]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0030590)
openssl: Support private_key blob in PEM encoded PKCS#8 format
authorWolfgang Steinwender <wsteinwender@pcs.com>
Wed, 7 Apr 2021 14:43:21 +0000 (16:43 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 19 Aug 2021 14:40:58 +0000 (17:40 +0300)
Try to parse the private_key blob as private key in PEM format encoded
PKCS#8. PEM format is already supported for private_key file and is now
also supported for private_key blob.

Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
src/crypto/tls_openssl.c patch | blob | blame | history

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 345a35ee16f476d5a366666b935bed8ecd570e17..203b0f781ff5d89be043b3356edd1af25f3a9fc3 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3773,6 +3773,7 @@ static int tls_connection_private_key(struct tls_data *data,
                                      const u8 *private_key_blob,
                                      size_t private_key_blob_len)
 {
+       BIO *bio;
        int ok;
 
        if (private_key == NULL && private_key_blob == NULL)
@@ -3818,6 +3819,28 @@ static int tls_connection_private_key(struct tls_data *data,
                        break;
                }
 
+               bio = BIO_new_mem_buf((u8 *) private_key_blob,
+                                     private_key_blob_len);
+               if (bio) {
+                       EVP_PKEY *pkey;
+
+                       pkey = PEM_read_bio_PrivateKey(
+                               bio, NULL, tls_passwd_cb,
+                               (void *) private_key_passwd);
+                       if (pkey) {
+                               if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
+                                       wpa_printf(MSG_DEBUG,
+                                                  "OpenSSL: SSL_use_PrivateKey --> OK");
+                                       ok = 1;
+                                       EVP_PKEY_free(pkey);
+                                       BIO_free(bio);
+                                       break;
+                               }
+                               EVP_PKEY_free(pkey);
+                       }
+                       BIO_free(bio);
+               }
+
                if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
                                         private_key_blob_len,
                                         private_key_passwd) == 0) {
Unnamed repository; edit this file 'description' to name the repository.