diff options
author | Selva Nair | 2023-03-14 08:21:34 -0400 |
---|---|---|
committer | Gert Doering | 2023-03-15 17:51:37 +0100 |
commit | 1e954cefa0941439ca09598b6131203b975950f8 (patch) | |
tree | 9a36fccefae3ee0b70dd9dbbe892c7b04d897206 /src/openvpn/options.c | |
parent | be7a5640fbce2d3d56bdcee23e3d76ea15a678d1 (diff) | |
download | openvpn-1e954cefa0941439ca09598b6131203b975950f8.zip openvpn-1e954cefa0941439ca09598b6131203b975950f8.tar.gz |
Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form
With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL expects
a DER encoded ASN.1 structure.
Do this conversion as done in cryptoapi.c. For code re-use, ecdsa_bin2sig()
is consolidated with sig to DER conversion as ecdsa_bin2der() and
moved to xkey_helper.c
In the past when we used OpenSSL hooks installed by pkcs11-helper,
such a conversion was not required as it was internally handled by
the library.
Reported by: Tom <openvpn@sup-logistik.de>
Also see: https://bugzilla.redhat.com/show_bug.cgi?id=2177834
Tested-by: Florian Apolloner <florian@apolloner.eu>
Change-Id: Ie20cf81edd643ab8ef3c41321353d11fd66c188c
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20230314122134.1248576-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26406.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit b7cf18f750f2a020032e09b6c4184579896876ee)
Diffstat (limited to 'src/openvpn/options.c')
0 files changed, 0 insertions, 0 deletions