From: tb <tb@openbsd.org>
Date: Fri, 19 Nov 2021 23:15:59 +0000 (+0000)
Subject: isakmpd: stop reaching into EVP_PKEY.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fa35da42ce7ae23546eb96810fb062c5bac56d7a;p=openbsd

isakmpd: stop reaching into EVP_PKEY.

Straightforward conversion to the OpenSSL 1.1 API as a step towards
making EVP_PKEY opaque. EVP_PKEY_get0_RSA() can't fail if we know
that the pkey type is RSA.

ok sthen
---

diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index df939f1276d..4ccaf072875 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.123 2021/10/31 16:45:04 tb Exp $	 */
+/* $OpenBSD: x509.c,v 1.124 2021/11/19 23:15:59 tb Exp $	 */
 /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $	 */
 
 /*
@@ -1264,12 +1264,12 @@ x509_cert_get_key(void *scert, void *keyp)
 	key = X509_get_pubkey(cert);
 
 	/* Check if we got the right key type.  */
-	if (key->type != EVP_PKEY_RSA) {
+	if (EVP_PKEY_id(key) != EVP_PKEY_RSA) {
 		log_print("x509_cert_get_key: public key is not a RSA key");
 		X509_free(cert);
 		return 0;
 	}
-	*(RSA **)keyp = RSAPublicKey_dup(key->pkey.rsa);
+	*(RSA **)keyp = RSAPublicKey_dup(EVP_PKEY_get0_RSA(key));
 
 	return *(RSA **)keyp == NULL ? 0 : 1;
 }