Merge pull request #8757 from anhu/recalc_suites

Recalculate suites at ssl initialization.
2025-08-01 19:54:40 +02:00 · 2025-06-25 21:32:38 -05:00
parent f119086d3e 43df11c9c1
commit 38892fdd07
1 changed files with 28 additions and 5 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -6922,13 +6922,36 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
    /* If we are setting the ctx on an already initialized SSL object
     * then we possibly already have a side defined. Don't overwrite unless
     * the context has a well defined role. */
-    if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END)
+    if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) {
        ssl->options.side  = (word16)(ctx->method->side);
+    }
    ssl->options.downgrade        = (word16)(ctx->method->downgrade);
    ssl->options.minDowngrade     = ctx->minDowngrade;
-
    ssl->options.haveRSA          = ctx->haveRSA;
    ssl->options.haveDH           = ctx->haveDH;
+#if  !defined(NO_CERTS) && !defined(NO_DH)
+    /* Its possible that DH algorithm parameters were set in the ctx, recalc
+     * cipher suites. */
+    if (ssl->options.haveDH && ctx->serverDH_P.buffer != NULL &&
+        ctx->serverDH_G.buffer != NULL) {
+        if (ssl->suites == NULL) {
+            if (AllocateSuites(ssl) != 0) {
+                return MEMORY_E;
+            }
+        }
+        InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz,
+                   ssl->options.haveRSA,
+#ifdef NO_PSK
+                   0,
+#else
+                   ctx->havePSK,
+#endif
+                   ssl->options.haveDH,
+                   ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
+                   ssl->options.haveStaticECC, ssl->options.useAnon,
+                   TRUE, TRUE, TRUE, TRUE, ssl->options.side);
+    }
+#endif /* !NO_CERTS && !NO_DH */
    ssl->options.haveECDSAsig     = ctx->haveECDSAsig;
    ssl->options.haveECC          = ctx->haveECC;
    ssl->options.haveStaticECC    = ctx->haveStaticECC;