From: tb <tb@openbsd.org>
Date: Sun, 19 Nov 2023 09:29:11 +0000 (+0000)
Subject: openssl pkcs12: rewrite without reaching into X509_ALGOR
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=95489d3b985bce8fa4357767c41729b25be39802;p=openbsd

openssl pkcs12: rewrite without reaching into X509_ALGOR

We can call ASN1_item_unpack() which will end up stuffing the same
arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates
the last struct access into X509_ALGOR outside libcrypto in the base
tree.

ok jsing
---

diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c
index aedae640e30..c6f0476fc6b 100644
--- a/usr.bin/openssl/pkcs12.c
+++ b/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.26 2023/11/19 09:29:11 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -1010,15 +1010,18 @@ get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain)
 static int
 alg_print(BIO *x, const X509_ALGOR *alg)
 {
-	PBEPARAM *pbe;
-	const unsigned char *p;
-
-	p = alg->parameter->value.sequence->data;
-	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+	PBEPARAM *pbe = NULL;
+	const ASN1_OBJECT *aobj;
+	int param_type;
+	const void *param;
+
+	X509_ALGOR_get0(&aobj, &param_type, &param, alg);
+	if (param_type == V_ASN1_SEQUENCE)
+		pbe = ASN1_item_unpack(param, &PBEPARAM_it);
 	if (pbe == NULL)
 		return 1;
 	BIO_printf(bio_err, "%s, Iteration %ld\n",
-	    OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+	    OBJ_nid2ln(OBJ_obj2nid(aobj)),
 	    ASN1_INTEGER_get(pbe->iter));
 	PBEPARAM_free(pbe);
 	return 1;