From: tb@openbsd.org Date: Sun, 23 Nov 2025 07:04:18 +0000 (+0000) Subject: upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2238c48dc90dc56af1d86b298d2cb25fa0c7ef14;p=thirdparty%2Fopenssh-portable.git upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors In anticipation of davidben and beck making ASN1_STRING opaque in OpenSSL 4 with the aim of enabling surgery to make the X509 data structure less bad [1], we need to use dumb accessors to avoid build breakage. Fortunately only in one spot. This is OpenSSL 1.1 API and available in all members of the fork family. ok beck djm [1]: https://github.com/openssl/openssl/issues/29117 OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f --- diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 5e956208b..0691b618e 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.74 2025/10/09 23:25:23 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.75 2025/11/23 07:04:18 tb Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -935,8 +935,8 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, ossl_error("d2i_ASN1_OCTET_STRING failed"); goto fail; } - attrp = octet->data; - if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) { + attrp = ASN1_STRING_get0_data(octet); + if (o2i_ECPublicKey(&ec, &attrp, ASN1_STRING_length(octet)) == NULL) { ossl_error("o2i_ECPublicKey failed"); goto fail; }