Re: [Openvpn-devel] [PATCH v2] Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded fo

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Am 14.03.23 um 13:21 schrieb sel...@gm...:
> From: Selva Nair <sel...@gm...>
> 
> - With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
>    which returns EC signature as raw r|s concatenated. But OpenSSL expects
>    a DER encoded ASN.1 structure.
> 
>    Do this conversion as done in cryptoapi.c. For code re-use, ecdsa_bin2sig()
>    is consolidated with sig to DER conversion as ecdsa_bin2der() and
>    moved to xkey_helper.c
> 
>    In the past when we used OpenSSL hooks installed by pkcs11-helper,
>    such a conversion was not required as it was internally handled by
>    the library.

Even though the commit is quite long, it is mostly moving the 
ecdsa_bin2der function into xkey_helper.c. While I have not tested it 
myself the code changes make sense and look good and we got a positive 
test report.

Acked-By: Arne Schwabe <ar...@rf...>

Re: [Openvpn-devel] [PATCH v2] Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded fo

Robust and flexible VPN network tunnelling

Re: [Openvpn-devel] [PATCH v2] Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form