openssl: Fix some const issues with OpenSSL 1.1.0
authorTobias Brunner <tobias@strongswan.org>
Tue, 30 Oct 2018 16:15:49 +0000 (17:15 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 31 Oct 2018 14:50:36 +0000 (15:50 +0100)
src/libstrongswan/plugins/openssl/openssl_crl.c
src/libstrongswan/plugins/openssl/openssl_util.c
src/libstrongswan/plugins/openssl/openssl_util.h
src/libstrongswan/plugins/openssl/openssl_x509.c

index 3f5a7a6..3e7490d 100644 (file)
@@ -291,7 +291,11 @@ METHOD(certificate_t, issued_by, bool,
        chunk_t fingerprint, tbs;
        public_key_t *key;
        x509_t *x509;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const ASN1_BIT_STRING *sig;
+#else
        ASN1_BIT_STRING *sig;
+#endif
        bool valid;
 
        if (issuer->get_type(issuer) != CERT_X509)
@@ -512,7 +516,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
        bool ok;
        int i, num;
        X509_EXTENSION *ext;
-       STACK_OF(X509_EXTENSION) *extensions;
+       const STACK_OF(X509_EXTENSION) *extensions;
 
        extensions = X509_CRL_get0_extensions(this->crl);
        if (extensions)
@@ -567,7 +571,11 @@ static bool parse_crl(private_openssl_crl_t *this)
 {
        const unsigned char *ptr = this->encoding.ptr;
        chunk_t sig_scheme;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const X509_ALGOR *alg;
+#else
        X509_ALGOR *alg;
+#endif
 
        this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len);
        if (!this->crl)
@@ -576,7 +584,7 @@ static bool parse_crl(private_openssl_crl_t *this)
        }
 
        X509_CRL_get0_signature(this->crl, NULL, &alg);
-       sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        INIT(this->scheme);
        if (!signature_params_parse(sig_scheme, 0, this->scheme))
        {
index c336333..f99dcd6 100644 (file)
@@ -26,7 +26,7 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define OBJ_get0_data(o) ((o)->data)
 #define OBJ_length(o) ((o)->length)
-#define ASN1_STRING_get0_data(a) ASN1_STRING_data(a)
+#define ASN1_STRING_get0_data(a) ASN1_STRING_data((ASN1_STRING*)a)
 #endif
 
 /**
@@ -165,7 +165,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1)
 /**
  * Described in header.
  */
-chunk_t openssl_asn1_str2chunk(ASN1_STRING *asn1)
+chunk_t openssl_asn1_str2chunk(const ASN1_STRING *asn1)
 {
        if (asn1)
        {
@@ -214,7 +214,7 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj)
 /**
  * Described in header.
  */
-time_t openssl_asn1_to_time(ASN1_TIME *time)
+time_t openssl_asn1_to_time(const ASN1_TIME *time)
 {
        chunk_t chunk;
 
index 80e557f..4afe76b 100644 (file)
@@ -109,7 +109,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1);
  * @param asn1         asn1 string to convert
  * @return                     chunk, pointing into asn1 string
  */
-chunk_t openssl_asn1_str2chunk(ASN1_STRING *asn1);
+chunk_t openssl_asn1_str2chunk(const ASN1_STRING *asn1);
 
 /**
  * Convert an openssl X509_NAME to a identification_t of type ID_DER_ASN1_DN.
@@ -133,7 +133,7 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj);
  * @param time         openssl ASN1_TIME
  * @returns                    time_t, 0 on error
  */
-time_t openssl_asn1_to_time(ASN1_TIME *time);
+time_t openssl_asn1_to_time(const ASN1_TIME *time);
 
 /**
  * Compatibility macros
index fae2d67..fe21b02 100644 (file)
@@ -389,7 +389,11 @@ METHOD(certificate_t, issued_by, bool,
        public_key_t *key;
        bool valid;
        x509_t *x509 = (x509_t*)issuer;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const ASN1_BIT_STRING *sig;
+#else
        ASN1_BIT_STRING *sig;
+#endif
        chunk_t tbs;
 
        if (&this->public.x509.interface == issuer)
@@ -993,7 +997,7 @@ static bool parse_subjectKeyIdentifier_ext(private_openssl_x509_t *this,
  */
 static bool parse_extensions(private_openssl_x509_t *this)
 {
-       STACK_OF(X509_EXTENSION) *extensions;
+       const STACK_OF(X509_EXTENSION) *extensions;
        int i, num;
 
        /* unless we see a keyUsage extension we are compliant with RFC 4945 */
@@ -1077,7 +1081,11 @@ static bool parse_certificate(private_openssl_x509_t *this)
        hasher_t *hasher;
        chunk_t chunk, sig_scheme, sig_scheme_tbs;
        ASN1_OBJECT *oid;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const X509_ALGOR *alg;
+#else
        X509_ALGOR *alg;
+#endif
 
        this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
        if (!this->x509)
@@ -1135,9 +1143,9 @@ static bool parse_certificate(private_openssl_x509_t *this)
        /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL
         * versions, at least on Ubuntu 14.04 it is not actually defined */
        X509_get0_signature(NULL, &alg, this->x509);
-       sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        alg = X509_get0_tbs_sigalg(this->x509);
-       sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        if (!chunk_equals(sig_scheme, sig_scheme_tbs))
        {
                free(sig_scheme_tbs.ptr);