aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_cred.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-10-16 19:00:45 (GMT)
committerJouni Malinen <j@w1.fi>2009-10-16 19:00:45 (GMT)
commit8ef74414fc6c21193221f30f5486e76120a07562 (patch)
tree431159f6a3c82c7efa1968db5971e69d9ba9c8e5 /src/tls/tlsv1_cred.c
parent385f16c6114500e9a2287058f99f6c3da3e949ad (diff)
downloadhostap-8ef74414fc6c21193221f30f5486e76120a07562.zip
hostap-8ef74414fc6c21193221f30f5486e76120a07562.tar.gz
hostap-8ef74414fc6c21193221f30f5486e76120a07562.tar.bz2
Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM
Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data to be able to use PEM encoded, unencrypted PKCS#8 private keys with the internal TLS implementation. Previously, only DER encoding of the PKCS#8 private key was supported.
Diffstat (limited to 'src/tls/tlsv1_cred.c')
-rw-r--r--src/tls/tlsv1_cred.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index c79ad4a..efec62d 100644
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -70,6 +70,8 @@ static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
static const char *pem_cert_end = "-----END CERTIFICATE-----";
static const char *pem_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
static const char *pem_key_end = "-----END RSA PRIVATE KEY-----";
+static const char *pem_key2_begin = "-----BEGIN PRIVATE KEY-----";
+static const char *pem_key2_end = "-----END PRIVATE KEY-----";
static const u8 * search_tag(const char *tag, const u8 *buf, size_t len)
@@ -219,13 +221,20 @@ static int tlsv1_set_key_pem(struct tlsv1_credentials *cred,
size_t der_len;
pos = search_tag(pem_key_begin, key, len);
- if (!pos)
- return -1;
-
- pos += os_strlen(pem_key_begin);
- end = search_tag(pem_key_end, pos, key + len - pos);
- if (!end)
- return -1;
+ if (!pos) {
+ pos = search_tag(pem_key2_begin, key, len);
+ if (!pos)
+ return -1;
+ pos += os_strlen(pem_key2_begin);
+ end = search_tag(pem_key2_end, pos, key + len - pos);
+ if (!end)
+ return -1;
+ } else {
+ pos += os_strlen(pem_key_begin);
+ end = search_tag(pem_key_end, pos, key + len - pos);
+ if (!end)
+ return -1;
+ }
der = base64_decode(pos, end - pos, &der_len);
if (!der)