jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

openssl: Support private_key blob in PEM encoded PKCS#8 format

Browse source 
Try to parse the private_key blob as private key in PEM format encoded
PKCS#8. PEM format is already supported for private_key file and is now
also supported for private_key blob.

Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
This commit is contained in:
Wolfgang Steinwender 2021-04-07 16:43:21 +02:00 committed by Jouni Malinen
parent 0030590fb3
commit cce33c7e7a
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/crypto/tls_openssl.c
View file

@ -3773,6 +3773,7 @@ static int tls_connection_private_key(struct tls_data *data,
const u8 *private_key_blob,
size_t private_key_blob_len)
{
BIO *bio;
int ok;
if (private_key == NULL && private_key_blob == NULL)
@ -3818,6 +3819,28 @@ static int tls_connection_private_key(struct tls_data *data,
break;
}
bio = BIO_new_mem_buf((u8 *) private_key_blob,
private_key_blob_len);
if (bio) {
EVP_PKEY *pkey;
pkey = PEM_read_bio_PrivateKey(
bio, NULL, tls_passwd_cb,
(void *) private_key_passwd);
if (pkey) {
if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
wpa_printf(MSG_DEBUG,
"OpenSSL: SSL_use_PrivateKey --> OK");
ok = 1;
EVP_PKEY_free(pkey);
BIO_free(bio);
break;
}
EVP_PKEY_free(pkey);
}
BIO_free(bio);
}
if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
private_key_blob_len,
private_key_passwd) == 0) {