Try to parse the private_key blob as private key in PEM format.
PEM format is already supported for private_key file and is now
also supported for private_key blob.
Signed-off-by: Wolfgang Steinwender <wsteinwender@xxxxxxx>
---
src/crypto/tls_openssl.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 345a35ee1..d3cf4b92c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3773,6 +3773,8 @@ static int tls_connection_private_key(struct tls_data *data,
const u8 *private_key_blob,
size_t private_key_blob_len)
{
+ BIO *bio = NULL;
+ EVP_PKEY *pkey = NULL;
int ok;
if (private_key == NULL && private_key_blob == NULL)
@@ -3818,6 +3820,26 @@ static int tls_connection_private_key(struct tls_data *data,
break;
}
+ bio = BIO_new_mem_buf((u8 *)private_key_blob,
+ private_key_blob_len);
+ if (bio) {
+ pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_passwd_cb,
+ (void *) private_key_passwd);
+ if (pkey) {
+ if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
+ "SSL_use_PrivateKey --> OK");
+ ok = 1;
+ EVP_PKEY_free(pkey);
+ BIO_free(bio);
+ break;
+ }
+ EVP_PKEY_free(pkey);
+ }
+ BIO_free(bio);
+ }
+
+
if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
private_key_blob_len,
private_key_passwd) == 0) {
--
2.31.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
