commit 8a2467583f0b5760787273796ec929190c3f16ee
author djm@openbsd.org <djm@openbsd.org> Sun Jan 20 23:03:26 2019 +0000
committer Damien Miller <djm@mindrot.org> Mon Jan 21 10:54:37 2019 +1100
tree 8015a88226a7474c04ad54b712331ab702940b17
parent 24757c1ae309324e98d50e5935478655be04e549

upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of

EC_KEY internals as that won't work on OpenSSL

work by markus@, feedback and ok djm@

OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700

ssh-pkcs11.c

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 0c8629a..bcbf727 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.30 2019/01/20 23:01:59 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.31 2019/01/20 23:03:26 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -877,12 +877,11 @@
 		key->flags |= SSHKEY_FLAG_EXT;
 		rsa = NULL;	/* now owned by key */
 	} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
-		/* XXX XXX fix accessor */
-		if (evp->pkey.ec == NULL) {
+		if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
 			error("invalid x509; no ec key");
 			goto fail;
 		}
-		if ((ec = EC_KEY_dup(evp->pkey.ec)) == NULL) {
+		if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) {
 			error("EC_KEY_dup failed");
 			goto fail;
 		}