pkcs11-tool.c - output Edwards or Montgomery keys in DER format

When reading an EC or RSA public key, the output is on DER format But current code was writting Edwards keys in PEM format and did not support Montgomery keys. Pkcs11-tool will now write all public keys DER format. On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c
dengert · Dec 13, 2024 · f36ab9f · f36ab9f
1 parent 31cb00b
commit f36ab9f
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
@@ -6566,7 +6566,7 @@ static int read_object(CK_SESSION_HANDLE session)
 				value = getEC_POINT(session, obj, &len);
 				/* PKCS11 3.0 errta and 3.1 say Edwards and Montgomery
 				 * return raw byte strings, convert to OCTET string for OpenSSL
-				 * Will asccept as OCT STRING
+				 * Will asccept as OCTET STRING
 				 */
 				a = value;
 				os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)len);
@@ -6620,12 +6620,8 @@ static int read_object(CK_SESSION_HANDLE session)
 				if (key == NULL) {
 					util_fatal("out of memory");
 				}
-				/* Note, that we write PEM here as there is no "native"
-				 * in RFC 8410 /OpenSSL format 
-				 * representation of EdDSA public keys to use
-				 */
-				if (!PEM_write_bio_PUBKEY(pout, key)) {
-					util_fatal("cannot convert EdDSA public key to PEM");
+				if (i2d_PUBKEY_bio(pout, key) < 1) {
+					util_fatal("cannot write public key to output");
 				}
 
 				EVP_PKEY_free(key);
@@ -6642,6 +6638,7 @@ static int read_object(CK_SESSION_HANDLE session)
 	}
 	else
 		value = getVALUE(session, obj, &len);
+
 	if (value == NULL)
 		util_fatal("get CKA_VALUE failed");