From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 18 Jan 2012 21:29:09 +0000 (+0100)
Subject: OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
X-Git-Tag: 4.6.2~34
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27f8a61df31956a196e74070a5c35c2619bc01c8;p=thirdparty%2Fstrongswan.git

OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.

This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index f4c4759bfd..9505045735 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -1,6 +1,6 @@
 /*
+ * Copyright (C) 2008-2012 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -371,14 +371,17 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
 													  va_list args)
 {
 	private_openssl_ec_private_key_t *this;
-	chunk_t blob = chunk_empty;
+	chunk_t par = chunk_empty, key = chunk_empty;
 
 	while (TRUE)
 	{
 		switch (va_arg(args, builder_part_t))
 		{
+			case BUILD_BLOB_ALGID_PARAMS:
+				par = va_arg(args, chunk_t);
+				continue;
 			case BUILD_BLOB_ASN1_DER:
-				blob = va_arg(args, chunk_t);
+				key = va_arg(args, chunk_t);
 				continue;
 			case BUILD_END:
 				break;
@@ -389,18 +392,36 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
 	}
 
 	this = create_empty();
-	this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
-	if (!this->ec)
+
+	if (par.ptr)
 	{
-		destroy(this);
-		return NULL;
+		this->ec = d2i_ECParameters(NULL, (const u_char**)&par.ptr, par.len);
+		if (!this->ec)
+		{
+			goto error;
+		}
+		if (!d2i_ECPrivateKey(&this->ec, (const u_char**)&key.ptr, key.len))
+		{
+			goto error;
+		}
+	}
+	else
+	{
+		this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&key.ptr, key.len);
+		if (!this->ec)
+		{
+			goto error;
+		}
 	}
 	if (!EC_KEY_check_key(this->ec))
 	{
-		destroy(this);
-		return NULL;
+		goto error;
 	}
 	return &this->public;
+
+error:
+	destroy(this);
+	return NULL;
 }
 #endif /* OPENSSL_NO_EC */