openssl: Fix some const issues with OpenSSL 1.1.0

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 3f5a7a61d5eaff16a62651f431d25074146905c1..3e7490dc6041856e274a2a0aa957547f0a4beca6 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -291,7 +291,11 @@ METHOD(certificate_t, issued_by, bool,
        chunk_t fingerprint, tbs;
        public_key_t *key;
        x509_t *x509;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const ASN1_BIT_STRING *sig;
+#else
        ASN1_BIT_STRING *sig;
+#endif
        bool valid;
 
        if (issuer->get_type(issuer) != CERT_X509)
@@ -512,7 +516,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
        bool ok;
        int i, num;
        X509_EXTENSION *ext;
-       STACK_OF(X509_EXTENSION) *extensions;
+       const STACK_OF(X509_EXTENSION) *extensions;
 
        extensions = X509_CRL_get0_extensions(this->crl);
        if (extensions)
@@ -567,7 +571,11 @@ static bool parse_crl(private_openssl_crl_t *this)
 {
        const unsigned char *ptr = this->encoding.ptr;
        chunk_t sig_scheme;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const X509_ALGOR *alg;
+#else
        X509_ALGOR *alg;
+#endif
 
        this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len);
        if (!this->crl)
@@ -576,7 +584,7 @@ static bool parse_crl(private_openssl_crl_t *this)
        }
 
        X509_CRL_get0_signature(this->crl, NULL, &alg);
-       sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        INIT(this->scheme);
        if (!signature_params_parse(sig_scheme, 0, this->scheme))
        {

diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index c3363339e0dd02e299b2c60490bea301004f5830..f99dcd6b122f9d47a5d729ba5ea8d7febf3d0fd7 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -26,7 +26,7 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define OBJ_get0_data(o) ((o)->data)
 #define OBJ_length(o) ((o)->length)
-#define ASN1_STRING_get0_data(a) ASN1_STRING_data(a)
+#define ASN1_STRING_get0_data(a) ASN1_STRING_data((ASN1_STRING*)a)
 #endif
 
 /**
@@ -165,7 +165,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1)
 /**
  * Described in header.
  */
-chunk_t openssl_asn1_str2chunk(ASN1_STRING *asn1)
+chunk_t openssl_asn1_str2chunk(const ASN1_STRING *asn1)
 {
        if (asn1)
        {
@@ -214,7 +214,7 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj)
 /**
  * Described in header.
  */
-time_t openssl_asn1_to_time(ASN1_TIME *time)
+time_t openssl_asn1_to_time(const ASN1_TIME *time)
 {
        chunk_t chunk;
 

diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index 80e557fa84060028128bb96af76d42b185ca1e65..4afe76bf2267a8657389777e593f6a9a4c511cb6 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -109,7 +109,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1);
  * @param asn1         asn1 string to convert
  * @return                     chunk, pointing into asn1 string
  */
-chunk_t openssl_asn1_str2chunk(ASN1_STRING *asn1);
+chunk_t openssl_asn1_str2chunk(const ASN1_STRING *asn1);
 
 /**
  * Convert an openssl X509_NAME to a identification_t of type ID_DER_ASN1_DN.
@@ -133,7 +133,7 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj);
  * @param time         openssl ASN1_TIME
  * @returns                    time_t, 0 on error
  */
-time_t openssl_asn1_to_time(ASN1_TIME *time);
+time_t openssl_asn1_to_time(const ASN1_TIME *time);
 
 /**
  * Compatibility macros

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index fae2d678fbe6528e430a9aaa8e3493e9bb1d4242..fe21b0221debce47558c72d2bc31e3372b072967 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -389,7 +389,11 @@ METHOD(certificate_t, issued_by, bool,
        public_key_t *key;
        bool valid;
        x509_t *x509 = (x509_t*)issuer;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const ASN1_BIT_STRING *sig;
+#else
        ASN1_BIT_STRING *sig;
+#endif
        chunk_t tbs;
 
        if (&this->public.x509.interface == issuer)
@@ -993,7 +997,7 @@ static bool parse_subjectKeyIdentifier_ext(private_openssl_x509_t *this,
  */
 static bool parse_extensions(private_openssl_x509_t *this)
 {
-       STACK_OF(X509_EXTENSION) *extensions;
+       const STACK_OF(X509_EXTENSION) *extensions;
        int i, num;
 
        /* unless we see a keyUsage extension we are compliant with RFC 4945 */
@@ -1077,7 +1081,11 @@ static bool parse_certificate(private_openssl_x509_t *this)
        hasher_t *hasher;
        chunk_t chunk, sig_scheme, sig_scheme_tbs;
        ASN1_OBJECT *oid;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       const X509_ALGOR *alg;
+#else
        X509_ALGOR *alg;
+#endif
 
        this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
        if (!this->x509)
@@ -1135,9 +1143,9 @@ static bool parse_certificate(private_openssl_x509_t *this)
        /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL
         * versions, at least on Ubuntu 14.04 it is not actually defined */
        X509_get0_signature(NULL, &alg, this->x509);
-       sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        alg = X509_get0_tbs_sigalg(this->x509);
-       sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, alg);
+       sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, (X509_ALGOR*)alg);
        if (!chunk_equals(sig_scheme, sig_scheme_tbs))
        {
                free(sig_scheme_tbs.ptr);