Various minor adjustments to make openssl(1) compile with opaque

structs in X509.
author: tb <> 2021-10-31 16:47:27 +0000
committer: tb <> 2021-10-31 16:47:27 +0000
commit: 9088131a0bf4a9930c61b7096992aa4e3fec2959 (patch)
tree: 3c9769bd20746b2b91b2bda913b17dee8a2a1288
parent: 5975302da7b3560abf4c50749b73f63f7772d1b6 (diff)
download: openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.tar.gz
openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.tar.bz2
openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.zip
3 files changed, 23 insertions, 12 deletions
diff --git a/src/usr.bin/openssl/crl.c b/src/usr.bin/openssl/crl.c
index ff64c62152..031360854c 100644
--- a/src/usr.bin/openssl/crl.c
+++ b/src/usr.bin/openssl/crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crl.c,v 1.14 2021/10/23 14:49:39 tb Exp $ */
+/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -225,7 +225,7 @@ crl_main(int argc, char **argv)
        X509_STORE *store = NULL;
        X509_STORE_CTX *ctx = NULL;
        X509_LOOKUP *lookup = NULL;
-        X509_OBJECT xobj;
+        X509_OBJECT *xobj = NULL;
        EVP_PKEY *pkey;
        const EVP_MD *digest;
        char *digest_name = NULL;
@@ -302,6 +302,8 @@ crl_main(int argc, char **argv)
                if ((ctx = X509_STORE_CTX_new()) == NULL)
                        goto end;
+                if ((xobj = X509_OBJECT_new()) == NULL)
+                        goto end;
                if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
                        BIO_printf(bio_err,
@@ -309,14 +311,15 @@ crl_main(int argc, char **argv)
                        goto end;
                }
                i = X509_STORE_get_by_subject(ctx, X509_LU_X509,
-                    X509_CRL_get_issuer(x), &xobj);
+                    X509_CRL_get_issuer(x), xobj);
                if (i <= 0) {
                        BIO_printf(bio_err,
                            "Error getting CRL issuer certificate\n");
                        goto end;
                }
-                pkey = X509_get_pubkey(X509_OBJECT_get0_X509(&xobj));
+                pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
-                X509_OBJECT_free_contents(&xobj);
+                X509_OBJECT_free(xobj);
+                xobj = NULL;
                if (!pkey) {
                        BIO_printf(bio_err,
                            "Error getting CRL issuer public key\n");
@@ -436,6 +439,7 @@ crl_main(int argc, char **argv)
        X509_CRL_free(x);
        X509_STORE_CTX_free(ctx);
        X509_STORE_free(store);
+        X509_OBJECT_free(xobj);
        return (ret);
 }
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 4d5c0bbf21..e1a89211c0 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.c,v 1.15 2021/10/23 14:48:33 tb Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.16 2021/10/31 16:47:27 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -905,8 +905,11 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
        case NID_pkcs8ShroudedKeyBag:
                if (options & INFO) {
+                        const X509_ALGOR *tp8alg;
                        BIO_printf(bio_err, "Shrouded Keybag: ");
-                        alg_print(bio_err, bag->value.shkeybag->algor);
+                        X509_SIG_get0(bag->value.shkeybag, &tp8alg, NULL);
+                        alg_print(bio_err, tp8alg);
                }
                if (options & NOKEYS)
                        return 1;
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 84fb114292..233b8fdced 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.52 2021/10/23 14:52:51 tb Exp $ */
+/* $OpenBSD: s_server.c,v 1.53 2021/10/31 16:47:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2337,7 +2337,7 @@ cert_status_cb(SSL *s, void *arg)
        STACK_OF(OPENSSL_STRING) *aia = NULL;
        X509 *x = NULL;
        X509_STORE_CTX *inctx = NULL;
-        X509_OBJECT obj;
+        X509_OBJECT *obj = NULL;
        OCSP_REQUEST *req = NULL;
        OCSP_RESPONSE *resp = NULL;
        OCSP_CERTID *id = NULL;
@@ -2378,8 +2378,10 @@ cert_status_cb(SSL *s, void *arg)
            SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
                NULL, NULL))
                goto err;
+        if ((obj = X509_OBJECT_new()) == NULL)
+                goto done;
        if (X509_STORE_get_by_subject(inctx, X509_LU_X509,
-            X509_get_issuer_name(x), &obj) <= 0) {
+            X509_get_issuer_name(x), obj) <= 0) {
                BIO_puts(err,
                    "cert_status: Can't retrieve issuer certificate.\n");
                X509_STORE_CTX_cleanup(inctx);
@@ -2388,8 +2390,9 @@ cert_status_cb(SSL *s, void *arg)
        req = OCSP_REQUEST_new();
        if (!req)
                goto err;
-        id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(&obj));
+        id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
-        X509_OBJECT_free_contents(&obj);
+        X509_OBJECT_free(obj);
+        obj = NULL;
        X509_STORE_CTX_free(inctx);
        inctx = NULL;
        if (!id)
@@ -2421,6 +2424,7 @@ cert_status_cb(SSL *s, void *arg)
        ret = SSL_TLSEXT_ERR_OK;
 done:
        X509_STORE_CTX_free(inctx);
+        X509_OBJECT_free(obj);
        if (ret != SSL_TLSEXT_ERR_OK)
                ERR_print_errors(err);
        if (aia) {
author	tb <>	2021-10-31 16:47:27 +0000
committer	tb <>	2021-10-31 16:47:27 +0000
commit	9088131a0bf4a9930c61b7096992aa4e3fec2959 (patch)
tree	3c9769bd20746b2b91b2bda913b17dee8a2a1288
parent	5975302da7b3560abf4c50749b73f63f7772d1b6 (diff)
download	openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.tar.gz openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.tar.bz2 openbsd-9088131a0bf4a9930c61b7096992aa4e3fec2959.zip