> https://github.com/selvanair/openvpn/tree/xkey-provider-v2 > <https://github.com/selvanair/openvpn/tree/xkey-provider-v2> > > It should build on linux without errors, though with lots of deprecation > warnings in old files. The executable will work and allow one to test > key loading and some of other internals by running as tls-client with a > normal key in a file -- not inlined key or external key. The key will > get loaded into the provider and treated as opaque and still pass > signature etc.. This is only for testing. See the last commit message > for some details on this.
I won't have time on the weekend to look at it but I will definitively take a look next week. But that sounds very promising. > > Build with --enable debug. Note that the last commit made for testing > will break signing with external keys until callbacks are connected plus > some more. > > I should have a more complete version ready to hook up with > backend callbacks by the end of the weekend. > > I skimmed through your branch. You need keymgmt_load to get the loading > through store to work. As for other ops, implementing > signature_sign_init and sign are not enough -- one needs digest_verify > methods and digest_sign methods as well. This is because ssl-ctx has to > be created in the context of our provider for sign to work, but then all > public key ops also get delegated to us. It took a while for me to sort > that out. > > Unfortunately this provider framework makes us write a metric ton of > glue code code. I noticed ..... > > Please feel free to nit-pick or otherwise-pick on the code. > For the deprecation warnings. The commits are on my working branch as well: https://github.com/schwabe/openvpn/commits/dco Cherry pick the ones with [OSSL 3.0] tag in front of them. They are the commits that remove the deprecations. I currently don't have a dedicated branch for them, sorry. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
