Suppress compiler warnings with OpenSSL < 3.0 and fix engine-less builds

appx.c

@@ -873,11 +873,18 @@ static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD
     u_char *mdbuf = NULL;
     BIO *bhash = BIO_new(BIO_f_md());
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(bhash);
         return NULL; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     if (!appx_write_central_directory(bhash, zip, 1, cdOffset)) {
         fprintf(stderr, "Unable to write central directory\n");
@@ -1000,11 +1007,18 @@ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const
     BIO *bhash = BIO_new(BIO_f_md());
     uint64_t noEntries = 0;
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(bhash);
         return NULL; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     *cdOffset = 0;
     for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) {
@@ -1758,12 +1772,19 @@ static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD *
         return NULL; /* FAILED */
     }
     bhash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         OPENSSL_free(data);
         BIO_free_all(bhash);
         return NULL; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     if (!bio_hash_data(bhash, (char *)data, 0, dataSize)) {
         OPENSSL_free(data);

cab.c

@@ -205,11 +205,18 @@ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md)
     u_char *mdbuf = NULL;
     BIO *bhash = BIO_new(BIO_f_md());
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(bhash);
         return 0;  /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
 
     /* u1 signature[4] 4643534D MSCF: 0-3 */

helpers.c

@@ -777,13 +777,29 @@ static int X509_compare(const X509 *const *a, const X509 *const *b)
     size_t a_len, b_len;
     int ret;
 
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wincompatible-pointer-types-discards-qualifiers"
+#elif defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+#endif
+#endif /* OPENSSL_VERSION_NUMBER<0x30000000L */
     a_len = (size_t)i2d_X509(*a, NULL);
     a_tmp = a_data = OPENSSL_malloc(a_len);
     i2d_X509(*a, &a_tmp);
 
     b_len = (size_t)i2d_X509(*b, NULL);
     b_tmp = b_data = OPENSSL_malloc(b_len);
     i2d_X509(*b, &b_tmp);
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+#endif /* OPENSSL_VERSION_NUMBER<0x30000000L */
 
     ret = memcmp(a_data, b_data, MIN(a_len, b_len));
     OPENSSL_free(a_data);

msi.c

@@ -373,11 +373,18 @@ static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md)
     u_char *mdbuf = NULL;
     BIO *bhash = BIO_new(BIO_f_md());
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(bhash);
         return NULL;  /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     if (!bio_hash_data(bhash, ctx->options->indata, 0, ctx->msi_ctx->fileend)) {
         fprintf(stderr, "Unable to calculate digest\n");
@@ -426,11 +433,18 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7)
     printf("Message digest algorithm         : %s\n", OBJ_nid2sn(mdtype));
     md = EVP_get_digestbynid(mdtype);
     hash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(hash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(hash);
         return 0; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(hash, BIO_new(BIO_s_null()));
     if (ctx->msi_ctx->p_msiex) {
         BIO *prehash = BIO_new(BIO_f_md());
@@ -440,12 +454,19 @@ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7)
             BIO_free_all(prehash);
             return 0; /* FAILED */
         }
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
         if (!BIO_set_md(prehash, md)) {
             fprintf(stderr, "Unable to set the message digest of BIO\n");
             BIO_free_all(hash);
             BIO_free_all(prehash);
             return 0; /* FAILED */
         }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
         BIO_push(prehash, BIO_new(BIO_s_null()));
 
         print_hash("Current MsiDigitalSignatureEx    ", "", (u_char *)ctx->msi_ctx->p_msiex,
@@ -2298,11 +2319,18 @@ static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash)
     size_t written;
     BIO *prehash = BIO_new(BIO_f_md());
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(prehash, ctx->options->md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(prehash);
         return 0; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(prehash, BIO_new(BIO_s_null()));
 
     if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) {

osslsigncode.c

@@ -303,10 +303,17 @@ static BIO *bio_encode_rfc3161_request(PKCS7 *p7, const EVP_MD *md)
         goto out;
 
     bhash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         goto out;
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     BIO_write(bhash, si->enc_digest->data, si->enc_digest->length);
     BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md));
@@ -1817,10 +1824,17 @@ static int trusted_cert(X509 *cert, int error) {
     const EVP_MD *md = EVP_get_digestbynid(NID_sha256);
     BIO *bhash = BIO_new(BIO_f_md());
 
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         BIO_free_all(bhash);
         return 0; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     len = i2d_X509(cert, NULL);
     p = OPENSSL_malloc((size_t)len);
@@ -2173,12 +2187,19 @@ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp)
 
