1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 6b457569a3..fb29e4f5f6 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.66 2020/05/10 14:17:47 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.67 2020/05/19 16:35:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1264,7 +1264,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
        if (alg_a & SSL_aRSA)
-                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
        else
                /* XXX - Anonymous DH, so no certificate or pkey. */
                *pkey = NULL;
@@ -1397,7 +1397,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
         * and ECDSA.
         */
        if (alg_a & SSL_aRSA)
-                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
        else if (alg_a & SSL_aECDSA)
                *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);
        else
@@ -1933,7 +1933,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
         * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
         */
-        pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+        pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509);
        if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
            pkey->pkey.rsa == NULL) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 6b457569a3..fb29e4f5f6 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.66 2020/05/10 14:17:47 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.67 2020/05/19 16:35:20 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1264,7 +1264,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1264	}	1264	}
1265		1265
1266	if (alg_a & SSL_aRSA)	1266	if (alg_a & SSL_aRSA)
1267	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);	1267	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
1268	else	1268	else
1269	/* XXX - Anonymous DH, so no certificate or pkey. */	1269	/* XXX - Anonymous DH, so no certificate or pkey. */
1270	*pkey = NULL;	1270	*pkey = NULL;
@@ -1397,7 +1397,7 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1397	* and ECDSA.	1397	* and ECDSA.
1398	*/	1398	*/
1399	if (alg_a & SSL_aRSA)	1399	if (alg_a & SSL_aRSA)
1400	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509);	1400	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
1401	else if (alg_a & SSL_aECDSA)	1401	else if (alg_a & SSL_aECDSA)
1402	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);	1402	*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509);
1403	else	1403	else
@@ -1933,7 +1933,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1933	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.	1933	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
1934	*/	1934	*/
1935		1935
1936	pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);	1936	pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509);
1937	if (pkey == NULL \|\| pkey->type != EVP_PKEY_RSA \|\|	1937	if (pkey == NULL \|\| pkey->type != EVP_PKEY_RSA \|\|
1938	pkey->pkey.rsa == NULL) {	1938	pkey->pkey.rsa == NULL) {
1939	SSLerror(s, ERR_R_INTERNAL_ERROR);	1939	SSLerror(s, ERR_R_INTERNAL_ERROR);