openssl: Support certificates with Ed25519/448 keys

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 256e940a4264a09c96f2e7c92935a0e4a988720b..9d3269229ae7993656268bdabcf389e0404a4bb1 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1088,6 +1088,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
 #else
        X509_ALGOR *alg;
 #endif
+       key_type_t ed_type = KEY_ED448;
 
        this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
        if (!this->x509)
@@ -1130,6 +1131,17 @@ static bool parse_certificate(private_openssl_x509_t *this)
                                        chunk, BUILD_END);
                        free(chunk.ptr);
                        break;
+               case OID_ED25519:
+                       ed_type = KEY_ED25519;
+                       /* fall-through */
+               case OID_ED448:
+                       /* for EdDSA, the parsers expect the full subjectPublicKeyInfo */
+                       chunk = openssl_i2chunk(X509_PUBKEY, X509_get_X509_PUBKEY(this->x509));
+                       this->pubkey = lib->creds->create(lib->creds,
+                                       CRED_PUBLIC_KEY, ed_type, BUILD_BLOB_ASN1_DER,
+                                       chunk, BUILD_END);
+                       free(chunk.ptr);
+                       break;
                default:
                        DBG1(DBG_LIB, "unsupported public key algorithm");
                        break;