Skip to content

Commit 8abcd00

Browse files
panvapanva
committed
feat: enable compilation/linking with OpenSSL 4.0
1 parent 88555cc commit 8abcd00

2 files changed

Lines changed: 37 additions & 24 deletions

File tree

include/ncrypto.h

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1622,8 +1622,9 @@ int NoPasswordCallback(char* buf, int size, int rwflag, void* u);
16221622

16231623
int PasswordCallback(char* buf, int size, int rwflag, void* u);
16241624

1625-
bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext);
1626-
bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext);
1625+
bool SafeX509SubjectAltNamePrint(const BIOPointer& out,
1626+
const X509_EXTENSION* ext);
1627+
bool SafeX509InfoAccessPrint(const BIOPointer& out, const X509_EXTENSION* ext);
16271628

16281629
// ============================================================================
16291630
// SPKAC

src/ncrypto.cpp

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -819,19 +819,25 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
819819
// Note that the preferred name syntax (see RFCs 5280 and 1034) with
820820
// wildcards is a subset of what we consider "safe", so spec-compliant DNS
821821
// names will never need to be escaped.
822-
PrintAltName(out, reinterpret_cast<const char*>(name->data), name->length);
822+
PrintAltName(out,
823+
reinterpret_cast<const char*>(ASN1_STRING_get0_data(name)),
824+
ASN1_STRING_length(name));
823825
} else if (gen->type == GEN_EMAIL) {
824826
ASN1_IA5STRING* name = gen->d.rfc822Name;
825827
BIO_write(out.get(), "email:", 6);
826-
PrintAltName(out, reinterpret_cast<const char*>(name->data), name->length);
828+
PrintAltName(out,
829+
reinterpret_cast<const char*>(ASN1_STRING_get0_data(name)),
830+
ASN1_STRING_length(name));
827831
} else if (gen->type == GEN_URI) {
828832
ASN1_IA5STRING* name = gen->d.uniformResourceIdentifier;
829833
BIO_write(out.get(), "URI:", 4);
830834
// The set of "safe" names was designed to include just about any URI,
831835
// with a few exceptions, most notably URIs that contains commas (see
832836
// RFC 2396). In other words, most legitimate URIs will not require
833837
// escaping.
834-
PrintAltName(out, reinterpret_cast<const char*>(name->data), name->length);
838+
PrintAltName(out,
839+
reinterpret_cast<const char*>(ASN1_STRING_get0_data(name)),
840+
ASN1_STRING_length(name));
835841
} else if (gen->type == GEN_DIRNAME) {
836842
// Earlier versions of Node.js used X509_NAME_oneline to print the X509_NAME
837843
// object. The format was non standard and should be avoided. The use of
@@ -864,17 +870,18 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
864870
} else if (gen->type == GEN_IPADD) {
865871
BIO_printf(out.get(), "IP Address:");
866872
const ASN1_OCTET_STRING* ip = gen->d.ip;
867-
const unsigned char* b = ip->data;
868-
if (ip->length == 4) {
873+
const unsigned char* b = ASN1_STRING_get0_data(ip);
874+
int ip_len = ASN1_STRING_length(ip);
875+
if (ip_len == 4) {
869876
BIO_printf(out.get(), "%d.%d.%d.%d", b[0], b[1], b[2], b[3]);
870-
} else if (ip->length == 16) {
877+
} else if (ip_len == 16) {
871878
for (unsigned int j = 0; j < 8; j++) {
872879
uint16_t pair = (b[2 * j] << 8) | b[2 * j + 1];
873880
BIO_printf(out.get(), (j == 0) ? "%X" : ":%X", pair);
874881
}
875882
} else {
876883
#if OPENSSL_VERSION_MAJOR >= 3
877-
BIO_printf(out.get(), "<invalid length=%d>", ip->length);
884+
BIO_printf(out.get(), "<invalid length=%d>", ip_len);
878885
#else
879886
BIO_printf(out.get(), "<invalid>");
880887
#endif
@@ -924,15 +931,15 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
924931
if (unicode) {
925932
auto name = gen->d.otherName->value->value.utf8string;
926933
PrintAltName(out,
927-
reinterpret_cast<const char*>(name->data),
928-
name->length,
934+
reinterpret_cast<const char*>(ASN1_STRING_get0_data(name)),
935+
ASN1_STRING_length(name),
929936
AltNameOption::UTF8,
930937
prefix);
931938
} else {
932939
auto name = gen->d.otherName->value->value.ia5string;
933940
PrintAltName(out,
934-
reinterpret_cast<const char*>(name->data),
935-
name->length,
941+
reinterpret_cast<const char*>(ASN1_STRING_get0_data(name)),
942+
ASN1_STRING_length(name),
936943
AltNameOption::NONE,
937944
prefix);
938945
}
@@ -953,11 +960,14 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
953960
}
954961
} // namespace
955962

