Skip to content

Commit 8059288

Browse files
heitbaumlws-team
heitbaum
and
lws-team
committed
openssl: x509: allow build with OpenSSL 4.x
ASN1_STRING are now opaque types — the internal data and length fields are no longer directly accessible. Use the accessor API instead. Accessors have been available since OpenSSL 1.1.0 Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable. Add const qualifer to variables. Co-authored-by: Andy Green <andy@warmcat.com> Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
1 parent ad2cc07 commit 8059288

1 file changed

Lines changed: 22 additions & 15 deletions

File tree

lib/tls/openssl/openssl-x509.c

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/*
22
* libwebsockets - small server side websockets and web server implementation
33
*
4-
* Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
4+
* Copyright (C) 2010 - 2026 Andy Green <andy@warmcat.com>
55
*
66
* Permission is hereby granted, free of charge, to any person obtaining a copy
77
* of this software and associated documentation files (the "Software"), to
@@ -26,6 +26,12 @@
2626
#include "private-lib-core.h"
2727
#include "private-lib-tls-openssl.h"
2828

29+
#if OPENSSL_VERSION_NUMBER >= 0x40000000L
30+
#define CAST_X509_EXTENSION(x) (x)
31+
#else
32+
#define CAST_X509_EXTENSION(x) ((X509_EXTENSION *)(x))
33+
#endif
34+
2935
#if !defined(LWS_PLAT_OPTEE)
3036
static int
3137
dec(char c)
@@ -39,7 +45,7 @@ lws_tls_openssl_asn1time_to_unix(ASN1_TIME *as)
3945
{
4046
#if !defined(LWS_PLAT_OPTEE)
4147

42-
const char *p = (const char *)as->data;
48+
const char *p = (const char *)ASN1_STRING_get0_data(as);
4349
struct tm t;
4450

4551
/* [YY]YYMMDDHHMMSSZ */
@@ -84,12 +90,13 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
8490
#ifndef USE_WOLFSSL
8591
const unsigned char *dp;
8692
ASN1_OCTET_STRING *val;
93+
const ASN1_OCTET_STRING *val2;
8794
AUTHORITY_KEYID *akid;
88-
X509_EXTENSION *ext;
95+
const X509_EXTENSION *ext;
8996
int tag, xclass, r = 1;
9097
long xlen, loc;
9198
#endif
92-
X509_NAME *xn;
99+
const X509_NAME *xn;
93100
#if !defined(LWS_PLAT_OPTEE)
94101
char *p, *p1;
95102
size_t rl;
@@ -219,15 +226,15 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
219226
if (!ext)
220227
return 1;
221228
#ifndef USE_WOLFSSL
222-
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext);
229+
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext));
223230
#else
224231
akid = (AUTHORITY_KEYID *)wolfSSL_X509V3_EXT_d2i(ext);
225232
#endif
226233
if (!akid || !akid->keyid)
227234
return 1;
228235
val = akid->keyid;
229-
dp = (const unsigned char *)val->data;
230-
xlen = val->length;
236+
dp = ASN1_STRING_get0_data(val);
237+
xlen = ASN1_STRING_length(val);
231238

232239
buf->ns.len = (int)xlen;
233240
if (len < (size_t)buf->ns.len)
@@ -248,7 +255,7 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
248255
return 1;
249256

250257
#ifndef USE_WOLFSSL
251-
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext);
258+
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext));
252259
#else
253260
akid = (AUTHORITY_KEYID *)wolfSSL_X509V3_EXT_d2i(ext);
254261
#endif
@@ -257,7 +264,7 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
257264

258265
#if defined(LWS_HAVE_OPENSSL_STACK)
259266
{
260-
const X509V3_EXT_METHOD* method = X509V3_EXT_get(ext);
267+
const X509V3_EXT_METHOD* method = X509V3_EXT_get(CAST_X509_EXTENSION(ext));
261268
STACK_OF(CONF_VALUE) *cv;
262269
#if defined(LWS_WITH_BORINGSSL) || defined(LWS_WITH_AWSLC)
263270
size_t j;
@@ -303,7 +310,7 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
303310
ext = X509_get_ext(x509, (int)loc);
304311
if (!ext)
305312
return 1;
306-
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ext);
313+
akid = (AUTHORITY_KEYID *)X509V3_EXT_d2i(CAST_X509_EXTENSION(ext));
307314
if (!akid || !akid->serial)
308315
return 1;
309316

@@ -330,17 +337,17 @@ lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
330337
if (!ext)
331338
return 1;
332339

333-
val = X509_EXTENSION_get_data(ext);
334-
if (!val)
340+
val2 = X509_EXTENSION_get_data(CAST_X509_EXTENSION(ext));
341+
if (!val2)
335342
return 1;
336343

337344
#if defined(USE_WOLFSSL)
338345
return 1;
339346
#else
340-
dp = (const unsigned char *)val->data;
347+
dp = ASN1_STRING_get0_data(val2);
341348

342349
if (ASN1_get_object(&dp, &xlen,
343-
&tag, &xclass, val->length) & 0x80)
350+
&tag, &xclass, ASN1_STRING_length(val2)) & 0x80)
344351
return -1;
345352

346353
if (tag != V_ASN1_OCTET_STRING) {
@@ -456,7 +463,7 @@ lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted,
456463
int ret;
457464

458465
if (common_name) {
459-
X509_NAME *xn = X509_get_subject_name(x509->cert);
466+
const X509_NAME *xn = X509_get_subject_name(x509->cert);
460467
if (!xn)
461468
return -1;
462469
X509_NAME_oneline(xn, c, (int)sizeof(c) - 2);

0 commit comments

Comments
 (0)