From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 20 Jan 2020 16:58:34 +0000 (+0100)
Subject: openssl: Support certificates with Ed25519/448 keys
X-Git-Tag: 5.8.3dr1~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85a35fc99d96d624f9ea34771e43d101cfea50a2;p=thirdparty%2Fstrongswan.git

openssl: Support certificates with Ed25519/448 keys
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 256e940a42..9d3269229a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1088,6 +1088,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
 #else
 	X509_ALGOR *alg;
 #endif
+	key_type_t ed_type = KEY_ED448;
 
 	this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
 	if (!this->x509)
@@ -1130,6 +1131,17 @@ static bool parse_certificate(private_openssl_x509_t *this)
 					chunk, BUILD_END);
 			free(chunk.ptr);
 			break;
+		case OID_ED25519:
+			ed_type = KEY_ED25519;
+			/* fall-through */
+		case OID_ED448:
+			/* for EdDSA, the parsers expect the full subjectPublicKeyInfo */
+			chunk = openssl_i2chunk(X509_PUBKEY, X509_get_X509_PUBKEY(this->x509));
+			this->pubkey = lib->creds->create(lib->creds,
+					CRED_PUBLIC_KEY, ed_type, BUILD_BLOB_ASN1_DER,
+					chunk, BUILD_END);
+			free(chunk.ptr);
+			break;
 		default:
 			DBG1(DBG_LIB, "unsupported public key algorithm");
 			break;