diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-10-05 11:36:11 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-10-05 11:36:11 +0200 |
| commit | 1bfa3f2a10bc7b7a1bc3e20986a62e8f30a17e03 (patch) | |
| tree | 1e7f57d72c8558d1ca051f3bf1cf371228bea4b8 /src/libstrongswan/plugins/openssl/openssl_plugin.c | |
| parent | 33241871a82a0c374128373e47380be60f0431fa (diff) | |
| parent | 7caba2eb5524be6b51943bcc3d2cb0e4c5ecc09a (diff) | |
| download | strongswan-1bfa3f2a10bc7b7a1bc3e20986a62e8f30a17e03.tar.bz2 strongswan-1bfa3f2a10bc7b7a1bc3e20986a62e8f30a17e03.tar.xz | |
Merge branch 'priv-key-any'
Adds the ability to parse KEY_ANY keys via the pkcs1 and openssl plugins.
This is then used in the pki utility, where private keys may now be
loaded via `priv` keyword instead of having to specify the type of the key
explicitly. And swanctl can load any type of key from the swanctl/private
directory.
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 1330427cf..ab73d718f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2013 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -269,6 +269,53 @@ static bool seed_rng() return TRUE; } +/** + * Generic key loader + */ +static private_key_t *openssl_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + EVP_PKEY *key; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (blob.ptr) + { + key = d2i_AutoPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (key) + { + switch (EVP_PKEY_base_id(key)) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + return openssl_rsa_private_key_create(key); +#endif +#ifndef OPENSSL_NO_ECDSA + case EVP_PKEY_EC: + return openssl_ec_private_key_create(key); +#endif + default: + EVP_PKEY_free(key); + break; + } + } + } + return NULL; +} + METHOD(plugin_t, get_name, char*, private_openssl_plugin_t *this) { @@ -504,6 +551,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), #endif #endif /* OPENSSL_NO_ECDSA */ + /* generic key loader */ + PLUGIN_REGISTER(PRIVKEY, openssl_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), PLUGIN_REGISTER(RNG, openssl_rng_create), PLUGIN_PROVIDE(RNG, RNG_STRONG), PLUGIN_PROVIDE(RNG, RNG_WEAK), |