@@ -90,9 +90,15 @@ server and client mode operations.
management-external-key
management-external-key nopadding
management-external-key pkcs1
+ management-external-key pss
+
+ or any combination like:
+ ::
+
management-external-key nopadding pkcs1
+ management-external-key pkcs1 pss
- The optional parameters :code:`nopadding` and :code:`pkcs1` signal
+ The optional parameters :code:`nopadding` :code:`pkcs1` and :code:`pss` signal
support for different padding algorithms. See
:code:`doc/mangement-notes.txt` for a complete description of this
feature.
@@ -1019,10 +1019,24 @@ can be indicated in the signing request only if the client version is > 2"
The currently defined padding algorithms are:
- - RSA_PKCS1_PADDING - PKCS1 padding and RSA signature
- - RSA_NO_PADDING - No padding may be added for the signature
- - ECDSA - EC signature.
-
+ - RSA_PKCS1_PADDING - PKCS1 padding and RSA signature
+ - RSA_NO_PADDING - No padding may be added for the signature
+ - ECDSA - EC signature.
+ - RSA_PKCS1_PSS_PADDING,params - RSA signature with PSS padding
+
+ The params for PSS are specified as 'hashalg=name,saltlen=[max|digest]'.
+
+ The hashalg names are short common names such as SHA256, SHA224, etc.
+ PSS saltlen="digest" means use the same size as the hash to sign, while
+ "max" indicates maximum possible saltlen which is
+ '(nbits-1)/8 - hlen - 2'. Here 'nbits' is the number of bits in the
+ key modulus and 'hlen' the size in octets of the hash.
+ (See: RFC 8017 sec 8.1.1 and 9.1.1)
+
+ In the case of PKCS1_PADDING, when the hash algorithm is not legacy
+ MD5-SHA1, the hash is encoded with DigestInfo header before presenting
+ to the management interface. This is identical to CKM_RSA_PKCS in Cryptoki
+ as well as what RSA_private_encrypt() in OpenSSL expects.
COMMAND -- certificate (OpenVPN 2.4 or higher)
----------------------------------------------
@@ -339,6 +339,7 @@ struct management *management_init(void);
#define MF_QUERY_REMOTE (1<<13)
#define MF_QUERY_PROXY (1<<14)
#define MF_EXTERNAL_CERT (1<<15)
+#define MF_EXTERNAL_KEY_PSSPAD (1<<16)
bool management_open(struct management *man,
const char *addr,
@@ -60,6 +60,7 @@
#include "forward.h"
#include "ssl_verify.h"
#include "platform.h"
+#include "xkey_common.h"
#include <ctype.h>
#include "memdbg.h"
@@ -2207,14 +2208,14 @@ options_postprocess_verify_ce(const struct options *options,
#endif /* ifdef ENABLE_MANAGEMENT */
-#if defined(ENABLE_MANAGEMENT)
+#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
if ((tls_version_max() >= TLS_VER_1_3)
&& (options->management_flags & MF_EXTERNAL_KEY)
&& !(options->management_flags & (MF_EXTERNAL_KEY_NOPADDING))
)
{
- msg(M_ERR, "management-external-key with OpenSSL 1.1.1 requires "
- "the nopadding argument/support");
+ msg(M_FATAL, "management-external-key with TLS 1.3 or later requires "
+ "nopadding argument/support");
}
#endif
/*
@@ -5571,6 +5572,10 @@ add_option(struct options *options,
{
options->management_flags |= MF_EXTERNAL_KEY_PKCS1PAD;
}
+ else if (streq(p[j], "pss"))
+ {
+ options->management_flags |= MF_EXTERNAL_KEY_PSSPAD;
+ }
else
{
msg(msglevel, "Unknown management-external-key flag: %s", p[j]);