Sniffer Watch Mode

1. Split the function ssl_SetWatchKey() into ssl_SetWatchKey_file() which loads the key from a named file and ssl_SetWatchKey_buffer() which loads the key from a provided buffer. file() uses buffer().
2025-08-03 04:34:41 +02:00 · 2019-06-27 15:37:26 -07:00
parent b02e1e8d59
commit 21afcf17a8
3 changed files with 42 additions and 13 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -4148,10 +4148,39 @@ int ssl_SetWatchKeyCtx(void* ctx, char* error)
 }


-int ssl_SetWatchKey(void* vSniffer, const char* keyFile, int keyType,
-        const char* password, char* error)
+int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
+        int keyType, char* error)
 {
    SnifferSession* sniffer;
+    int ret;
+
+    if (vSniffer == NULL) {
+        return -1;
+    }
+    if (key == NULL || keySz == 0) {
+        return -1;
+    }
+
+    sniffer = (SnifferSession*)vSniffer;
+    /* Remap the keyType from what the user can use to
+     * what wolfSSL_use_PrivateKey_buffer expects. */
+    keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
+                                          WOLFSSL_FILETYPE_ASN1;
+
+    ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
+            key, keySz, keyType);
+    if (ret != WOLFSSL_SUCCESS) {
+        SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
+        return -1;
+    }
+
+    return 0;
+}
+
+
+int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType,
+        const char* password, char* error)
+{
    byte* keyBuf = NULL;
    word32 keyBufSz = 0;
    int ret;
@@ -4163,7 +4192,6 @@ int ssl_SetWatchKey(void* vSniffer, const char* keyFile, int keyType,
        return -1;
    }

-    sniffer = (SnifferSession*)vSniffer;
    /* Remap the keyType from what the user can use to
     * what LoadKeyFile expects. */
    keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
@@ -4176,15 +4204,11 @@ int ssl_SetWatchKey(void* vSniffer, const char* keyFile, int keyType,
        return -1;
    }

-    ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
-            keyBuf, keyBufSz, WOLFSSL_FILETYPE_ASN1);
-    if (ret != WOLFSSL_SUCCESS) {
-        SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
-        free(keyBuf);
-        return -1;
-    }
+    ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER,
+            error);
+    free(keyBuf);

-    return 0;
+    return ret;
 }

 #endif /* WOLFSSL_SNIFFER_WATCH */
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -208,7 +208,7 @@ static int myWatchCb(void* vSniffer,
    if (certName == NULL)
        return -1;

-    return ssl_SetWatchKey(vSniffer, certName, FILETYPE_PEM, NULL, error);
+    return ssl_SetWatchKey_file(vSniffer, certName, FILETYPE_PEM, NULL, error);
 }

 #endif
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -179,7 +179,12 @@ WOLFSSL_API
 SSL_SNIFFER_API int ssl_SetWatchKeyCtx(void* ctx, char* error);

 WOLFSSL_API
-SSL_SNIFFER_API int ssl_SetWatchKey(void* vSniffer,
+SSL_SNIFFER_API int ssl_SetWatchKey_buffer(void* vSniffer,
+                        const unsigned char* key, unsigned int keySz,
+                        int keyType, char* error);
+
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_SetWatchKey_file(void* vSniffer,
                        const char* keyFile, int keyType,
                        const char* password, char* error);