summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/pkcs1/pkcs1_builder.c')
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 967e501d1..c934f0b1d 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -271,7 +271,8 @@ end:
* }
*
* While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
- * parameters MUST be included and publicKey SHOULD be.
+ * parameters MUST be included (an errata clarifies this, so this is only the
+ * case for plain private keys, not encoded in PKCS#8) and publicKey SHOULD be.
*/
static bool is_ec_private_key(chunk_t blob)
{
@@ -281,7 +282,8 @@ static bool is_ec_private_key(chunk_t blob)
asn1_parse_integer_uint64(data) == 1 &&
asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
- asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+ asn1_unwrap(&data, &data) == ASN1_OID &&
+ (!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1));
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 14:12:18 +0000