Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM

Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data
to be able to use PEM encoded, unencrypted PKCS#8 private keys with the
internal TLS implementation. Previously, only DER encoding of the
PKCS#8 private key was supported.
This commit is contained in:
Jouni Malinen 2009-10-16 22:00:45 +03:00
parent 385f16c611
commit 8ef74414fc

View file

@ -70,6 +70,8 @@ static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
static const char *pem_cert_end = "-----END CERTIFICATE-----"; static const char *pem_cert_end = "-----END CERTIFICATE-----";
static const char *pem_key_begin = "-----BEGIN RSA PRIVATE KEY-----"; static const char *pem_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
static const char *pem_key_end = "-----END RSA PRIVATE KEY-----"; static const char *pem_key_end = "-----END RSA PRIVATE KEY-----";
static const char *pem_key2_begin = "-----BEGIN PRIVATE KEY-----";
static const char *pem_key2_end = "-----END PRIVATE KEY-----";
static const u8 * search_tag(const char *tag, const u8 *buf, size_t len) static const u8 * search_tag(const char *tag, const u8 *buf, size_t len)
@ -219,13 +221,20 @@ static int tlsv1_set_key_pem(struct tlsv1_credentials *cred,
size_t der_len; size_t der_len;
pos = search_tag(pem_key_begin, key, len); pos = search_tag(pem_key_begin, key, len);
if (!pos) if (!pos) {
return -1; pos = search_tag(pem_key2_begin, key, len);
if (!pos)
pos += os_strlen(pem_key_begin); return -1;
end = search_tag(pem_key_end, pos, key + len - pos); pos += os_strlen(pem_key2_begin);
if (!end) end = search_tag(pem_key2_end, pos, key + len - pos);
return -1; if (!end)
return -1;
} else {
pos += os_strlen(pem_key_begin);
end = search_tag(pem_key_end, pos, key + len - pos);
if (!end)
return -1;
}
der = base64_decode(pos, end - pos, &der_len); der = base64_decode(pos, end - pos, &der_len);
if (!der) if (!der)