[openssh-commits] [openssh] 01/02: upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2238c48dc90dc56af1d86b298d2cb25fa0c7ef14
Author: tb at openbsd.org <tb at openbsd.org>
AuthorDate: Sun Nov 23 07:04:18 2025 +0000

    upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors
    
    In anticipation of davidben and beck making ASN1_STRING opaque in
    OpenSSL 4 with the aim of enabling surgery to make the X509 data
    structure less bad [1], we need to use dumb accessors to avoid build
    breakage. Fortunately only in one spot.
    
    This is OpenSSL 1.1 API and available in all members of the fork family.
    
    ok beck djm
    
    [1]: https://github.com/openssl/openssl/issues/29117
    
    OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f
---
 ssh-pkcs11.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 5e956208b..0691b618e 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.74 2025/10/09 23:25:23 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.75 2025/11/23 07:04:18 tb Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -935,8 +935,8 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
 		ossl_error("d2i_ASN1_OCTET_STRING failed");
 		goto fail;
 	}
-	attrp = octet->data;
-	if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) {
+	attrp = ASN1_STRING_get0_data(octet);
+	if (o2i_ECPublicKey(&ec, &attrp, ASN1_STRING_length(octet)) == NULL) {
 		ossl_error("o2i_ECPublicKey failed");
 		goto fail;
 	}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.