wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8757 from anhu/recalc_suites

Browse Source 
Recalculate suites at ssl initialization.
This commit is contained in:
Daniel Pouzzner
2025-06-25 21:32:38 -05:00
committed by GitHub
parent f119086d3e 43df11c9c1
commit 38892fdd07
1 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/internal.c
View File

@@ -6922,13 +6922,36 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
/* If we are setting the ctx on an already initialized SSL object /* If we are setting the ctx on an already initialized SSL object
* then we possibly already have a side defined. Don't overwrite unless * then we possibly already have a side defined. Don't overwrite unless
* the context has a well defined role. */ * the context has a well defined role. */
if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) {
ssl->options.side = (word16)(ctx->method->side); ssl->options.side = (word16)(ctx->method->side);
ssl->options.downgrade = (word16)(ctx->method->downgrade); }
ssl->options.minDowngrade = ctx->minDowngrade; ssl->options.downgrade = (word16)(ctx->method->downgrade);
ssl->options.minDowngrade = ctx->minDowngrade;
ssl->options.haveRSA = ctx->haveRSA; ssl->options.haveRSA = ctx->haveRSA;
ssl->options.haveDH = ctx->haveDH; ssl->options.haveDH = ctx->haveDH;
#if !defined(NO_CERTS) && !defined(NO_DH)
/* Its possible that DH algorithm parameters were set in the ctx, recalc
* cipher suites. */
if (ssl->options.haveDH && ctx->serverDH_P.buffer != NULL &&
ctx->serverDH_G.buffer != NULL) {
if (ssl->suites == NULL) {
if (AllocateSuites(ssl) != 0) {
return MEMORY_E;
}
}
InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz,
ssl->options.haveRSA,
#ifdef NO_PSK
0,
#else
ctx->havePSK,
#endif
ssl->options.haveDH,
ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
ssl->options.haveStaticECC, ssl->options.useAnon,
TRUE, TRUE, TRUE, TRUE, ssl->options.side);
}
#endif /* !NO_CERTS && !NO_DH */
ssl->options.haveECDSAsig = ctx->haveECDSAsig; ssl->options.haveECDSAsig = ctx->haveECDSAsig;
ssl->options.haveECC = ctx->haveECC; ssl->options.haveECC = ctx->haveECC;
ssl->options.haveStaticECC = ctx->haveStaticECC; ssl->options.haveStaticECC = ctx->haveStaticECC;