From e0d1f791a33c3bf3f164b8c5abbd87a87d376471 Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Tue, 19 Sep 2017 18:28:51 +0200
Subject: Fixed webadmin certificate reading.

---
 src/mbedTLS++/CryptoKey.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/mbedTLS++/CryptoKey.cpp')

diff --git a/src/mbedTLS++/CryptoKey.cpp b/src/mbedTLS++/CryptoKey.cpp
index d9069e4e6..6615991d6 100644
--- a/src/mbedTLS++/CryptoKey.cpp
+++ b/src/mbedTLS++/CryptoKey.cpp
@@ -120,16 +120,19 @@ int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes)
 int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password)
 {
 	ASSERT(!IsValid());  // Cannot parse a second key
+	// mbedTLS requires that PEM-encoded data is passed including the terminating NUL byte,
+	// and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to everything:
+	AString keyData(reinterpret_cast<const char *>(a_Data), a_NumBytes);
 
 	if (a_Password.empty())
 	{
-		return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes, nullptr, 0);
+		return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1, nullptr, 0);
 	}
 	else
 	{
 		return mbedtls_pk_parse_key(
 			&m_Pk,
-			reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes,
+			reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1,
 			reinterpret_cast<const unsigned char *>(a_Password.c_str()), a_Password.size()
 		);
 	}
-- 
cgit v1.2.3