On 11/03/2023 06:24, selva.n...@gmail.com wrote:
From: Selva Nair <selva.n...@gmail.com>
- With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL expects
a DER encoded ASN.1 structure.
Do this conversion as done in cryptoapi.c. For code re-use, ecdsa_bin2sig()
is consolidated with sig to DER conversion as ecdsa_bin2der() and
moved to xkey_helper.c
In the past when we used OpenSSL hooks installed by pkcs11-helper,
such a conversion was not required as it was internally handled by
the library.
Reported by: Tom <open...@sup-logistik.de>
Signed-off-by: Selva Nair <selva.n...@gmail.com>
Just FYI, this report appeared in the bugzilla for the Fedora packaging.
This seems related to this patch.
<https://bugzilla.redhat.com/show_bug.cgi?id=2177834>
I will try to prepare a Fedora build with this patch added, for further
testing.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel