git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Selva Nair <selva.nair@gmail.com>
	Tue, 14 Dec 2021 16:59:21 +0000 (11:59 -0500)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 20 Jan 2022 16:17:36 +0000 (17:17 +0100)
commit	0f6781fa3639d05ce1afb83a45c3bb12c6f97f1b
tree	c8509915d98e11fdaa1cef7cb8f828b9cdf527d7	tree
parent	43de9f547d70cab2eb3e4478bf975e139ad966f7	commit \| diff

Support sending DigestSign request to management client

To receive undigested message for signing, indicate support
for handling message digesting in the client using an argument
"digest" to --management-external-key.

For example, to announce pkcs1 padding and digesting support use:

--management-external-key pkcs1 pss digest

In PK_SIGN, the algorithm string will get data=message
in addition to other relevant options.

Note that it is not guaranteed that the client will be prompted
with undigested message. This is possible only when OpenSSL
calls our provider for DigestSign() as opposed to Sign(). In
practice, signature operation always appears to result in
a DigestSign() call through the provider interface.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20211214165928.30676-12-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23435.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/manage.h		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/xkey_helper.c		diff \| blob \| blame \| history