From 8a2467583f0b5760787273796ec929190c3f16ee Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 20 Jan 2019 23:03:26 +0000 Subject: [PATCH] upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of EC_KEY internals as that won't work on OpenSSL work by markus@, feedback and ok djm@ OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700 --- ssh-pkcs11.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 0c8629a37..bcbf727e6 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.30 2019/01/20 23:01:59 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.31 2019/01/20 23:03:26 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -877,12 +877,11 @@ pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { - /* XXX XXX fix accessor */ - if (evp->pkey.ec == NULL) { + if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); goto fail; } - if ((ec = EC_KEY_dup(evp->pkey.ec)) == NULL) { + if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) { error("EC_KEY_dup failed"); goto fail; }