             /* compute a hash from the encrypted message digest value of the file */
             bhash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
             if (!BIO_set_md(bhash, md)) {
                 fprintf(stderr, "Unable to set the message digest of BIO\n");
                 BIO_free_all(bhash);
                 TS_TST_INFO_free(token);
                 return 0; /* FAILED */
             }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
             BIO_push(bhash, BIO_new(BIO_s_null()));
             BIO_write(bhash, si->enc_digest->data, si->enc_digest->length);
             BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md));
@@ -2531,12 +2552,19 @@ static int verify_leaf_hash(X509 *cert, const char *leafhash)
 
     /* compute the leaf certificate hash */
     bhash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
     if (!BIO_set_md(bhash, md)) {
         fprintf(stderr, "Unable to set the message digest of BIO\n");
         BIO_free_all(bhash);
         OPENSSL_free(mdbuf);
         return 0; /* FAILED */
     }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
     BIO_push(bhash, BIO_new(BIO_s_null()));
     certlen = (size_t)i2d_X509(cert, NULL);
     certbuf = OPENSSL_malloc(certlen);
@@ -3346,7 +3374,23 @@ static int PKCS7_compare(const PKCS7 *const *a, const PKCS7 *const *b)
     long index_a, index_b;
     int ret = 0;
 
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wincompatible-pointer-types-discards-qualifiers"
+#elif defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+#endif
+#endif /* OPENSSL_VERSION_NUMBER<0x30000000L */
     p7_a = PKCS7_dup(*a);
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
     if (!p7_a)
         goto out;
     signer_info = PKCS7_get_signer_info(p7_a);
@@ -3358,7 +3402,23 @@ static int PKCS7_compare(const PKCS7 *const *a, const PKCS7 *const *b)
     time_a = asn1_time_get_si_time(si);
     index_a = get_sequence_number(si);
 
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wincompatible-pointer-types-discards-qualifiers"
+#elif defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+#endif
+#endif /* OPENSSL_VERSION_NUMBER<0x30000000L */
     p7_b = PKCS7_dup(*b);
+#if OPENSSL_VERSION_NUMBER<0x30000000L
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
     if (!p7_b)
         goto out;
     signer_info = PKCS7_get_signer_info(p7_b);
@@ -4242,15 +4302,19 @@ static int read_crypto_params(GLOBAL_OPTIONS *options)
     else if (options->p11engine) {
         if(!engine_load(options))
             goto out;
+    }
 #endif /* OPENSSL_NO_ENGINE */
-    } else if (options->p11module) {
+    else if (options->p11module) {
 #if OPENSSL_VERSION_NUMBER>=0x30000000L
         /* Try to load PKCS#11 provider first */
         if ((options->provider && provider_load(options->provider)) || provider_load("pkcs11prov")) {
             load_objects_from_store(options->keyfile, options->pass, &options->pkey, NULL, NULL);
             load_objects_from_store(options->p11cert, options->pass, NULL, options->certs, NULL);
-        } else
+        }
 #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
+#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER>=0x30000000L
+        else
+#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
 #ifndef OPENSSL_NO_ENGINE
             /* try to find and load libp11 'pkcs11' engine */
             if (!engine_load(options))
@@ -4280,9 +4344,9 @@ static int read_crypto_params(GLOBAL_OPTIONS *options)
     if (sk_X509_num(options->certs) == 0 && !read_pkcs7_certfile(options)) {
         return 0; /* FAILED */
     }
-#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L
+#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER<0x1010108f
 out:
-#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
+#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER<0x1010108f */
     return (options->pkey && sk_X509_num(options->certs) > 0) ? 1 : 0;
 }
 
@@ -5007,9 +5071,16 @@ int main(int argc, char **argv)
     if (options.cmd != CMD_VERIFY) {
         /* Create message digest BIO */
         hash = BIO_new(BIO_f_md());
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
         if (!BIO_set_md(hash, options.md)) {
             DO_EXIT_0("Unable to set the message digest of BIO\n");
         }
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
         /* Create outdata file */
         outdata = BIO_new_file(options.outfile, "w+bx");
         if (!outdata && errno != EEXIST)

osslsigncode.h

@@ -268,11 +268,13 @@ typedef struct {
     int output_pkcs7;
 #ifndef OPENSSL_NO_ENGINE
     char *p11engine;
-    char *p11module;
-    char *p11cert;
-    int login;
     STACK_OF(EngineControl) *engine_ctrls;
+    int login;
 #endif /* OPENSSL_NO_ENGINE */
+#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L
+    char *p11module;
+    char *p11cert;
+#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
     int askpass;
     char *readpass;
     char *pass;