Allow management client to announce pss padding support
The --management-external-key option can currently indicate support
for 'nopadding' or 'pkcs1' signatures in the client. Add 'pss' as an
option to announce that PSS signing requests are accepted.
To match, extend the algorithm string in PK_SIGN request to
include the following format:
- RSA_PKCS1_PSS_PADDING,hashalg=name,saltlen=[max|digest]
Here 'name' is the short common name of the hash algorithm.
E.g., SHA1, SHA256 etc.
Existing formats 'ECDSA' and 'RSA_PKCS1_PADDING' are unchanged.
v2 changes: Fix typos and other sloppiness in documentation and
commit message.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <
20211214165928.30676-10-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23430.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>