956-
bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
957-
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
963+
bool SafeX509SubjectAltNamePrint(const BIOPointer& out,
964+
const X509_EXTENSION* ext) {
965+
// const_cast needed for OpenSSL < 4.0 which lacks const-correctness
966+
auto* mext = const_cast<X509_EXTENSION*>(ext);
967+
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(mext));
958968
if (ret != NID_subject_alt_name) return false;
959969

960-
GENERAL_NAMES* names = static_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ext));
970+
GENERAL_NAMES* names = static_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(mext));
961971
if (names == nullptr) return false;
962972

963973
bool ok = true;
@@ -976,12 +986,14 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
976986
return ok;
977987
}
978988

979-
bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
980-
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
989+
bool SafeX509InfoAccessPrint(const BIOPointer& out, const X509_EXTENSION* ext) {
990+
// const_cast needed for OpenSSL < 4.0 which lacks const-correctness
991+
auto* mext = const_cast<X509_EXTENSION*>(ext);
992+
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(mext));
981993
if (ret != NID_info_access) return false;
982994

983995
AUTHORITY_INFO_ACCESS* descs =
984-
static_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ext));
996+
static_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(mext));
985997
if (descs == nullptr) return false;
986998

987999
bool ok = true;
@@ -1125,7 +1137,7 @@ BIOPointer X509View::getValidFrom() const {
11251137
if (cert_ == nullptr) return {};
11261138
BIOPointer bio(BIO_new(BIO_s_mem()));
11271139
if (!bio) return {};
1128-
ASN1_TIME_print(bio.get(), X509_get_notBefore(cert_));
1140+
ASN1_TIME_print(bio.get(), X509_get0_notBefore(cert_));
11291141
return bio;
11301142
}
11311143

@@ -1134,7 +1146,7 @@ BIOPointer X509View::getValidTo() const {
11341146
if (cert_ == nullptr) return {};
11351147
BIOPointer bio(BIO_new(BIO_s_mem()));
11361148
if (!bio) return {};
1137-
ASN1_TIME_print(bio.get(), X509_get_notAfter(cert_));
1149+
ASN1_TIME_print(bio.get(), X509_get0_notAfter(cert_));
11381150
return bio;
11391151
}
11401152

@@ -4824,12 +4836,12 @@ bool X509Name::Iterator::operator!=(const Iterator& other) const {
48244836
std::pair<std::string, std::string> X509Name::Iterator::operator*() const {
48254837
if (loc_ == name_.total_) return {{}, {}};
48264838

4827-
X509_NAME_ENTRY* entry = X509_NAME_get_entry(name_, loc_);
4839+
const X509_NAME_ENTRY* entry = X509_NAME_get_entry(name_, loc_);
48284840
if (entry == nullptr) [[unlikely]]
48294841
return {{}, {}};
48304842

4831-
ASN1_OBJECT* name = X509_NAME_ENTRY_get_object(entry);
4832-
ASN1_STRING* value = X509_NAME_ENTRY_get_data(entry);
4843+
const ASN1_OBJECT* name = X509_NAME_ENTRY_get_object(entry);
4844+
const ASN1_STRING* value = X509_NAME_ENTRY_get_data(entry);
48334845

48344846
if (name == nullptr || value == nullptr) [[unlikely]] {
48354847
return {{}, {}};

0 commit comments

Comments
 (0)