wolfSSL: support both DER and PEM blobs

Message ID	20220429141309.66281-1-juliusz@wolfssl.com
State	Superseded
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Juliusz Sosinowicz <juliusz@wolfssl.com> To: hostap@lists.infradead.org Cc: Juliusz Sosinowicz <juliusz@wolfssl.com> Subject: [PATCH] wolfSSL: support both DER and PEM blobs Date: Fri, 29 Apr 2022 16:13:10 +0200 Message-Id: <20220429141309.66281-1-juliusz@wolfssl.com> MIME-Version: 1.0 preview: --- src/crypto/tls_wolfssl.c \| 40 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index ed0b75769d..04e1e0e810 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -454,7 +454,13 @@ static int tls_c [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [173.201.192.230 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [173.201.192.230 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	wolfSSL: support both DER and PEM blobs \| expand wolfSSL: support both DER and PEM blobs

Message ID

20220429141309.66281-1-juliusz@wolfssl.com

State

Superseded

Headers

From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH] wolfSSL: support both DER and PEM blobs
Date: Fri, 29 Apr 2022 16:13:10 +0200
Message-Id: <20220429141309.66281-1-juliusz@wolfssl.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

wolfSSL: support both DER and PEM blobs | expand

Commit Message

Juliusz Sosinowicz April 29, 2022, 2:13 p.m. UTC

---
 src/crypto/tls_wolfssl.c | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index ed0b75769d..04e1e0e810 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -454,7 +454,13 @@  static int tls_connection_client_cert(struct tls_connection *conn,
 			    SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
 			wpa_printf(MSG_INFO,
 				   "SSL: use client cert DER blob failed");
-			return -1;
+			if (wolfSSL_use_certificate_chain_buffer_format(
+				conn->ssl, client_cert_blob, blob_len,
+				SSL_FILETYPE_PEM) != SSL_SUCCESS) {
+				wpa_printf(MSG_INFO,
+					   "SSL: use client cert PEM blob failed");
+				return -1;
+			}
 		}
 		wpa_printf(MSG_DEBUG, "SSL: use client cert blob OK");
 		return 0;
@@ -516,27 +522,34 @@  static int tls_connection_private_key(void *tls_ctx,
 	if (private_key_blob) {
 		if (wolfSSL_use_PrivateKey_buffer(conn->ssl,
 						  private_key_blob, blob_len,
-						  SSL_FILETYPE_ASN1) <= 0) {
+						  SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
 			wpa_printf(MSG_INFO,
 				   "SSL: use private DER blob failed");
+			if (wolfSSL_use_PrivateKey_buffer(conn->ssl,
+						  private_key_blob, blob_len,
+						  SSL_FILETYPE_PEM) != SSL_SUCCESS) {
+				wpa_printf(MSG_INFO,
+					   "SSL: use private PEM blob failed");
+			}
+			else {
+				ok = 1;
+			}
 		} else {
-			wpa_printf(MSG_DEBUG, "SSL: use private key blob OK");
 			ok = 1;
 		}
+		if (ok)
+			wpa_printf(MSG_DEBUG, "SSL: use private key blob OK");
 	}
 
 	if (!ok && private_key) {
 		if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
-						SSL_FILETYPE_PEM) <= 0) {
+						SSL_FILETYPE_PEM) != SSL_SUCCESS) {
 			wpa_printf(MSG_INFO,
 				   "SSL: use private key PEM file failed");
 			if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
-							SSL_FILETYPE_ASN1) <= 0)
-			{
+						SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
 				wpa_printf(MSG_INFO,
 					   "SSL: use private key DER file failed");
-			} else {
-				ok = 1;
 			}
 		} else {
 			ok = 1;
@@ -1178,10 +1191,13 @@  static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn,
 
 	if (ca_cert_blob) {
 		if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len,
-						   SSL_FILETYPE_ASN1) !=
-		    SSL_SUCCESS) {
-			wpa_printf(MSG_INFO, "SSL: failed to load CA blob");
-			return -1;
+							SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
+			wpa_printf(MSG_INFO, "SSL: failed to load DER CA blob");
+			if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len,
+							SSL_FILETYPE_PEM) != SSL_SUCCESS) {
+				wpa_printf(MSG_INFO, "SSL: failed to load PEM CA blob");
+				return -1;
+			}
 		}
 		wpa_printf(MSG_DEBUG, "SSL: use CA cert blob OK");
 		return 0;

wolfSSL: support both DER and PEM blobs

Commit Message

Patch