From e301ef23b53cd30d97d07468d49ce25c85bdea3e Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 27 Nov 2025 08:26:32 +0000
Subject: openssl pkcs12: stop reaching into ASN1_STRING

Buy a t: rename hex_prin() to hex_print() and accept an ASN1_STRING so that
we only need to use accessors once. Also avoid a printf %s NULL.

ok kenjiro
---
 src/usr.bin/openssl/pkcs12.c | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index efd6d59163..d29a12ce60 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.c,v 1.30 2025/06/07 08:33:58 tb Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.31 2025/11/27 08:26:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -88,7 +88,6 @@ static int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
     int passlen, int options, char *pempass);
 static int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
     const char *name);
-static void hex_prin(BIO *out, unsigned char *buf, int len);
 static int alg_print(BIO *x, const X509_ALGOR *alg);
 static int set_pbe(BIO *err, int *ppbe, const char *str);
 
@@ -1021,6 +1020,17 @@ alg_print(BIO *x, const X509_ALGOR *alg)
 	return 1;
 }
 
+static void
+hex_print(BIO *out, const ASN1_STRING *str)
+{
+	const unsigned char *buf = ASN1_STRING_get0_data(str);
+	int len = ASN1_STRING_length(str);
+	int i;
+
+	for (i = 0; i < len; i++)
+		BIO_printf(out, "%02X ", buf[i]);
+}
+
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 static void
 print_attribute(BIO *out, const ASN1_TYPE *av)
@@ -1030,21 +1040,19 @@ print_attribute(BIO *out, const ASN1_TYPE *av)
 	switch (av->type) {
 	case V_ASN1_BMPSTRING:
 		value = OPENSSL_uni2asc(
-		    av->value.bmpstring->data,
-		    av->value.bmpstring->length);
-		BIO_printf(out, "%s\n", value);
+		    ASN1_STRING_get0_data(av->value.bmpstring),
+		    ASN1_STRING_length(av->value.bmpstring));
+		BIO_printf(out, "%s\n", value != NULL ? value : "(null)");
 		free(value);
 		break;
 
 	case V_ASN1_OCTET_STRING:
-		hex_prin(out, av->value.octet_string->data,
-		    av->value.octet_string->length);
+		hex_print(out, av->value.octet_string);
 		BIO_printf(out, "\n");
 		break;
 
 	case V_ASN1_BIT_STRING:
-		hex_prin(out, av->value.bit_string->data,
-		    av->value.bit_string->length);
+		hex_print(out, av->value.bit_string);
 		BIO_printf(out, "\n");
 		break;
 
@@ -1096,15 +1104,6 @@ print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
 	return 1;
 }
 
-static void
-hex_prin(BIO *out, unsigned char *buf, int len)
-{
-	int i;
-
-	for (i = 0; i < len; i++)
-		BIO_printf(out, "%02X ", buf[i]);
-}
-
 static int
 set_pbe(BIO *err, int *ppbe, const char *str)
 {
-- 
cgit v1.2.3-55-g6feb