openssl: Fix call of X509_CRL_get0_signature() with OpenSSL 1.1.0
authorTobias Brunner <tobias@strongswan.org>
Fri, 6 Oct 2017 13:26:19 +0000 (15:26 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 10 Oct 2017 08:09:08 +0000 (10:09 +0200)
The order of arguments in X509_CRL_get0_signature() is not the same as that
of X509_get0_signature().

Fixes: 989ba4b6cd16 ("openssl: Update CRL API to OpenSSL 1.1.0")

src/libstrongswan/plugins/openssl/openssl_crl.c

index e8b58c7..503f7bf 100644 (file)
@@ -50,7 +50,7 @@
 #include <credentials/certificates/x509.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 #include <credentials/certificates/x509.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
        if (psig) { *psig = crl->signature; }
        if (palg) { *palg = crl->sig_alg; }
 }
        if (psig) { *psig = crl->signature; }
        if (palg) { *palg = crl->sig_alg; }
 }
@@ -331,7 +331,7 @@ METHOD(certificate_t, issued_by, bool,
 #else
        tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
 #endif
 #else
        tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
 #endif
-       X509_CRL_get0_signature(&sig, NULL, this->crl);
+       X509_CRL_get0_signature(this->crl, &sig, NULL);
        valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
        free(tbs.ptr);
        key->destroy(key);
        valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
        free(tbs.ptr);
        key->destroy(key);
@@ -575,7 +575,7 @@ static bool parse_crl(private_openssl_crl_t *this)
                return FALSE;
        }
 
                return FALSE;
        }
 
-       X509_CRL_get0_signature(NULL, &alg, this->crl);
+       X509_CRL_get0_signature(this->crl, NULL, &alg);
        X509_ALGOR_get0(&oid, NULL, NULL, alg);
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
        if (!chunk_equals(
        X509_ALGOR_get0(&oid, NULL, NULL, alg);
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
        if (!chunk_equals(