upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors

In anticipation of davidben and beck making ASN1_STRING opaque in
OpenSSL 4 with the aim of enabling surgery to make the X509 data
structure less bad [1], we need to use dumb accessors to avoid build
breakage. Fortunately only in one spot.

This is OpenSSL 1.1 API and available in all members of the fork family.

ok beck djm

[1]: https://github.com/openssl/openssl/issues/29117

OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 5e956208bb72547c1538624a1660c260541cd0ed..0691b618e77cf164159c6162d2209c6298ece336 100644 (file)
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.74 2025/10/09 23:25:23 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.75 2025/11/23 07:04:18 tb Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -935,8 +935,8 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
                ossl_error("d2i_ASN1_OCTET_STRING failed");
                goto fail;
        }
-       attrp = octet->data;
-       if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) {
+       attrp = ASN1_STRING_get0_data(octet);
+       if (o2i_ECPublicKey(&ec, &attrp, ASN1_STRING_length(octet)) == NULL) {
                ossl_error("o2i_ECPublicKey failed");
                goto fail;
        }