Google Git
Sign in
boringssl / boringssl / 66b2fe8e0273d1f6cca5db95d4ac3979621dc4ce^! / .
commit66b2fe8e0273d1f6cca5db95d4ac3979621dc4ce[log] [tgz]
authorTom Thorogood <me+google@tomthorogood.co.uk>Sun Mar 06 20:08:38 2016 +1030
committerDavid Benjamin <davidben@google.com>Mon Mar 07 18:16:58 2016 +0000
tree8d64a25664b90af253aa6b1ac4e23d8d94a78ad8
parent62e0219679f5a120445a95def01c7679f5eb1790 [diff]
Add |SSL_CTX_set_private_key_method| to parallel |SSL_set_private_key_method|

This change adds a |SSL_CTX_set_private_key_method| method that sets key_method on a SSL_CTX's cert.

It allows the private key method to be set once and inherited.

A copy of key_method (from SSL_CTX's cert to SSL's cert) is added in |ssl_cert_dup|.

Change-Id: Icb62e9055e689cfe2d5caa3a638797120634b63f
Reviewed-on: https://boringssl-review.googlesource.com/7340
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7cc901b..be5776c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -465,7 +465,8 @@
  * a private key operation was unfinished. The caller may retry the operation
  * when the private key operation is complete.
  *
- * See also |SSL_set_private_key_method|. */
+ * See also |SSL_set_private_key_method| and
+ * |SSL_CTX_set_private_key_method|. */
 #define SSL_ERROR_WANT_PRIVATE_KEY_OPERATION 13
 
 /* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success
@@ -1003,6 +1004,11 @@
 OPENSSL_EXPORT void SSL_set_private_key_method(
     SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method);
 
+/* SSL_CTX_set_private_key_method configures a custom private key on |ctx|.
+ * |key_method| must remain valid for the lifetime of |ctx|. */
+OPENSSL_EXPORT void SSL_CTX_set_private_key_method(
+    SSL_CTX *ctx, const SSL_PRIVATE_KEY_METHOD *key_method);
+
 
 /* Cipher suites.
  *

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 28a33c9..acdc3cb 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -185,6 +185,8 @@
     }
   }
 
+  ret->key_method = cert->key_method;
+
   ret->cert_cb = cert->cert_cb;
   ret->cert_cb_arg = cert->cert_cb_arg;
 

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 990979b..c17d2da 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c

@@ -326,6 +326,11 @@
   ssl->cert->key_method = key_method;
 }
 
+void SSL_CTX_set_private_key_method(SSL_CTX *ctx,
+                                    const SSL_PRIVATE_KEY_METHOD *key_method) {
+  ctx->cert->key_method = key_method;
+}
+
 int SSL_set_private_key_digest_prefs(SSL *ssl, const int *digest_nids,
                                      size_t num_digests) {
   OPENSSL_free(ssl->cert->digest_nids);