From: tb Date: Sun, 31 Oct 2021 16:47:27 +0000 (+0000) Subject: Various minor adjustments to make openssl(1) compile with opaque X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3d522683b40cef9392e38d0d23b918f1b5edd031;p=openbsd Various minor adjustments to make openssl(1) compile with opaque structs in X509. --- diff --git a/usr.bin/openssl/crl.c b/usr.bin/openssl/crl.c index ff64c621526..031360854c7 100644 --- a/usr.bin/openssl/crl.c +++ b/usr.bin/openssl/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.14 2021/10/23 14:49:39 tb Exp $ */ +/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -225,7 +225,7 @@ crl_main(int argc, char **argv) X509_STORE *store = NULL; X509_STORE_CTX *ctx = NULL; X509_LOOKUP *lookup = NULL; - X509_OBJECT xobj; + X509_OBJECT *xobj = NULL; EVP_PKEY *pkey; const EVP_MD *digest; char *digest_name = NULL; @@ -302,6 +302,8 @@ crl_main(int argc, char **argv) if ((ctx = X509_STORE_CTX_new()) == NULL) goto end; + if ((xobj = X509_OBJECT_new()) == NULL) + goto end; if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) { BIO_printf(bio_err, @@ -309,14 +311,15 @@ crl_main(int argc, char **argv) goto end; } i = X509_STORE_get_by_subject(ctx, X509_LU_X509, - X509_CRL_get_issuer(x), &xobj); + X509_CRL_get_issuer(x), xobj); if (i <= 0) { BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); goto end; } - pkey = X509_get_pubkey(X509_OBJECT_get0_X509(&xobj)); - X509_OBJECT_free_contents(&xobj); + pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj)); + X509_OBJECT_free(xobj); + xobj = NULL; if (!pkey) { BIO_printf(bio_err, "Error getting CRL issuer public key\n"); @@ -436,6 +439,7 @@ crl_main(int argc, char **argv) X509_CRL_free(x); X509_STORE_CTX_free(ctx); X509_STORE_free(store); + X509_OBJECT_free(xobj); return (ret); } diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c index 4d5c0bbf21d..e1a89211c07 100644 --- a/usr.bin/openssl/pkcs12.c +++ b/usr.bin/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.15 2021/10/23 14:48:33 tb Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.16 2021/10/31 16:47:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -905,8 +905,11 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, case NID_pkcs8ShroudedKeyBag: if (options & INFO) { + const X509_ALGOR *tp8alg; + BIO_printf(bio_err, "Shrouded Keybag: "); - alg_print(bio_err, bag->value.shkeybag->algor); + X509_SIG_get0(bag->value.shkeybag, &tp8alg, NULL); + alg_print(bio_err, tp8alg); } if (options & NOKEYS) return 1; diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index 84fb1142923..233b8fdcedd 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.52 2021/10/23 14:52:51 tb Exp $ */ +/* $OpenBSD: s_server.c,v 1.53 2021/10/31 16:47:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2337,7 +2337,7 @@ cert_status_cb(SSL *s, void *arg) STACK_OF(OPENSSL_STRING) *aia = NULL; X509 *x = NULL; X509_STORE_CTX *inctx = NULL; - X509_OBJECT obj; + X509_OBJECT *obj = NULL; OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_CERTID *id = NULL; @@ -2378,8 +2378,10 @@ cert_status_cb(SSL *s, void *arg) SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), NULL, NULL)) goto err; + if ((obj = X509_OBJECT_new()) == NULL) + goto done; if (X509_STORE_get_by_subject(inctx, X509_LU_X509, - X509_get_issuer_name(x), &obj) <= 0) { + X509_get_issuer_name(x), obj) <= 0) { BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); X509_STORE_CTX_cleanup(inctx); @@ -2388,8 +2390,9 @@ cert_status_cb(SSL *s, void *arg) req = OCSP_REQUEST_new(); if (!req) goto err; - id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(&obj)); - X509_OBJECT_free_contents(&obj); + id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); + X509_OBJECT_free(obj); + obj = NULL; X509_STORE_CTX_free(inctx); inctx = NULL; if (!id) @@ -2421,6 +2424,7 @@ cert_status_cb(SSL *s, void *arg) ret = SSL_TLSEXT_ERR_OK; done: X509_STORE_CTX_free(inctx); + X509_OBJECT_free(obj); if (ret != SSL_TLSEXT_ERR_OK) ERR_print_errors(err); if (aia) {