openssl: Add support for Ed25519 via AWS-LC

author Tobias Brunner <tobias@strongswan.org>

Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)
author Tobias Brunner <tobias@strongswan.org>
Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)
diff --git a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c

index e8d900d94a5de3012c98ef8f821f64182f61dd34..39968f77631191cbca83ad1cc997efe90d1efc53 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2018 Tobias Brunner
+ * Copyright (C) 2018-2025 Tobias Brunner
   *
   * Copyright (C) secunet Security Networks AG
   *
@@ -18,6 +18,10 @@
  
  #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
  
+#ifdef OPENSSL_IS_AWSLC
+#include <openssl/x509.h>
+#endif
+
  #include "openssl_ed_private_key.h"
  #include "openssl_util.h"
  
@@ -170,7 +174,17 @@ METHOD(private_key_t, get_encoding, bool,
                 {
                         bool success = TRUE;
  
+#ifndef OPENSSL_IS_AWSLC
                         *encoding = openssl_i2chunk(PrivateKey, this->key);
+#else
+                       /* AWS-LC currently doesn't implement i2d_PrivateKey for EdDSA */
+                       PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(this->key);
+                       if (p8)
+                       {
+                               *encoding = openssl_i2chunk(PKCS8_PRIV_KEY_INFO, p8);
+                               PKCS8_PRIV_KEY_INFO_free(p8);
+                       }
+#endif
  
                         if (type == PRIVKEY_PEM)
                         {
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c

index e5d2022aa7b911de6b77727c9c84f3d656f3caeb..cf4b86f0040504e49605bed1d11a4af1c0b99782 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -302,10 +302,11 @@ static private_key_t *openssl_private_key_load(key_type_t type, va_list args)
                                 case EVP_PKEY_EC:
                                         return openssl_ec_private_key_create(key, FALSE);
  #endif
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && \
-       !defined(OPENSSL_IS_AWSLC)
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
                                 case EVP_PKEY_ED25519:
+#ifndef OPENSSL_IS_AWSLC
                                 case EVP_PKEY_ED448:
+#endif
                                         return openssl_ed_private_key_create(key, FALSE);
  #endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_EC && !OPENSSL_IS_AWSLC */
                                 default:
@@ -667,22 +668,29 @@ METHOD(plugin_t, get_features, int,
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
  #endif
  #endif /* OPENSSL_NO_ECDSA */
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && \
-       !defined(OPENSSL_IS_AWSLC)
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
                 /* EdDSA private/public key loading */
                 PLUGIN_REGISTER(PUBKEY, openssl_ed_public_key_load, TRUE),
                         PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
+#ifndef OPENSSL_IS_AWSLC
                         PLUGIN_PROVIDE(PUBKEY, KEY_ED448),
+#endif
                 PLUGIN_REGISTER(PRIVKEY, openssl_ed_private_key_load, TRUE),
                         PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
+#ifndef OPENSSL_IS_AWSLC
                         PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
+#endif
                 PLUGIN_REGISTER(PRIVKEY_GEN, openssl_ed_private_key_gen, FALSE),
                         PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
+#ifndef OPENSSL_IS_AWSLC
                         PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448),
+#endif
                 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448),
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
+#ifndef OPENSSL_IS_AWSLC
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448),
                 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448),
+#endif
                 /* register a pro forma identity hasher, never instantiated */
                 PLUGIN_REGISTER(HASHER, return_null),
                         PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 8 Aug 2025 15:17:12 +0000 (17:17 +0200)
src/libstrongswan/plugins/openssl/openssl_ed_private_key.c		patch \| blob \| blame \| history
src/libstrongswan/plugins/openssl/openssl_plugin.c		patch \| blob \| blame \| history