]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cab347) | patch
Handle PSS padding in cryptoapicert
authorSelva Nair <selva.nair@gmail.com>
Wed, 30 Jan 2019 15:53:20 +0000 (10:53 -0500)
committerGert Doering <gert@greenie.muc.de>
Thu, 31 Jan 2019 16:17:39 +0000 (17:17 +0100)
commitce1c1beef1eb9ea776e00861117f72c4a1a6f1f8
tree0edd8c2ff28430034442faf0dbe09dcfc573cd5etree | snapshot
parent0cab3475a83e9bad35b0eeb39b9ca886e6afaf1ecommit | diff
Handle PSS padding in cryptoapicert

For PSS padding, CNG requires the digest to be signed
and the digest algorithm in use, which are not accessible
via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
This patch uses the EVP_KEY interface to hook to
evp_pkey_sign callback if OpenSSL version is > 1.1.0.

To test this code path, both the server and client should
be built with OpenSSL 1.1.1 and use TLS version >= 1.2

Tested on Windows 7 client against a Linux server.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1548863600-491-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18188.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/cryptoapi.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git