diff options
| author | June McEnroe <june@causal.agency> | 2023-10-11 19:26:04 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2023-10-11 19:26:04 -0400 |
| commit | 60da345ee97c2f374d11b94f5954397b152ca8b5 (patch) | |
| tree | 95426d50e299fdfba6350353dcbbaba5961a7376 /tls.c | |
| parent | Merge LibreSSL 3.7.3 (diff) | |
| parent | Import LibreSSL 3.8.0 (diff) | |
| download | libretls-60da345ee97c2f374d11b94f5954397b152ca8b5.tar.gz libretls-60da345ee97c2f374d11b94f5954397b152ca8b5.zip | |
Merge LibreSSL 3.8.0
Diffstat (limited to 'tls.c')
| -rw-r--r-- | tls.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/tls.c b/tls.c index 6883c58..18b93ef 100644 --- a/tls.c +++ b/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ +/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -470,12 +470,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p tls_set_errorx(ctx, "RSA key setup failure"); goto err; } - if (ctx->config->sign_cb == NULL) - break; - if ((rsa_method = tls_signer_rsa_method()) == NULL || - RSA_set_ex_data(rsa, 1, ctx->config) == 0 || - RSA_set_method(rsa, rsa_method) == 0) { - tls_set_errorx(ctx, "failed to setup RSA key"); + if (ctx->config->sign_cb != NULL) { + rsa_method = tls_signer_rsa_method(); + if (rsa_method == NULL || + RSA_set_ex_data(rsa, 1, ctx->config) == 0 || + RSA_set_method(rsa, rsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup RSA key"); + goto err; + } + } + /* Reset the key to work around caching in OpenSSL 3. */ + if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) { + tls_set_errorx(ctx, "failed to set RSA key"); goto err; } break; @@ -485,12 +491,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p tls_set_errorx(ctx, "EC key setup failure"); goto err; } - if (ctx->config->sign_cb == NULL) - break; - if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL || - EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 || - EC_KEY_set_method(eckey, ecdsa_method) == 0) { - tls_set_errorx(ctx, "failed to setup EC key"); + if (ctx->config->sign_cb != NULL) { + ecdsa_method = tls_signer_ecdsa_method(); + if (ecdsa_method == NULL || + EC_KEY_set_ex_data(eckey, 1, ctx->config) == 0 || + EC_KEY_set_method(eckey, ecdsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup EC key"); + goto err; + } + } + /* Reset the key to work around caching in OpenSSL 3. */ + if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) { + tls_set_errorx(ctx, "failed to set EC key"); goto err; } break; |