diff options
Diffstat (limited to 'src/lib/libtls/tls.c')
| -rw-r--r-- | src/lib/libtls/tls.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 608f0a3acd..fd525aa428 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.92 2021/10/21 14:31:21 tb Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -387,6 +387,8 @@ tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pke | |||
| 387 | static int | 387 | static int |
| 388 | tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) | 388 | tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) |
| 389 | { | 389 | { |
| 390 | RSA_METHOD *rsa_method; | ||
| 391 | ECDSA_METHOD *ecdsa_method; | ||
| 390 | RSA *rsa = NULL; | 392 | RSA *rsa = NULL; |
| 391 | EC_KEY *eckey = NULL; | 393 | EC_KEY *eckey = NULL; |
| 392 | int ret = -1; | 394 | int ret = -1; |
| @@ -407,6 +409,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p | |||
| 407 | tls_set_errorx(ctx, "RSA key setup failure"); | 409 | tls_set_errorx(ctx, "RSA key setup failure"); |
| 408 | goto err; | 410 | goto err; |
| 409 | } | 411 | } |
| 412 | if (ctx->config->sign_cb == NULL) | ||
| 413 | break; | ||
| 414 | if ((rsa_method = tls_signer_rsa_method()) == NULL || | ||
| 415 | RSA_set_ex_data(rsa, 1, ctx->config) == 0 || | ||
| 416 | RSA_set_method(rsa, rsa_method) == 0) { | ||
| 417 | tls_set_errorx(ctx, "failed to setup RSA key"); | ||
| 418 | goto err; | ||
| 419 | } | ||
| 410 | break; | 420 | break; |
| 411 | case EVP_PKEY_EC: | 421 | case EVP_PKEY_EC: |
| 412 | if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || | 422 | if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || |
| @@ -414,6 +424,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p | |||
| 414 | tls_set_errorx(ctx, "EC key setup failure"); | 424 | tls_set_errorx(ctx, "EC key setup failure"); |
| 415 | goto err; | 425 | goto err; |
| 416 | } | 426 | } |
| 427 | if (ctx->config->sign_cb == NULL) | ||
| 428 | break; | ||
| 429 | if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL || | ||
| 430 | ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || | ||
| 431 | ECDSA_set_method(eckey, ecdsa_method) == 0) { | ||
| 432 | tls_set_errorx(ctx, "failed to setup EC key"); | ||
| 433 | goto err; | ||
| 434 | } | ||
| 417 | break; | 435 | break; |
| 418 | default: | 436 | default: |
| 419 | tls_set_errorx(ctx, "incorrect key type"); | 437 | tls_set_errorx(ctx, "incorrect key type"); |