git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Juliusz Sosinowicz <juliusz@wolfssl.com>
	Wed, 23 Apr 2025 14:32:52 +0000 (16:32 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 2 Jun 2025 07:15:05 +0000 (09:15 +0200)
commit	f38bb91654769e9a5994975afb8322941bb741da
tree	8cbad286ef63fb8ee5371ae96f0af5e14b51ca67	tree \| snapshot
parent	85eb5c781272ae0c3ce1e3706c328fbde12e98ba	commit \| diff

wolfssl: Unlock keys if necessary when using FIPS module

Wrap the functions that require it in PRIVATE_KEY_UNLOCK/PRIVATE_KEY_LOCK.
This can't be done at plugin initialization because it needs to be done
for every thread. strongSwan currently doesn't provide on-thread-create
callbacks for plugins so we need to wrap each direct call. Another reason
to do so is that some functions we call (e.g. wc_EccKeyToDer) internally
call PRIVATE_KEY_UNLOCK/PRIVATE_KEY_LOCK and would leave the keys locked
for that particular thread.

src/libstrongswan/plugins/wolfssl/wolfssl_diffie_hellman.c		diff \| blob \| blame \| history
src/libstrongswan/plugins/wolfssl/wolfssl_ec_diffie_hellman.c		diff \| blob \| blame \| history
src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c		diff \| blob \| blame \| history