diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-01-18 22:29:09 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-02-01 18:27:45 +0100 |
| commit | 27f8a61df31956a196e74070a5c35c2619bc01c8 (patch) | |
| tree | da0da3e9215032e19e9747f6de78dc0dcde77bb2 /src | |
| parent | b20c54ff3f2845cc8db87f7640dfc33ea3b1f720 (diff) | |
| download | strongswan-27f8a61df31956a196e74070a5c35c2619bc01c8.tar.bz2 strongswan-27f8a61df31956a196e74070a5c35c2619bc01c8.tar.xz | |
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_private_key.c | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index f4c4759bf..950504573 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -371,14 +371,17 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, va_list args) { private_openssl_ec_private_key_t *this; - chunk_t blob = chunk_empty; + chunk_t par = chunk_empty, key = chunk_empty; while (TRUE) { switch (va_arg(args, builder_part_t)) { + case BUILD_BLOB_ALGID_PARAMS: + par = va_arg(args, chunk_t); + continue; case BUILD_BLOB_ASN1_DER: - blob = va_arg(args, chunk_t); + key = va_arg(args, chunk_t); continue; case BUILD_END: break; @@ -389,18 +392,36 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, } this = create_empty(); - this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); - if (!this->ec) + + if (par.ptr) { - destroy(this); - return NULL; + this->ec = d2i_ECParameters(NULL, (const u_char**)&par.ptr, par.len); + if (!this->ec) + { + goto error; + } + if (!d2i_ECPrivateKey(&this->ec, (const u_char**)&key.ptr, key.len)) + { + goto error; + } + } + else + { + this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&key.ptr, key.len); + if (!this->ec) + { + goto error; + } } if (!EC_KEY_check_key(this->ec)) { - destroy(this); - return NULL; + goto error; } return &this->public; + +error: + destroy(this); + return NULL; } #endif /* OPENSSL_NO_EC */ |