openssl: Support private_key blob in PEM encoded PKCS#8 format

Try to parse the private_key blob as private key in PEM format encoded PKCS#8. PEM format is already supported for private_key file and is now also supported for private_key blob. Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
3 years ago · cce33c7e7a
parent 0030590fb3
commit cce33c7e7a
1 changed files with 23 additions and 0 deletions
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -3773,6 +3773,7 @@ static int tls_connection_private_key(struct tls_data *data,
 				      const u8 *private_key_blob,
 				      size_t private_key_blob_len)
 {
+	BIO *bio;
 	int ok;

 	if (private_key == NULL && private_key_blob == NULL)
@ -3818,6 +3819,28 @@ static int tls_connection_private_key(struct tls_data *data,
 			break;
 		}

+		bio = BIO_new_mem_buf((u8 *) private_key_blob,
+				      private_key_blob_len);
+		if (bio) {
+			EVP_PKEY *pkey;
+
+			pkey = PEM_read_bio_PrivateKey(
+				bio, NULL, tls_passwd_cb,
+				(void *) private_key_passwd);
+			if (pkey) {
+				if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
+					wpa_printf(MSG_DEBUG,
+						   "OpenSSL: SSL_use_PrivateKey --> OK");
+					ok = 1;
+					EVP_PKEY_free(pkey);
+					BIO_free(bio);
+					break;
+				}
+				EVP_PKEY_free(pkey);
+			}
+			BIO_free(bio);
+		}
+
 		if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
 					 private_key_blob_len,
 					 private_key_passwd) == 0) {