#include <openssl/engine.h>
-#include "openssl_ec_private_key.h"
-#include "openssl_ed_private_key.h"
-#include "openssl_rsa_private_key.h"
+#include "openssl_util.h"
/**
* Login to engine with a PIN specified for a keyid
"engine '%s'", keyname, engine_id);
return NULL;
}
-
- switch (EVP_PKEY_base_id(key))
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- return openssl_rsa_private_key_create(key, TRUE);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- case EVP_PKEY_EC:
- return openssl_ec_private_key_create(key, TRUE);
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
- case EVP_PKEY_ED25519:
- case EVP_PKEY_ED448:
- return openssl_ed_private_key_create(key, TRUE);
-#endif /* OPENSSL_VERSION_NUMBER */
- default:
- EVP_PKEY_free(key);
- break;
- }
- return NULL;
+ return openssl_wrap_private_key(key, TRUE);
}
/*
*/
static bool add_key(private_pkcs12_t *this, EVP_PKEY *private)
{
- private_key_t *key = NULL;
- chunk_t encoding;
- key_type_t type;
+ private_key_t *key;
if (!private)
{ /* no private key is ok */
return TRUE;
}
- switch (EVP_PKEY_base_id(private))
- {
- case EVP_PKEY_RSA:
- type = KEY_RSA;
- break;
- case EVP_PKEY_EC:
- type = KEY_ECDSA;
- break;
- case EVP_PKEY_ED25519:
- type = KEY_ED25519;
- break;
- case EVP_PKEY_ED448:
- type = KEY_ED448;
- break;
- default:
- EVP_PKEY_free(private);
- return FALSE;
- }
- encoding = openssl_i2chunk(PrivateKey, private);
- if (encoding.ptr)
+ key = openssl_wrap_private_key(private, FALSE);
+ if (key)
{
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_BLOB_ASN1_DER, encoding,
- BUILD_END);
- if (key)
- {
- this->creds->add_key(this->creds, key);
- }
+ this->creds->add_key(this->creds, key);
}
- chunk_clear(&encoding);
- EVP_PKEY_free(private);
return key != NULL;
}
if (blob.ptr)
{
key = d2i_AutoPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
- if (key)
- {
- switch (EVP_PKEY_base_id(key))
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- return openssl_rsa_private_key_create(key, FALSE);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- case EVP_PKEY_EC:
- return openssl_ec_private_key_create(key, FALSE);
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && \
- !defined(OPENSSL_IS_AWSLC)
- case EVP_PKEY_ED25519:
- case EVP_PKEY_ED448:
- return openssl_ed_private_key_create(key, FALSE);
-#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_EC && !OPENSSL_IS_AWSLC */
- default:
- EVP_PKEY_free(key);
- break;
- }
- }
+ return openssl_wrap_private_key(key, FALSE);
}
return NULL;
}
#include <openssl/dh.h>
#endif
+#include "openssl_ec_private_key.h"
+#include "openssl_ed_private_key.h"
+#include "openssl_rsa_private_key.h"
+
/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define OBJ_get0_data(o) ((o)->data)
return TRUE;
}
+/*
+ * Described in header
+ */
+private_key_t *openssl_wrap_private_key(EVP_PKEY *key, bool engine)
+{
+ if (key)
+ {
+ switch (EVP_PKEY_base_id(key))
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ return openssl_rsa_private_key_create(key, engine);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ case EVP_PKEY_EC:
+ return openssl_ec_private_key_create(key, engine);
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && \
+!defined(OPENSSL_IS_AWSLC)
+ case EVP_PKEY_ED25519:
+ case EVP_PKEY_ED448:
+ return openssl_ed_private_key_create(key, engine);
+#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_EC && !OPENSSL_IS_AWSLC */
+ default:
+ EVP_PKEY_free(key);
+ break;
+ }
+ }
+ return NULL;
+}
+
/**
* Described in header.
*/
*/
bool openssl_fingerprint(EVP_PKEY *key, cred_encoding_type_t type, chunk_t *fp);
+/**
+ * Wrap the given OpenSSL private key in a type-specific private key object.
+ *
+ * @param key key object to wrap
+ * @param engine TRUE if key can't be accessed directly
+ * @returns created object or NULL if key type is not supported
+ */
+private_key_t *openssl_wrap_private_key(EVP_PKEY *key, bool engine);
+
/**
* Concatenates two bignums into a chunk, thereby enforcing the length of
* a single BIGNUM, if necessary, by prepending it with zeros.
projects / thirdparty / strongswan.git / commitdiff
