summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine/tb_dh.c
diff options
context:
space:
mode:
authorop <>2023-05-25 07:46:21 +0000
committerop <>2023-05-25 07:46:21 +0000
commit38d31da6097a882f2d9c61b4831257122ba27fc1 (patch)
tree5528bbfa78941f58360ca3ddf165e208510ee895 /src/lib/libcrypto/engine/tb_dh.c
parent56399223febab8afe987ce313ede003d9bd49348 (diff)
downloadopenbsd-38d31da6097a882f2d9c61b4831257122ba27fc1.tar.gz
openbsd-38d31da6097a882f2d9c61b4831257122ba27fc1.tar.bz2
openbsd-38d31da6097a882f2d9c61b4831257122ba27fc1.zip
Forcibly update the EVP_PKEY's internal key
To aid privilege separation, libtls maintains application-specific data on the key inside the EVP_PKEY abstraction because the EVP API doesn't provide a way to do that on the EVP_PKEY itself. OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions. These now return a struct from some cache. Thus, modifying the RSA will no longer modify the EVP_PKEY like it did previously, which was clearly implied to be the case in the older documentation. This is a subtle breaking change that affects several applications. While this is documented, no real solution is provided. The transition plan from one OpenSSL major version to the next one tends to involve many #ifdef in the ecosystem, and the only suggestion provided by the new documentation is to switch to a completely unrelated, new API. Instead, forcibly reset the internal key on EVP_PKEY after modification, this way the change is picked up also by OpenSSL 3. Fixes issue 1171 in OpenSMTPD-portable ok tb@, jsing@
Diffstat (limited to 'src/lib/libcrypto/engine/tb_dh.c')
0 files changed, 0 insertions, 0 deletions