openssl pkcs12: rewrite without reaching into X509_ALGOR

We can call ASN1_item_unpack() which will end up stuffing the same arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates the last struct access into X509_ALGOR outside libcrypto in the base tree. ok jsing
author: tb <> 2023-11-19 09:29:11 +0000
committer: tb <> 2023-11-19 09:29:11 +0000
commit: 6e435e2554505c1ea973526a30fea9135b019f4f (patch)
tree: 84a71b8df63e35421124216c8ff1fe782823f004 /src
parent: ba58055b32218a61b06555001b167cf4c1571412 (diff)
download: openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.tar.gz
openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.tar.bz2
openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index aedae640e3..c6f0476fc6 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.26 2023/11/19 09:29:11 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -1010,15 +1010,18 @@ get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain)
 static int
 alg_print(BIO *x, const X509_ALGOR *alg)
 {
-        PBEPARAM *pbe;
+        PBEPARAM *pbe = NULL;
-        const unsigned char *p;
+        const ASN1_OBJECT *aobj;
+        int param_type;
-        p = alg->parameter->value.sequence->data;
+        const void *param;
-        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+        X509_ALGOR_get0(&aobj, &param_type, &param, alg);
+        if (param_type == V_ASN1_SEQUENCE)
+                pbe = ASN1_item_unpack(param, &PBEPARAM_it);
        if (pbe == NULL)
                return 1;
        BIO_printf(bio_err, "%s, Iteration %ld\n",
-            OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+            OBJ_nid2ln(OBJ_obj2nid(aobj)),
            ASN1_INTEGER_get(pbe->iter));
        PBEPARAM_free(pbe);
        return 1;
author	tb <>	2023-11-19 09:29:11 +0000
committer	tb <>	2023-11-19 09:29:11 +0000
commit	6e435e2554505c1ea973526a30fea9135b019f4f (patch)
tree	84a71b8df63e35421124216c8ff1fe782823f004 /src
parent	ba58055b32218a61b06555001b167cf4c1571412 (diff)
download	openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.tar.gz openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.tar.bz2 openbsd-6e435e2554505c1ea973526a30fea9135b019f4f.zip

diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c index aedae640e3..c6f0476fc6 100644 --- a/src/usr.bin/openssl/pkcs12.c +++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */	1	/* $OpenBSD: pkcs12.c,v 1.26 2023/11/19 09:29:11 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -1010,15 +1010,18 @@ get_cert_chain(X509 cert, X509_STORE store, STACK_OF(X509) **out_chain)
1010	static int	1010	static int
1011	alg_print(BIO x, const X509_ALGOR alg)	1011	alg_print(BIO x, const X509_ALGOR alg)
1012	{	1012	{
1013	PBEPARAM *pbe;	1013	PBEPARAM *pbe = NULL;
1014	const unsigned char *p;	1014	const ASN1_OBJECT *aobj;
1015		1015	int param_type;
1016	p = alg->parameter->value.sequence->data;	1016	const void *param;
1017	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);	1017
		1018	X509_ALGOR_get0(&aobj, &param_type, &param, alg);
		1019	if (param_type == V_ASN1_SEQUENCE)
		1020	pbe = ASN1_item_unpack(param, &PBEPARAM_it);
1018	if (pbe == NULL)	1021	if (pbe == NULL)
1019	return 1;	1022	return 1;
1020	BIO_printf(bio_err, "%s, Iteration %ld\n",	1023	BIO_printf(bio_err, "%s, Iteration %ld\n",
1021	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),	1024	OBJ_nid2ln(OBJ_obj2nid(aobj)),
1022	ASN1_INTEGER_get(pbe->iter));	1025	ASN1_INTEGER_get(pbe->iter));
1023	PBEPARAM_free(pbe);	1026	PBEPARAM_free(pbe);
1024	return 1;	1027	return 1;