From patchwork Sat Oct 28 01:02:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: James Bottomley X-Patchwork-Id: 36 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director3.mail.ord1d.rsapps.net ([172.27.255.57]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id pVDeCwty9FlGQgAAgoeIoA for ; Sat, 28 Oct 2017 08:03:23 -0400 Received: from proxy5.mail.iad3a.rsapps.net ([172.27.255.57]) by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id C+J7AQty9Fn2FAAAkXNnRw ; Sat, 28 Oct 2017 08:03:23 -0400 Received: from smtp17.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3a.rsapps.net (Dovecot) with LMTP id iglJAgty9FlfagAAhn5joQ ; Sat, 28 Oct 2017 08:03:23 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-298-1014-1226-w 0-298-1014-1590-w 0-298-0-8148-f X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=dcrC5jfe c=1 sm=1 tr=0 a=Q8DxjiC8O3VT/NpP1XjEZQ==:117 a=Q8DxjiC8O3VT/NpP1XjEZQ==:17 a=IkcTkHD0fZMA:10 a=02M-m0pO-4AA:10 a=WiVod9pSvdkA:10 a=9sSjY8p1AAAA:8 a=P_JWiMecAAAA:8 a=FP58Ms26AAAA:8 a=STSNKfGYiuRqFQAWmTQA:9 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=ub54wNWiXv_DzeFsgEJW:22 a=D0-HAvA3Hk9NMREbgwuX:22 X-Orig-To: justin@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp17.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=hansenpartnership.com; dmarc=fail (p=none; dis=none) header.from=hansenpartnership.com X-Classification-ID: fd889a30-bbd7-11e7-ae9a-bc305bf5997c-1-1 Received: from [216.34.181.88] ([216.34.181.88:22690] helo=lists.sourceforge.net) by smtp17.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 34/11-00882-80274F95; Sat, 28 Oct 2017 08:03:20 -0400 Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1e8Pp4-0007Ng-Fw; Sat, 28 Oct 2017 12:02:42 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1e8Pp3-0007NW-7w for openvpn-devel@lists.sourceforge.net; Sat, 28 Oct 2017 12:02:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Mime-Version:Content-Type:Date:To:From:Subject:Message-ID; bh=sCSQRdSfuMAYKBeAB2gU16iSOeB/h5rX106QY3rsrTA=; b=Nu+om7DterZ0Ek9GHLEcIzABS9lhm6s4LjWThM6yC1pzjz0XbRXEhepBlzF1dpQXrRELleT2UO4WtvVJ2zkz4rQ8qXY7AIC6JFmQJ6c22Ss7sLcbHk6RUA3LOEJesTQXsJ8VkCjUVXV9SWB95xpBZUEZnbN0xfh0IqhaTNJyaLk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=Content-Transfer-Encoding:Mime-Version:Content-Type:Date:To:From:Subject:Message-ID; bh=sCSQRdSfuMAYKBeAB2gU16iSOeB/h5rX106QY3rsrTA=; b=El54O69bpc591px8rXJcS4zoNET6U79AcA/0alwQQ/UVp/H6BfkV1f1bl0eR86KS8/m6XQZ0Me5stldj4E0iSYjGCgpFIT2VeYDAwkYamriGIIzl20IHPjbImAQc7UoBXs5729P9G0IaoirPOCZTrAijB3Et248Jawf4k2Hmlr8=; Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of HansenPartnership.com designates 66.63.167.143 as permitted sender) client-ip=66.63.167.143; envelope-from=James.Bottomley@HansenPartnership.com; helo=bedivere.hansenpartnership.com; Received: from bedivere.hansenpartnership.com ([66.63.167.143]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1e8Pp2-0006tj-2C for openvpn-devel@lists.sourceforge.net; Sat, 28 Oct 2017 12:02:41 +0000 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 422538EE151 for ; Sat, 28 Oct 2017 05:02:32 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esZequxM5lE1 for ; Sat, 28 Oct 2017 05:02:32 -0700 (PDT) Received: from [192.168.1.74] (host86-167-222-165.range86-167.btcentralplus.com [86.167.222.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 757D38EE0BF for ; Sat, 28 Oct 2017 05:02:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1509192152; bh=zDcM2PyjR74DwmIYuWV0h/RX/crxik18M0v+XliQaYg=; h=Subject:From:To:Date:From; b=U6QL06m+dwdKCH5TrwZGuqReQhdTEOk215MKT43MiWQRxQfS3XvXz+8Pul4xmDSXK NjBmlM3KOyAvlaAKNtIDThArLUJeCiFV/MfNHjbk+eMfhpolPN9PvNtjZ62T3xc/7Y /R/fj9k4EjhlOqa6xKI4V5zwFRgG0QbTpdvSs7dI= Message-ID: <1509192147.3021.6.camel@HansenPartnership.com> From: James Bottomley To: openvpn-devel@lists.sourceforge.net Date: Sat, 28 Oct 2017 13:02:27 +0100 X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid X-Headers-End: 1e8Pp2-0006tj-2C Subject: [Openvpn-devel] [PATCH 0/1] add engine keys keys X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Engine keys are an openssl concept for a key file which can only be understood by an engine (usually because it's been wrapped by the engine itself).  We use this for TPM engine keys, so you can either generate them within your TPM or wrap them from existing private keys.  Once wrapped, the keys will only function in the TPM that generated them, so it means the VPN keys are tied to the physical platform, which is very useful.  Engine keys have to be loaded via a specific callback, so use this as a fallback in openvpn if an engine is specified and if the PEM read of the private key fails. James --- James Bottomley (1):   openssl: add engine method for loading the key  src/openvpn/crypto_backend.h | 13 ++++++++++++  src/openvpn/crypto_openssl.c | 49 ++++++++++++++++++++++++++++++++++++++++++++  src/openvpn/ssl_openssl.c    |  6 +++++-  3 files changed, 67 insertions(+), 1 deletion(-) --  2.12.3 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot