From patchwork Sun Jan 7 15:21:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 172 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director1.mail.ord1d.rsapps.net ([172.27.255.8]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id +/ouOOjVUlp3BwAAgoeIoA for ; Sun, 07 Jan 2018 21:22:32 -0500 Received: from proxy18.mail.iad3a.rsapps.net ([172.27.255.8]) by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id r5FbCejVUlo8fAAANGzteQ ; Sun, 07 Jan 2018 21:22:32 -0500 Received: from smtp45.gate.iad3a ([172.27.255.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.iad3a.rsapps.net (Dovecot) with LMTP id S1kgJejVUlo9PwAAon3hFg ; Sun, 07 Jan 2018 21:22:32 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp45.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: c825d1e8-f41a-11e7-b46d-782bcb788684-1-1 Received: from [216.34.181.88] ([216.34.181.88:41440] helo=lists.sourceforge.net) by smtp45.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C7/DD-17039-8E5D25A5; Sun, 07 Jan 2018 21:22:32 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eYN4B-0007bO-Ax; Mon, 08 Jan 2018 02:21:35 +0000 Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eYN4A-0007bI-Es for openvpn-devel@lists.sourceforge.net; Mon, 08 Jan 2018 02:21:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=k3Mvuz5mCrad3BO0F0idW4l8mDOw+f8k9Pn8JHkozKQ=; b=YE85xARdi5aCvq/SDBWKHRad/f uwcuQXew4J1zV+RHT+U3ZvhhAWel6SapazD6sfz5p3kRr++6cGyoLDEEWtNmxQ7IGXyGRo+rX82nV pWAe4gr8xZ7Zuk/wpmGncsJMQfP3hGgDE4yOPc2jjWa15pjFsRqmi+t9UdwaBo+Dbcp8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=k3Mvuz5mCrad3BO0F0idW4l8mDOw+f8k9Pn8JHkozKQ=; b=EZvzzqzeY07gBm3Mf8YjcFWnlb OV8YUNh8/XJjxRb1G6td0ItvEfKCBJLNA5fnH0FqpnKMv6P9m04epdCcqwV4XGj/PQWusLKMLjM3R cG+7FArsHFt0LcFpg5D1Q4DoBTGnvkMoKjGRz5Qg3ztcknMRDI8024RjDWWezKomHUCA=; Received: from mail-it0-f67.google.com ([209.85.214.67]) by sfi-mx-4.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1eYN48-0000NE-JW for openvpn-devel@lists.sourceforge.net; Mon, 08 Jan 2018 02:21:34 +0000 Received: by mail-it0-f67.google.com with SMTP id d137so7655810itc.2 for ; Sun, 07 Jan 2018 18:21:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=k3Mvuz5mCrad3BO0F0idW4l8mDOw+f8k9Pn8JHkozKQ=; b=MAIJWKtennOx3eb5BDNUqe/NpXjzcHXDjkgDFQyHf8SY1mgOHga1JatHNasdh6oQ0U O191vp7qxiP5EvWb7Mhix2jnE+xAXxe8lXYKUiuKY2De2fWVqhN0XqkLFk88V8n59fTZ nK6HSCaeyBdPqmM/KqvSIfZMeEQVvDbb/CzFv7D7Zeqx7GZr4X/s498rL8Mi7NuvmQCB gPTKhQGMkBaUq/NKjgZqiXkWYXSh6oVb07ipG5poPEF2whIbfb3wm+T0jtF3k3qc7DjY qpt8MGJxeLkefivDgvvczqeRF0hmf/zCHXCWAJRIPMGJuwXu45Png30stwZWBy3975GB wxCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=k3Mvuz5mCrad3BO0F0idW4l8mDOw+f8k9Pn8JHkozKQ=; b=LBGw9iCbn7SHaSjrSed8HJCmOvEnfzq/k2SMHRHwxsICf9W7smgmsKh1Iiw9eBj8rW DxeWNzbOKcBaGTkiOPDKQOxwDyC97pxfMsEPbqZjPF4flYF5S5kL+xPBOC3zZOQfrMDu c57PPXbraRWzNo7rR1GvNWogYAQs+Vtez1s4y0FsfbrgMW0brpsRUHY9lc3gCNw1j3tl BrslSKk15xovCpr7oFYB00cEZlVWzVFOdAm2udP7Jhta2qeUh94fyh3AxeJBLDCau77f s7RtAkxuQIyRpzwR3lab97FHBK7kg63AzvOtJBIBZjRE+mzC18Unvw13ifkegSYt2Jvi f0aQ== X-Gm-Message-State: AKGB3mJ+PAmUIR/teQq0w8ovkE+5JPBjYvHNjSMB71w/pldLwJS2OLWr xyAD3tKTqFF35eM1BnNBZMYidyaG X-Google-Smtp-Source: ACJfBouLwmRbMG07D75xiXZZpv9JxHbAQtSWkkWRGewVRpcJBR+0stFNIPpITebpy5x77c+nXCkbSQ== X-Received: by 10.36.111.20 with SMTP id x20mr9593138itb.99.1515378087093; Sun, 07 Jan 2018 18:21:27 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id 202sm6312959ioz.84.2018.01.07.18.21.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 07 Jan 2018 18:21:26 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 7 Jan 2018 21:21:14 -0500 Message-Id: <1515378076-5774-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.214.67 listed in list.dnswl.org] X-Headers-End: 1eYN48-0000NE-JW Subject: [Openvpn-devel] [PATCH 0/2] Make cryptoapicert work with TLS 1.2 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair Hi, I am not sure how receptive the crypto maintaineres are to the idea of adding more code into cryptoapi.c, but here goes: I've been wanting to add TLS 1.2 support for certs in the Windows cert store using management external key. But that's a lot more work than extending cryptoapicert support. And, rather surprsingly, it turns out that the CNG API for signing is easy to use (well after some groping in the dark..) and doesn't take much to implement. So these patches.. The first patch is not really related and to make the existing code "openssl-1.1 ready" (missed by past patches as no one probably builds Windows binary with 1.1..). The second patch is not dependent on this, but close-by code paths are touched by both. Selva Selva Nair (2): Bring cryptoapi.c upto speed with openssl 1.1 TLS v1.2 support for cryptoapicert -- RSA only configure.ac | 1 + src/openvpn/Makefile.am | 2 +- src/openvpn/cryptoapi.c | 155 ++++++++++++++++++++++++++++++++++--------- src/openvpn/openssl_compat.h | 14 ++++ src/openvpn/options.c | 18 ----- 5 files changed, 140 insertions(+), 50 deletions(-)