aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-12-04 13:38:50 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-04 18:08:31 (GMT)
commited2566ac9ba81a90ed2bfb72ce1445e7933aa466 (patch)
tree1897170d7d65d1296683cef8aeeaef2159103b2d /hs20
parent8d27efa814e8f2c8bb4e26c1389a0cb60f8c6991 (diff)
downloadhostap-ed2566ac9ba81a90ed2bfb72ce1445e7933aa466.zip
hostap-ed2566ac9ba81a90ed2bfb72ce1445e7933aa466.tar.gz
hostap-ed2566ac9ba81a90ed2bfb72ce1445e7933aa466.tar.bz2
EST: Implement pkcs7_to_cert() with BoringSSL
This adds one more step in completing hs20-osu-client support when using BoringSSL instead of OpenSSL. EST client can now parse the cacerts file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/client/est.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/hs20/client/est.c b/hs20/client/est.c
index c22d9ca..d754e61 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -28,16 +28,27 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
size_t len, char *pem_file, char *der_file)
{
#ifdef OPENSSL_IS_BORINGSSL
- wpa_printf(MSG_ERROR,
- "EST: pkcs7_to_cert not yet supported with BoringSSL");
- return -1;
+ CBS pkcs7_cbs;
#else /* OPENSSL_IS_BORINGSSL */
PKCS7 *p7 = NULL;
const unsigned char *p = pkcs7;
+#endif /* OPENSSL_IS_BORINGSSL */
STACK_OF(X509) *certs;
int i, num, ret = -1;
BIO *out = NULL;
+#ifdef OPENSSL_IS_BORINGSSL
+ certs = sk_X509_new_null();
+ if (!certs)
+ goto fail;
+ CBS_init(&pkcs7_cbs, pkcs7, len);
+ if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) {
+ wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ write_result(ctx, "Could not parse PKCS#7 object from EST");
+ goto fail;
+ }
+#else /* OPENSSL_IS_BORINGSSL */
p7 = d2i_PKCS7(NULL, &p, len);
if (p7 == NULL) {
wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
@@ -57,6 +68,7 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
certs = NULL;
break;
}
+#endif /* OPENSSL_IS_BORINGSSL */
if (!certs || ((num = sk_X509_num(certs)) == 0)) {
wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
@@ -89,12 +101,16 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
ret = 0;
fail:
+#ifdef OPENSSL_IS_BORINGSSL
+ if (certs)
+ sk_X509_pop_free(certs, X509_free);
+#else /* OPENSSL_IS_BORINGSSL */
PKCS7_free(p7);
+#endif /* OPENSSL_IS_BORINGSSL */
if (out)
BIO_free_all(out);
return ret;
-#endif /* OPENSSL_IS_BORINGSSL */
}