Mailing List Archive

From:: Todd C. Miller <millert@openbsd.org>
Subject:: Re: isakmpd: don't reach into ASN1_STRING [step 1/2]
To:: Theo Buehler <tb@theobuehler.org>
Cc:: tech@openbsd.org, beck@openbsd.org
Date:: Mon, 24 Nov 2025 16:03:11 -0700

Download raw body.

Thread

2025-11-24 14:31 Theo Buehler:
isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-24 18:10 Bob Beck:
  isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-24 23:03 Todd C. Miller:
  isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-25 06:07 Theo Buehler:
  isakmpd: don't reach into ASN1_STRING [step 2/2]
- - 2025-12-05 06:54 Theo Buehler:
    isakmpd: don't reach into ASN1_STRING [step 2/2]

On Mon, 24 Nov 2025 15:31:58 +0100, Theo Buehler wrote:

> beck and davidben have plans to make ASN1_STRING opaque in OpenSSL 4 [1].
> This breaks somewhere in the vicinity of 200 ports, so I don't think we'll
> flip the switch anytime soon in libressl, but I want base to be ready for
> that since that makes my life easier.
>
> This is the first of two steps to convert isakmpd. ASN1_STRING_length()
> and ASN1_STRING_get0_data() are dumb accessors. The latter returns a
> const pointer, so add a minor adjustment for that, the rest is entirely
> straightforward.

OK millert@

 - todd

2025-11-24 14:31 Theo Buehler:
isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-24 18:10 Bob Beck:
  isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-24 23:03 Todd C. Miller:
  isakmpd: don't reach into ASN1_STRING [step 1/2]
- 2025-11-25 06:07 Theo Buehler:
  isakmpd: don't reach into ASN1_STRING [step 2/2]
- - 2025-12-05 06:54 Theo Buehler:
    isakmpd: don't reach into ASN1_STRING [step 2/2]