BoringSSL: Fix PKCS12_parse() segfault when used without password
Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e3f8401..8c2df22 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2076,6 +2076,8 @@
pkey = NULL;
cert = NULL;
certs = NULL;
+ if (!passwd)
+ passwd = "";
if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
tls_show_errors(MSG_DEBUG, __func__,
"Failed to parse PKCS12 file");