curl_easy_setopt with CURLOPT_SSLCERT_BLOB seems not to work.

[MonkeybreadSoftware]

I did this

curl_easy_setopt with CURLOPT_SSLCERT_BLOB seems not to work.

58: unable to set private key file: '(memory blob)' type PEM

I expected the following

The key is used.

curl/libcurl version

7.76.0 from today.

operating system

macOS

Darwin MyMac.lan 19.6.0 Darwin Kernel Version 19.6.0: Tue Jan 12 22:13:05 PST 2021; root:xnu-6153.141.16~1/RELEASE_X86_64 x86_64

[MonkeybreadSoftware]

We pass PEM data with the option and I can verify it got 6000 bytes and a non NULL pointer in curl_blob.
flags = CURL_BLOB_COPY

PS: Bug is also in 7.75.0.

[MonkeybreadSoftware]

I put some debug code in SSL_CTX_use_PrivateKey_bio:

  if(type == SSL_FILETYPE_PEM)
{
    BUF_MEM *bptr = NULL;
	BIO_get_mem_ptr(in, &bptr);
    fprintf(stderr, "bptr: %p %d\n", bptr->data, (int) bptr->length );

   
    pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
                                   (void *)key_passwd);
{
    unsigned long e = ERR_get_error();
	char buffer[500] = {0};
	ERR_error_string_n(e, buffer, sizeof(buffer));
	fprintf(stderr, "error %d: %s\n", (int) e, buffer);
}
}

and the output is:

bptr: 0x7fd88aa76f4b 0
error 151584876: error:0909006C:PEM routines:get_name:no start line
error 0: error:00000000:lib(0):func(0):reason(0)

So while it shows clearly for us in l our log above, the length is > 6000 for the PEM, but at point of PEM_read_bio_PrivateKey, the length is zero! And Openssl can't find the --- BEGIN in the PEM.

[MonkeybreadSoftware]

I added logging for the created BIO object and it has the size:

  if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
    BIO *ssl_cert_bio = NULL;
    BIO *ssl_key_bio = NULL;
    if(ssl_cert_blob) {
      /* the typecast of blob->len is fine since it is guaranteed to never be
         larger than CURL_MAX_INPUT_LENGTH */
      ssl_cert_bio = BIO_new_mem_buf(ssl_cert_blob->data,
                                     (int)ssl_cert_blob->len);
      if(!ssl_cert_bio)
        result = CURLE_OUT_OF_MEMORY;
    
    {
    	BUF_MEM *bptr = NULL;
		BIO_get_mem_ptr(ssl_cert_bio, &bptr);
    	fprintf(stderr, "ssl_cert_bio: %p %d\n", bptr->data, (int) bptr->length );
	}

ssl_cert_bio: 0x7fe928173418 6451
tell bio2: 0
bptr: 0x7fe928174d4b 0
error 151584876: error:0909006C:PEM routines:get_name:no start line
error 0: error:00000000:lib(0):func(0):reason(0)

So somewhere between that and the later point the length is lost, and internal pointer changes!

[MonkeybreadSoftware]

Seems like some of the BIO taking functions read the content of the BIO, so you can't reuse it.
So I put cloning in for those BIO with BIO_new_mem_buf.

[MonkeybreadSoftware]

I made a pull request with fixes:
#6817