wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8005 from ColtonWilley/copy_key_option

Browse Source 
New option to always copy over key to SSL object
This commit is contained in:
JacobBarthelmeh
2024-09-30 14:20:07 -06:00
committed by GitHub
parent ee7f02bbd6 6414cf61a7
commit 984dd9146f
4 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -1237,7 +1237,7 @@ AC_ARG_WITH([liboqs],
tryliboqsdir="/usr/local"
fi
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])

15
src/internal.c
View File

@@ -6829,7 +6829,22 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->buffers.certChainCnt = ctx->certChainCnt;
#endif
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
#ifdef WOLFSSL_COPY_KEY
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
ssl->buffers.weOwnKey = 1;
}
else {
ssl->buffers.key = ctx->privateKey;
}
#else
ssl->buffers.key = ctx->privateKey;
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

15
src/ssl.c
View File

@@ -20410,7 +20410,22 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.certChainCnt = ctx->certChainCnt;
#endif
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
#ifdef WOLFSSL_COPY_KEY
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
ssl->buffers.weOwnKey = 1;
}
else {
ssl->buffers.key = ctx->privateKey;
}
#else
ssl->buffers.key = ctx->privateKey;
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

11
wolfssl/wolfcrypt/settings.h
View File

@@ -3654,11 +3654,22 @@ extern void uITRON4_free(void *p) ;
#define KEEP_PEER_CERT
#endif
/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
* if this is not defined then each SSL object shares a pointer to the
* original certificate buffer owned by the SSL CTX. */
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
#undef WOLFSSL_COPY_CERT
#define WOLFSSL_COPY_CERT
#endif
/* Always copy private key from SSL CTX to each SSL object on creation,
* if this is not defined then each SSL object shares a pointer to the
* original key buffer owned by the SSL CTX. */
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
#undef WOLFSSL_COPY_KEY
#define WOLFSSL_COPY_KEY
#endif
/*
* Keeps the "Finished" messages after a TLS handshake for use as the so-called
* "tls-unique" channel binding. See comment in internal.h around clientFinished