When a certificate is loaded then the private key type and size is set
based on the public key.
Always set, even if previously set.
Use case is setting an RSA certificate against ctx and then setting EC
certificate against ssl.
In case buf size sz is too small it will get updated to the larger required value
and can't be used anymore to clear the buffer.
As the buffer is untouched don't need to clear it anyway.
Signed-off-by: Nuno Gonçalves <nunojpg@gmail.com>
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;
properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
* Support rwlock
* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE
* Implement read lock
- Use read lock for the SessionCache
- Don't copy the
* TLS 1.3: Don't push ticket to cache if we don't retrieve from it
* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER
* Implement explicit rwlocks
- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.
* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock
* condLock not necessary after all
* Use configure.ac to check for pthread_rwlock_destroy support
* Can't include config.h in wc_port.h as that breaks make distcheck
* Check for pthread_rwlock_t to determine if rwlock is available
* Code review
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
API support doesn't allow for a point to be in Jacobian ordinates.
wolfSSL_EC_POINT_add() has ordinates in Montgomery form.
When needed, compile with WOLFSSL_EC_POINT_CMP_JACOBIAN.
