Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 08:48:31 -05:00
Code Issues Projects Releases Wiki Activity

OpenSSL: Do not require private key to come from PKCS#11

Browse Source 
There's no reason I shouldn't be able to use PKCS#11 for just the CA cert,
or even the client cert, while the private key is still from a file.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
David Woodhouse 2014-12-18 15:09:23 +00:00 committed by Jouni Malinen
parent 5c8ab0d49c
commit 3d268b8d19
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/crypto/tls_openssl.c
View File

@ -903,10 +903,6 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
return -1;
}
#endif
if (key_id == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
return -1;
}
ERR_clear_error();
#ifdef ANDROID
@ -933,15 +929,18 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
goto err;
}
#endif
/* load private key first in-case PIN is required for cert */
conn->private_key = ENGINE_load_private_key(conn->engine,
key_id, NULL, NULL);
if (!conn->private_key) {
wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
" '%s' [%s]", key_id,
ERR_error_string(ERR_get_error(), NULL));
ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
goto err;
if (key_id) {
/* load private key first in-case PIN is required for cert */
conn->private_key = ENGINE_load_private_key(conn->engine,
key_id, NULL, NULL);
if (!conn->private_key) {
wpa_printf(MSG_ERROR,
"ENGINE: cannot load private key with id '%s' [%s]",
key_id,
ERR_error_string(ERR_get_error(), NULL));
ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
goto err;
}
}
/* handle a certificate and/or CA certificate */