CVS commit: pkgsrc/security/libretls

["Paolo Vincenzo Olivo" <vins%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   vins
Date:           Sun Sep  3 06:23:41 UTC 2023

Modified Files:
        pkgsrc/security/libretls: distinfo
Added Files:
        pkgsrc/security/libretls/patches: patch-tls.c

Log Message:
security/libretls: import patch for OpenSSL3 from OpenSMTPD/libtls.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libretls/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/libretls/patches/patch-tls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/libretls/distinfo
diff -u pkgsrc/security/libretls/distinfo:1.10 pkgsrc/security/libretls/distinfo:1.11
--- pkgsrc/security/libretls/distinfo:1.10      Mon Jan 16 22:00:53 2023
+++ pkgsrc/security/libretls/distinfo   Sun Sep  3 06:23:41 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2023/01/16 22:00:53 schmonz Exp $
+$NetBSD: distinfo,v 1.11 2023/09/03 06:23:41 vins Exp $
 
 BLAKE2s (libretls-3.7.0.tar.gz) = a41162dc3ed4515da87d053d745e5b35468357dd7f64bbaca2cec0eba17c585f
 SHA512 (libretls-3.7.0.tar.gz) = 18987d09ee804883e2c3cfae1209494b7020d976cc7137ba39540c18e0dc23d25034a46c6c64955201b425ca981e03cbe629f9ff979fd4a72d3dcfbd51efdf84
 Size (libretls-3.7.0.tar.gz) = 427980 bytes
+SHA1 (patch-tls.c) = 9ec66891d3a16fcfccb365b77ee0cc711ea4a067

Added files:

Index: pkgsrc/security/libretls/patches/patch-tls.c
diff -u /dev/null pkgsrc/security/libretls/patches/patch-tls.c:1.1
--- /dev/null   Sun Sep  3 06:23:41 2023
+++ pkgsrc/security/libretls/patches/patch-tls.c        Sun Sep  3 06:23:41 2023
@@ -0,0 +1,33 @@
+$NetBSD: patch-tls.c,v 1.1 2023/09/03 06:23:41 vins Exp $
+
+Portability fix for OpenSSL 3.x.
+
+With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cashed copy of the
+provider's key, so changing it is meaningless, since other get1/get0
+calls will return the previously cached copy. Instead, we have to
+re-assign the changed rsa after the edit.
+
+Adapted from OpenSMTPD's libtls compat library. 
+
+--- tls.c.orig 2022-12-23 22:19:37.000000000 +0000
++++ tls.c
+@@ -466,7 +466,8 @@ tls_keypair_setup_pkey(struct tls *ctx, 
+       switch (EVP_PKEY_id(pkey)) {
+       case EVP_PKEY_RSA:
+               if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
+-                  RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
++                  RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0 ||
++                  EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
+                       tls_set_errorx(ctx, "RSA key setup failure");
+                       goto err;
+               }
+@@ -481,7 +482,8 @@ tls_keypair_setup_pkey(struct tls *ctx, 
+               break;
+       case EVP_PKEY_EC:
+               if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
+-                  EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
++                  EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0 ||
++                  EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
+                       tls_set_errorx(ctx, "EC key setup failure");
+                       goto err;
+               }