forked from wolfSSL/wolfssl
Merge pull request #8005 from ColtonWilley/copy_key_option
New option to always copy over key to SSL object
This commit is contained in:
JacobBarthelmeh
GitHub
@@ -1237,7 +1237,7 @@ AC_ARG_WITH([liboqs],
|
||||
tryliboqsdir="/usr/local"
|
||||
fi
|
||||
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
|
||||
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
|
||||
|
||||
@@ -6829,7 +6829,22 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
ssl->buffers.certChainCnt = ctx->certChainCnt;
|
||||
#endif
|
||||
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_COPY_KEY
|
||||
if (ctx->privateKey != NULL) {
|
||||
if (ssl->buffers.key != NULL) {
|
||||
FreeDer(&ssl->buffers.key);
|
||||
}
|
||||
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
|
||||
ctx->privateKey->length, ctx->privateKey->type,
|
||||
ctx->privateKey->heap);
|
||||
ssl->buffers.weOwnKey = 1;
|
||||
}
|
||||
else {
|
||||
ssl->buffers.key = ctx->privateKey;
|
||||
}
|
||||
#else
|
||||
ssl->buffers.key = ctx->privateKey;
|
||||
#endif
|
||||
#else
|
||||
if (ctx->privateKey != NULL) {
|
||||
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
|
||||
|
||||
15
src/ssl.c
15
src/ssl.c
@@ -20410,7 +20410,22 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
ssl->buffers.certChainCnt = ctx->certChainCnt;
|
||||
#endif
|
||||
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_COPY_KEY
|
||||
if (ctx->privateKey != NULL) {
|
||||
if (ssl->buffers.key != NULL) {
|
||||
FreeDer(&ssl->buffers.key);
|
||||
}
|
||||
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
|
||||
ctx->privateKey->length, ctx->privateKey->type,
|
||||
ctx->privateKey->heap);
|
||||
ssl->buffers.weOwnKey = 1;
|
||||
}
|
||||
else {
|
||||
ssl->buffers.key = ctx->privateKey;
|
||||
}
|
||||
#else
|
||||
ssl->buffers.key = ctx->privateKey;
|
||||
#endif
|
||||
#else
|
||||
if (ctx->privateKey != NULL) {
|
||||
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
|
||||
|
||||
@@ -3654,11 +3654,22 @@ extern void uITRON4_free(void *p) ;
|
||||
#define KEEP_PEER_CERT
|
||||
#endif
|
||||
|
||||
/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
|
||||
* if this is not defined then each SSL object shares a pointer to the
|
||||
* original certificate buffer owned by the SSL CTX. */
|
||||
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
|
||||
#undef WOLFSSL_COPY_CERT
|
||||
#define WOLFSSL_COPY_CERT
|
||||
#endif
|
||||
|
||||
/* Always copy private key from SSL CTX to each SSL object on creation,
|
||||
* if this is not defined then each SSL object shares a pointer to the
|
||||
* original key buffer owned by the SSL CTX. */
|
||||
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
|
||||
#undef WOLFSSL_COPY_KEY
|
||||
#define WOLFSSL_COPY_KEY
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Keeps the "Finished" messages after a TLS handshake for use as the so-called
|
||||
* "tls-unique" channel binding. See comment in internal.h around clientFinished
|
||||
|
||||
Reference in New Issue
Block a user