git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Tue, 14 Dec 2021 16:59:19 +0000 (11:59 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 20 Jan 2022 15:29:45 +0000 (16:29 +0100)
commit	a04e3ac04740129bc1574fa3f1a67fdad942ff14
tree	b9513beb96578b4c79ca15ee16ba3a0cec44e316	tree \| snapshot
parent	cf704eef472515e3d6469bd5377065a1378eb5c2	commit \| diff

Allow management client to announce pss padding support

The --management-external-key option can currently indicate support
for 'nopadding' or 'pkcs1' signatures in the client. Add 'pss' as an
option to announce that PSS signing requests are accepted.

To match, extend the algorithm string in PK_SIGN request to
include the following format:

- RSA_PKCS1_PSS_PADDING,hashalg=name,saltlen=[max|digest]

Here 'name' is the short common name of the hash algorithm.
E.g., SHA1, SHA256 etc.

Existing formats 'ECDSA' and 'RSA_PKCS1_PADDING' are unchanged.

v2 changes: Fix typos and other sloppiness in documentation and
commit message.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20211214165928.30676-10-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

doc/man-sections/management-options.rst		diff \| blob \| blame \| history
doc/management-notes.txt		diff \| blob \| blame \| history
src/openvpn/manage.h		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history