git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Mon, 16 May 2022 10:48:07 +0000 (12:48 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 22 May 2022 15:24:09 +0000 (17:24 +0200)
commit	c0323aa63d638ee72eb73fcf2a6983b568f952f9
tree	66d6a2e92940a7e2c808edb726692a616fd1f8d8	tree
parent	d78c2a73a8f631f082ec03bb21b329d3e6fd00dd	commit \| diff

Implement ED448 and ED25519 support in xkey_provider

OpenSSL's implementation of ED448 and ED25519 has a few idiosyncrasies.
Instead of belonging to the elliptic curve type or to a common Edwards
curve type, ED448 and ED25519 have each their own type.

Also, OpenSSL expects signatures using these curves to be done with the
EVP_DigestSign API instead of the EVP_Sign API but using md=NULL.

This has been tested using a "fake" external key that used a normal
software key instead of a hardware implementation but that makes no
difference from the perspective of xkey_provider/management interface.

Patch v2: remove name functions from ed448/ed25519, ensure md is NULL
for ed448/ed25519 and handle NULL/none better in general.
Patch v3: do not pass NULL as string for the OSSL params.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20220516104807.2568937-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24363.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/xkey_common.h		diff \| blob \| blame \| history
src/openvpn/xkey_helper.c		diff \| blob \| blame \| history
src/openvpn/xkey_provider.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_provider.c		diff \| blob \| blame \| history