upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors

In anticipation of davidben and beck making ASN1_STRING opaque in OpenSSL 4 with the aim of enabling surgery to make the X509 data structure less bad [1], we need to use dumb accessors to avoid build breakage. Fortunately only in one spot. This is OpenSSL 1.1 API and available in all members of the fork family. ok beck djm [1]: https://github.com/openssl/openssl/issues/29117 OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f
2026-01-12 00:04:08 +08:00 · 2025-11-23 07:04:18 +00:00
parent 643222df68
commit 2238c48dc9
1 changed files with 3 additions and 3 deletions
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.74 2025/10/09 23:25:23 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.75 2025/11/23 07:04:18 tb Exp $ */
 /*
 * Copyright (c) 2010 Markus Friedl.  All rights reserved.
 * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -935,8 +935,8 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
 		ossl_error("d2i_ASN1_OCTET_STRING failed");
 		goto fail;
 	}
-	attrp = octet->data;
-	if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) {
+	attrp = ASN1_STRING_get0_data(octet);
+	if (o2i_ECPublicKey(&ec, &attrp, ASN1_STRING_length(octet)) == NULL) {
 		ossl_error("o2i_ECPublicKey failed");
 		goto fail;
 	}