[PATCH] OpenSSL: Fix keystore-backed keys
Jouni Malinen
j
Tue Oct 6 13:15:37 PDT 2015
On Tue, Oct 06, 2015 at 11:11:11AM -0700, Dmitry Shmidt wrote:
> The switch to BoringSSL broke keystore-backed keys because
> wpa_supplicant was using the dynamic ENGINE loading to load
> the keystore module.
> The ENGINE-like functionality in BoringSSL is much simpler
> and this change should enable it.
Thanks, applied with some cleanup and a small fix:
> static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
> + conn->engine = NULL;
> + conn->private_key = EVP_PKEY_from_keystore(key_id);
tls_engine_init() can be called with key_id == NULL depending on
configuration, so I added a check for that to avoid a NULL pointer
dereference within BoringSSL. I'd assume this does not happen with the
configuration used on Android, but anyway, better have this more robust
should the configuration ever change.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list