Skip to content

Commit

Permalink
Merge pull request wolfSSL#8005 from ColtonWilley/copy_key_option
Browse files Browse the repository at this point in the history
New option to always copy over key to SSL object
  • Loading branch information
JacobBarthelmeh authored Sep 30, 2024
2 parents ee7f02b + 6414cf6 commit 984dd91
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 1 deletion.
2 changes: 1 addition & 1 deletion configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -1237,7 +1237,7 @@ AC_ARG_WITH([liboqs],
tryliboqsdir="/usr/local"
fi
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
Expand Down
15 changes: 15 additions & 0 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -6829,7 +6829,22 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->buffers.certChainCnt = ctx->certChainCnt;
#endif
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
#ifdef WOLFSSL_COPY_KEY
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
ssl->buffers.weOwnKey = 1;
}
else {
ssl->buffers.key = ctx->privateKey;
}
#else
ssl->buffers.key = ctx->privateKey;
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
Expand Down
15 changes: 15 additions & 0 deletions src/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -20410,7 +20410,22 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.certChainCnt = ctx->certChainCnt;
#endif
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
#ifdef WOLFSSL_COPY_KEY
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
ssl->buffers.weOwnKey = 1;
}
else {
ssl->buffers.key = ctx->privateKey;
}
#else
ssl->buffers.key = ctx->privateKey;
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
Expand Down
11 changes: 11 additions & 0 deletions wolfssl/wolfcrypt/settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -3654,11 +3654,22 @@ extern void uITRON4_free(void *p) ;
#define KEEP_PEER_CERT
#endif

/* Always copy certificate(s) from SSL CTX to each SSL object on creation,
* if this is not defined then each SSL object shares a pointer to the
* original certificate buffer owned by the SSL CTX. */
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT)
#undef WOLFSSL_COPY_CERT
#define WOLFSSL_COPY_CERT
#endif

/* Always copy private key from SSL CTX to each SSL object on creation,
* if this is not defined then each SSL object shares a pointer to the
* original key buffer owned by the SSL CTX. */
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
#undef WOLFSSL_COPY_KEY
#define WOLFSSL_COPY_KEY
#endif

/*
* Keeps the "Finished" messages after a TLS handshake for use as the so-called
* "tls-unique" channel binding. See comment in internal.h around clientFinished
Expand Down

0 comments on commit 984dd91

Please sign in to comment.