From 8ef74414fc6c21193221f30f5486e76120a07562 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 16 Oct 2009 22:00:45 +0300 Subject: [PATCH] Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data to be able to use PEM encoded, unencrypted PKCS#8 private keys with the internal TLS implementation. Previously, only DER encoding of the PKCS#8 private key was supported. --- src/tls/tlsv1_cred.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c index c79ad4a6d..efec62d72 100644 --- a/src/tls/tlsv1_cred.c +++ b/src/tls/tlsv1_cred.c @@ -70,6 +70,8 @@ static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----"; static const char *pem_cert_end = "-----END CERTIFICATE-----"; static const char *pem_key_begin = "-----BEGIN RSA PRIVATE KEY-----"; static const char *pem_key_end = "-----END RSA PRIVATE KEY-----"; +static const char *pem_key2_begin = "-----BEGIN PRIVATE KEY-----"; +static const char *pem_key2_end = "-----END PRIVATE KEY-----"; static const u8 * search_tag(const char *tag, const u8 *buf, size_t len) @@ -219,13 +221,20 @@ static int tlsv1_set_key_pem(struct tlsv1_credentials *cred, size_t der_len; pos = search_tag(pem_key_begin, key, len); - if (!pos) - return -1; - - pos += os_strlen(pem_key_begin); - end = search_tag(pem_key_end, pos, key + len - pos); - if (!end) - return -1; + if (!pos) { + pos = search_tag(pem_key2_begin, key, len); + if (!pos) + return -1; + pos += os_strlen(pem_key2_begin); + end = search_tag(pem_key2_end, pos, key + len - pos); + if (!end) + return -1; + } else { + pos += os_strlen(pem_key_begin); + end = search_tag(pem_key_end, pos, key + len - pos); + if (!end) + return -1; + } der = base64_decode(pos, end - pos, &der_len); if (!der)