On Sun, Jul 28, 2019 at 4:34 PM <selva.n...@gmail.com> wrote:
> From: Selva Nair <selva.n...@gmail.com>
> For PSS padding, CNG requires the digest to be signed
> and the digest algorithm in use, which are not accessible
> via the rsa_sign and rsa_priv_enc callbacks of OpenSSL.
> This patch uses the EVP_KEY interface to hook to
> evp_pkey_sign callback if OpenSSL version is > 1.1.0.
> Mapping of OpenSSL hash algorithm types to CNG is moved
> to a function for code-reuse.
> To test, both the server and client should be built with
> OpenSSL 1.1.1 and use TLS version >= 1.2
> Tested on Windows 7 client against a Linux server.
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
> v2: rebased to release/2.4 after siglen -> *siglen change

As this is required for cryptoapicert +  OpenSSL 1.1.1,
nudging for a review and have it included in the next release.

We have already merged this into git master, but the patch here
is slightly different because of context differences and code
refactorings in 2.5.



Openvpn-devel mailing list

Reply via email to