hx509: Pass PKCS#8 keys to lower layers

OpenSSL's d2i_ECPrivateKey() is deprecated, so we have to use d2i_PrivateKey(), but d2i_PrivateKey() wants the whole PKCS#8 blob so it can know what kind of key it is. So we need to let the hx509 EC layer get that blob. The internal APIs need some refactoring, so for now we use a hack where we try to parse the private key with and without the PKCS#8 wrapper.
2022-11-19 23:43:27 -06:00
parent 2ddea96ba2
commit cce8ae9927
2 changed files with 34 additions and 28 deletions
--- a/lib/hx509/collector.c
+++ b/lib/hx509/collector.c
@@ -147,6 +147,16 @@ _hx509_collector_private_key_add(hx509_context context,
 				       key_data->data, key_data->length,
 				       HX509_KEY_FORMAT_DER,
 				       &key->private_key);
+        if (ret && localKeyId) {
+            int ret2;
+
+            ret2 = hx509_parse_private_key(context, alg,
+                                           localKeyId->data, localKeyId->length,
+                                           HX509_KEY_FORMAT_PKCS8,
+                                           &key->private_key);
+            if (ret2 == 0)
+                ret = 0;
+        }
 	if (ret)
 	    goto out;
    }