Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1693722221225310"
MIME-Version: 1.0
Date: Sun, 3 Sep 2023 06:23:41 +0000
From: "Paolo Vincenzo Olivo" <vins@netbsd.org>
Subject: CVS commit: pkgsrc/security/libretls
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: vins@netbsd.org
Message-Id: <20230903062341.AB55AFBDB@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_1693722221225310
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	vins
Date:		Sun Sep  3 06:23:41 UTC 2023

Modified Files:
	pkgsrc/security/libretls: distinfo
Added Files:
	pkgsrc/security/libretls/patches: patch-tls.c

Log Message:
security/libretls: import patch for OpenSSL3 from OpenSMTPD/libtls.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libretls/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/libretls/patches/patch-tls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1693722221225310
Content-Disposition: inline
Content-Length: 2322
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/libretls/distinfo
diff -u pkgsrc/security/libretls/distinfo:1.10 pkgsrc/security/libretls/distinfo:1.11
--- pkgsrc/security/libretls/distinfo:1.10	Mon Jan 16 22:00:53 2023
+++ pkgsrc/security/libretls/distinfo	Sun Sep  3 06:23:41 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.10 2023/01/16 22:00:53 schmonz Exp $
+$NetBSD: distinfo,v 1.11 2023/09/03 06:23:41 vins Exp $
 
 BLAKE2s (libretls-3.7.0.tar.gz) = a41162dc3ed4515da87d053d745e5b35468357dd7f64bbaca2cec0eba17c585f
 SHA512 (libretls-3.7.0.tar.gz) = 18987d09ee804883e2c3cfae1209494b7020d976cc7137ba39540c18e0dc23d25034a46c6c64955201b425ca981e03cbe629f9ff979fd4a72d3dcfbd51efdf84
 Size (libretls-3.7.0.tar.gz) = 427980 bytes
+SHA1 (patch-tls.c) = 9ec66891d3a16fcfccb365b77ee0cc711ea4a067

Added files:

Index: pkgsrc/security/libretls/patches/patch-tls.c
diff -u /dev/null pkgsrc/security/libretls/patches/patch-tls.c:1.1
--- /dev/null	Sun Sep  3 06:23:41 2023
+++ pkgsrc/security/libretls/patches/patch-tls.c	Sun Sep  3 06:23:41 2023
@@ -0,0 +1,33 @@
+$NetBSD: patch-tls.c,v 1.1 2023/09/03 06:23:41 vins Exp $
+
+Portability fix for OpenSSL 3.x.
+
+With OpenSSL 3.x the EVP_PKEY_get1_RSA returns a cashed copy of the
+provider's key, so changing it is meaningless, since other get1/get0
+calls will return the previously cached copy. Instead, we have to
+re-assign the changed rsa after the edit.
+
+Adapted from OpenSMTPD's libtls compat library. 
+
+--- tls.c.orig	2022-12-23 22:19:37.000000000 +0000
++++ tls.c
+@@ -466,7 +466,8 @@ tls_keypair_setup_pkey(struct tls *ctx, 
+ 	switch (EVP_PKEY_id(pkey)) {
+ 	case EVP_PKEY_RSA:
+ 		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL ||
+-		    RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) {
++		    RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0 ||
++		    EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
+ 			tls_set_errorx(ctx, "RSA key setup failure");
+ 			goto err;
+ 		}
+@@ -481,7 +482,8 @@ tls_keypair_setup_pkey(struct tls *ctx, 
+ 		break;
+ 	case EVP_PKEY_EC:
+ 		if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
+-		    EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) {
++		    EC_KEY_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0 ||
++		    EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
+ 			tls_set_errorx(ctx, "EC key setup failure");
+ 			goto err;
+ 		}


--_----------=_1693722221225310--