aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-01-08 22:38:09 (GMT)
committerJouni Malinen <j@w1.fi>2010-01-08 22:42:32 (GMT)
commitb99094dafb488e7c71739e47f52f54158ae4ff99 (patch)
tree16dcdda6d11b767a07c74b88a74ea4474cc66774
parentacaa76a65b363bf4c6e55935420cf50d00c95964 (diff)
downloadhostap-06-b99094dafb488e7c71739e47f52f54158ae4ff99.zip
hostap-06-b99094dafb488e7c71739e47f52f54158ae4ff99.tar.gz
hostap-06-b99094dafb488e7c71739e47f52f54158ae4ff99.tar.bz2
Fix PKCS#12 use with OpenSSL 1.0.0
Add 40-bit RC2 CBC explicitly since OpenSSL 1.0.0 does not seem to that anymore with PKCS12_PBE_add(). Furthermore, at least 1.0.0-beta4 crashes if the needed cipher is not registered when parsing the PKCS#12 data (this crashing part should be fixed in newer 1.0.0 versions) Following bug reports are related to the issue: https://bugzilla.redhat.com/show_bug.cgi?id=541924 https://bugzilla.redhat.com/show_bug.cgi?id=538851 http://rt.openssl.org/Ticket/Display.html?id=2127 http://rt.openssl.org/Ticket/Display.html?id=2128 (cherry picked from commit 1056dad796e78509604c0aa836803c8425b4ba37)
-rw-r--r--src/crypto/tls_openssl.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 7af5673..2fe3804 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -675,6 +675,15 @@ void * tls_init(const struct tls_config *conf)
* be added here. */
#ifdef PKCS12_FUNCS
+#ifndef OPENSSL_NO_RC2
+ /*
+ * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
+ * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
+ * versions, but it looks like OpenSSL 1.0.0 does not do that
+ * anymore.
+ */
+ EVP_add_cipher(EVP_rc2_40_cbc());
+#endif /* OPENSSL_NO_RC2 */
PKCS12_PBE_add();
#endif /* PKCS12_FUNCS */
}