From e41d777a25720255dec2af01ec95c98d14fccf9a Mon Sep 17 00:00:00 2001
From: June McEnroe <june@causal.agency>
Date: Wed, 11 Oct 2023 18:19:08 -0400
Subject: Import LibreSSL 3.8.0

---
 tls.c | 39 ++++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

(limited to 'tls.c')

diff --git a/tls.c b/tls.c
index ff33ebe..989339d 100644
--- a/tls.c
+++ b/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */
+/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -21,6 +21,7 @@
 #include <limits.h>
 #include <pthread.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 #include <openssl/bio.h>
@@ -409,12 +410,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
 			tls_set_errorx(ctx, "RSA key setup failure");
 			goto err;
 		}
-		if (ctx->config->sign_cb == NULL)
-			break;
-		if ((rsa_method = tls_signer_rsa_method()) == NULL ||
-		    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
-		    RSA_set_method(rsa, rsa_method) == 0) {
-			tls_set_errorx(ctx, "failed to setup RSA key");
+		if (ctx->config->sign_cb != NULL) {
+			rsa_method = tls_signer_rsa_method();
+			if (rsa_method == NULL ||
+			    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
+			    RSA_set_method(rsa, rsa_method) == 0) {
+				tls_set_errorx(ctx, "failed to setup RSA key");
+				goto err;
+			}
+		}
+		/* Reset the key to work around caching in OpenSSL 3. */
+		if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
+			tls_set_errorx(ctx, "failed to set RSA key");
 			goto err;
 		}
 		break;
@@ -424,12 +431,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
 			tls_set_errorx(ctx, "EC key setup failure");
 			goto err;
 		}
-		if (ctx->config->sign_cb == NULL)
-			break;
-		if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL ||
-		    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
-		    ECDSA_set_method(eckey, ecdsa_method) == 0) {
-			tls_set_errorx(ctx, "failed to setup EC key");
+		if (ctx->config->sign_cb != NULL) {
+			ecdsa_method = tls_signer_ecdsa_method();
+			if (ecdsa_method == NULL ||
+			    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
+			    ECDSA_set_method(eckey, ecdsa_method) == 0) {
+				tls_set_errorx(ctx, "failed to setup EC key");
+				goto err;
+			}
+		}
+		/* Reset the key to work around caching in OpenSSL 3. */
+		if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
+			tls_set_errorx(ctx, "failed to set EC key");
 			goto err;
 		}
 		break;
-- 
cgit 1.4.1

23</span></td><td><a href='/ports/commit/sysutils/catsit/pkg-descr?id=67588c96b31acbe6ceef773a856c8a3d281fa532&amp;follow=1'>Add catsit port</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2020-08-13 14:26:07 +0000'>2020-08-13</span></td><td><a href='/ports/commit/irc/pounce/distinfo?id=7a127cbf668a741660d65c49cc80038fe066eb2f&amp;follow=1'>Update pounce to 1.4p2</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2020-08-11 18:23:52 +0000'>2020-08-11</span></td><td><a href='/ports/commit/irc/pounce/distinfo?id=5e8f8368963b492207e5baa7d7328349c80e1f13&amp;follow=1'>Update pounce to 1.4p1</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2020-08-10 16:29:01 +0000'>2020-08-10</span></td><td><a href='/ports/commit/irc/litterbox/pkg-descr?id=4cd92f7de83f8992cfd210d4d1dffca620089a45&amp;follow=1'>Add litterbox port</a></td><td>June McEnroe</td></tr>
<tr><td><span title='2020-08-10 16:15:24 +0000'>2020-08-10</span></td><td><a href='/ports/commit/irc/pounce/Makefile?id=72e5166314b02dec33e0d4fbb4da3a92b1e5cb14&amp;follow=1'>Add missing USES=pkgconfig to pounce</a></td><td>June McEnroe