diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-10 07:47:46 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-01-10 08:24:21 -0800 |
commit | e682157c9379d25d0a65759bf2cb7efa327be427 (patch) | |
tree | d7a911525826812c8833efeb01fa8040c40c985f | |
parent | dd04b7bc7eff5e803a095781e11c104e6dfcd765 (diff) | |
download | openssl_tpm2_engine-e682157c9379d25d0a65759bf2cb7efa327be427.tar.gz |
tpm2-common: allow loading of DER keys
One of the reasons for putting an OID at the beginning of the
structure was to make the binary DER form uniquely recognizable. This
should mean we're safe to try loading the binary form if the PEM form
fails. Activate that feature (for the new structure only).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tpm2-common.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index 763fccf..84b9093 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -8,6 +8,7 @@ #include <string.h> #include <unistd.h> +#include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/rsa.h> #include <openssl/ec.h> @@ -1052,6 +1053,11 @@ int tpm2_load_engine_file(const char *filename, struct app_data **app_data, } tpk = PEM_read_bio_TSSPRIVKEY(bf, NULL, NULL, NULL); + if (!tpk) { + BIO_seek(bf, 0); + ERR_clear_error(); + tpk = ASN1_item_d2i_bio(ASN1_ITEM_rptr(TSSPRIVKEY), bf, NULL); + } if (tpk) { version = 1; type = tpk->type; |