| Message ID | 1515959073-10376-1-git-send-email-selva.nair@gmail.com |
|---|---|
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director4.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id S7FTIVSzW1oDOAAAgoeIoA for <patchwork@openvpn.net>; Sun, 14 Jan 2018 14:45:24 -0500 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id A+I4IVSzW1qQbgAAHDmxtw ; Sun, 14 Jan 2018 14:45:24 -0500 Received: from smtp33.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net (Dovecot) with LMTP id qnqkH1SzW1r2KAAA7WKfLA ; Sun, 14 Jan 2018 14:45:24 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp33.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: 767a1dec-f963-11e7-ade5-525400041ef2-1-1 Received: from [216.34.181.88] ([216.34.181.88:7952] helo=lists.sourceforge.net) by smtp33.gate.ord1d.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 50/8B-11456-453BB5A5; Sun, 14 Jan 2018 14:45:24 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1eaoD2-0005Dd-09; Sun, 14 Jan 2018 19:44:48 +0000 Received: from sfi-mx-1.v28.ch3.sourceforge.com ([172.29.28.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <selva.nair@gmail.com>) id 1eaoD0-0005DX-P8 for openvpn-devel@lists.sourceforge.net; Sun, 14 Jan 2018 19:44:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yBKzRMfFe9kMl4xf+8fca5Bnt9rNTtqF6lsqzJdZFiw=; b=VcfIzCiB3VqdtKnN+H7oqug1Sy OHTLbEgH9rQSF4DSSRSYEHr7vfJNPobZYYHr/k+grP77UCFotaOGZ56YveVlIQftZYCX5j8rX97cP xlFy/XyYmsUHZiagF+P5BefFrUnr/x3fmxCcomjQWXyWHqV+DAKR9NwTaiKOnEo+PrdA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yBKzRMfFe9kMl4xf+8fca5Bnt9rNTtqF6lsqzJdZFiw=; b=esV2q80+8srDZ9tATum3Vi6z6n v+F4xl4ZBkxVeLUKn6qVz8sfl9fNECgskUMRXXp73u/jH+td398aZXt4FZgvBrAVoPLcyIbw4qN1c viqqoZtoKmUFy4IT9avz5S6uS0CUpLzC8l6AKJgFhBL4sSvKkJupRKQrXvq1iPovIthg=; Received: from mail-it0-f66.google.com ([209.85.214.66]) by sfi-mx-1.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1eaoCx-0006Vt-9g for openvpn-devel@lists.sourceforge.net; Sun, 14 Jan 2018 19:44:46 +0000 Received: by mail-it0-f66.google.com with SMTP id f190so14733572ita.5 for <openvpn-devel@lists.sourceforge.net>; Sun, 14 Jan 2018 11:44:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=yBKzRMfFe9kMl4xf+8fca5Bnt9rNTtqF6lsqzJdZFiw=; b=lrX02RMHkqPOMU8iRdolfFHH0P1Ts6YmD2mNX35ioxngjq64oXFmEonL9d0X6NrEPn sXgiXqXKRgg8ITIxSMkYkZ2lT84bzsIBFTBS0x644tb2mCN10MfsSyoIEhksuYciJ2BN eo3cfMQZPK7t3B7ACrjPzKRvE5fWSITaNhLu3op5yQq9Rj1I6bwRfdFe/LSBilA7n7LZ BVJY7X8FTBwkWZUOF5yCvIY91Zkdti+UaYbsb0NVJwZT6QkvmYARMz6SnOJQmvVkWwa+ g9Vs9YOKDzQ/61EBukf1ivcZKMJdcMlf6QeRWQtO8CS9wNY8BWPi81SWeBGG9b1W2Xx1 3omg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=yBKzRMfFe9kMl4xf+8fca5Bnt9rNTtqF6lsqzJdZFiw=; b=o7R8nQTSITl8kdK6OotDd6YdDWsO73YvCUpDqrprQ1AaVvXKJKxFzsAeZU1f4iEvrz jyFazVKhXEu2cM+Z/ww3BKP8T83WcOZM8qIX9P4Rk0pWu/5c9Ogh0HhTTCFH2GADs0Ji pV+WrSbfjFAWgqvlqymWIHbaJrvHd2pL7c+IrSg4xJS8gAS4kz+sFxIGbZhSzLtm8qDj 0muCRrBfWHq4uRG5on4fQ936UactnI/pmvP88s2fvmNmNoamJsfwtBQ48j40iyZerjjm wlRY9Cy/gl11Z28XZ8BaFgz5wnou9r2cR8f+/bfRXFsty2hSRPkeDTiN04SX+5HzLXve u2Lg== X-Gm-Message-State: AKwxytdGeuQtSdoC/xJQVvWq6cjySKPNBZ9vIV9cF1T23Tug+b6ark3C Ggh7anOaVB+0mFL+WMCtTmPBDPsK X-Google-Smtp-Source: ACJfBot2SEGHHT7wZmN4zi6BGaxXMmlA45XinpHjfRFk+xveBqjsdf9rVbyethtIulfNi4cypTiAtQ== X-Received: by 10.36.86.20 with SMTP id o20mr7952348itb.53.1515959077813; Sun, 14 Jan 2018 11:44:37 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id y64sm15244286ioy.25.2018.01.14.11.44.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 14 Jan 2018 11:44:37 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 14 Jan 2018 14:44:30 -0500 Message-Id: <1515959073-10376-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.214.66 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1eaoCx-0006Vt-9g Subject: [Openvpn-devel] [PATCH 0/3] Support external EC cert/key using --management-external-xxx X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
Support external EC cert/key using --management-external-xxx
|
expand
|
From: Selva Nair <selva.nair@gmail.com> Hi, For now this is only for openssl 1.1.0+. With some ifdefs and compat functions could be back ported to 1.0.2. For 1.0.1 hacks like duplicating internal ECDSA_METHOD struct or linking to internal headers appears to be required. Not interesting unless there is a strong demand. For mbedtls I've no idea how to hook into the ecdsa signing methods. Tested on linux/openssl-1.1.0g by manually passing the signature to management, with signature generated on command line by 'echo $rsa_sig_cut_n_paste | base64 -d | openssl pkeyutl -inkey keyfile | base64' Doing something similar for cryptoapicert is in the works (actually that was the objective, but this was obviously easier to test, lather, rinse) Selva Selva Nair (3): Refactor ssl_openssl.c in prep for external EC key support Allow external EC key through --management-external-key Document management request >ECDSA_SIGN and response ecdsa-sig doc/management-notes.txt | 30 ++++++ src/openvpn/manage.c | 30 ++++++ src/openvpn/manage.h | 3 + src/openvpn/ssl_openssl.c | 234 +++++++++++++++++++++++++++++++++++++++++----- 4 files changed, 273 insertions(+), 24 deletions(-)