git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Sun, 28 Jul 2019 20:34:21 +0000 (16:34 -0400)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 23 Sep 2019 18:11:19 +0000 (20:11 +0200)
commit	1ed687e72cc1cc46ed1f5f8d9d825db6693e4b3e
tree	886150af2ef4dbc10ebe08f698336e3f13f41d7b	tree \| snapshot
parent	c8823f7b09c3a6a2101b54763ac2ef146d372328	commit \| diff

Handle PSS padding in cryptoapicert

For PSS padding, CNG requires the digest to be signed
and the digest algorithm in use, which are not accessible
via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
This patch uses the EVP_KEY interface to hook to
evp_pkey_sign callback if OpenSSL version is > 1.1.0.

Mapping of OpenSSL hash algorithm types to CNG is moved
to a function for code-reuse.

To test, both the server and client should be built with
OpenSSL 1.1.1 and use TLS version >= 1.2

Tested on Windows 7 client against a Linux server.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1564346061-5683-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18715.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>