From fa35da42ce7ae23546eb96810fb062c5bac56d7a Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 19 Nov 2021 23:15:59 +0000 Subject: [PATCH] isakmpd: stop reaching into EVP_PKEY. Straightforward conversion to the OpenSSL 1.1 API as a step towards making EVP_PKEY opaque. EVP_PKEY_get0_RSA() can't fail if we know that the pkey type is RSA. ok sthen --- sbin/isakmpd/x509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index df939f1276d..4ccaf072875 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.123 2021/10/31 16:45:04 tb Exp $ */ +/* $OpenBSD: x509.c,v 1.124 2021/11/19 23:15:59 tb Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -1264,12 +1264,12 @@ x509_cert_get_key(void *scert, void *keyp) key = X509_get_pubkey(cert); /* Check if we got the right key type. */ - if (key->type != EVP_PKEY_RSA) { + if (EVP_PKEY_id(key) != EVP_PKEY_RSA) { log_print("x509_cert_get_key: public key is not a RSA key"); X509_free(cert); return 0; } - *(RSA **)keyp = RSAPublicKey_dup(key->pkey.rsa); + *(RSA **)keyp = RSAPublicKey_dup(EVP_PKEY_get0_RSA(key)); return *(RSA **)keyp == NULL ? 0 : 1; } -- 2.20.1