ++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Changes b/Changes
index 43cc3db6..a7530bfd 100644
--- a/Changes
+++ b/Changes
@@ -21,6 +21,9 @@ Revision history for Perl extension Net::SSLeay.
 	    - LibreSSL on OpenBSD 6.9
 	    - LibreSSL on OpenBSD 7.1
 	    - Cygwin on x86_64
+	- Refactor variable declarations in RSA_generate_key to allow SSLeay.xs to
+	  compile under -Werror=declaration-after-statement. Fixes GH-407. Thanks to
+	  dharanlinux for the report.
 
 1.93_01 2022-03-20
 	- LibreSSL 3.5.0 has removed access to internal data
diff --git a/SSLeay.xs b/SSLeay.xs
index d39e0592..78b8a0f7 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -6328,6 +6328,14 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
         SV* perl_data
     PREINIT:
         simple_cb_data_t* cb_data = NULL;
+        int rc;
+        RSA * ret;
+        BIGNUM *e;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+        BN_GENCB *new_cb;
+#else
+        BN_GENCB new_cb;
+#endif
     CODE:
        /* openssl 0.9.8 deprecated RSA_generate_key. */
        /* This equivalent was contributed by Brian Fraser for Android, */
@@ -6335,9 +6343,6 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
        /* It should now be more versatile. */
        /* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
        /* instead BN_EGNCB_new() has to be used. */
-       int rc;
-       RSA * ret;
-       BIGNUM *e;
        e = BN_new();
        if(!e)
            croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
@@ -6351,7 +6356,6 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
            croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
        }
 #if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
-       BN_GENCB *new_cb;
        new_cb = BN_GENCB_new();
        if(!new_cb) {
 	   simple_cb_data_free(cb_data);
@@ -6363,7 +6367,6 @@ RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
        rc = RSA_generate_key_ex(ret, bits, e, new_cb);
        BN_GENCB_free(new_cb);
 #else
-       BN_GENCB new_cb;
        BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
        rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
 #endif