From 85a35fc99d96d624f9ea34771e43d101cfea50a2 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 20 Jan 2020 17:58:34 +0100
Subject: [PATCH] openssl: Support certificates with Ed25519/448 keys

---
 src/libstrongswan/plugins/openssl/openssl_x509.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 256e940a42..9d3269229a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1088,6 +1088,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
 #else
 	X509_ALGOR *alg;
 #endif
+	key_type_t ed_type = KEY_ED448;
 
 	this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
 	if (!this->x509)
@@ -1130,6 +1131,17 @@ static bool parse_certificate(private_openssl_x509_t *this)
 					chunk, BUILD_END);
 			free(chunk.ptr);
 			break;
+		case OID_ED25519:
+			ed_type = KEY_ED25519;
+			/* fall-through */
+		case OID_ED448:
+			/* for EdDSA, the parsers expect the full subjectPublicKeyInfo */
+			chunk = openssl_i2chunk(X509_PUBKEY, X509_get_X509_PUBKEY(this->x509));
+			this->pubkey = lib->creds->create(lib->creds,
+					CRED_PUBLIC_KEY, ed_type, BUILD_BLOB_ASN1_DER,
+					chunk, BUILD_END);
+			free(chunk.ptr);
+			break;
 		default:
 			DBG1(DBG_LIB, "unsupported public key algorithm");
 			break;
-- 
2.47.2