I am working to upgrade TLS version form 1.0 to 1.2 for existing windows/Win CE application. Right now my application is using Openssl 0.9.8k(supports TLS 1.0). To upgrade TLS version I am using Openssl-1.0.2p(supports TLS 1.2). I was signing data using MD5-SHA1 similar to steps followed in MD5-SHA1 hash using CryptoAPI (my requirement was same as this)
- Created hash using Certificate key handle provider and use CALG_SSL3_SHAMD5 algorithm.
- Using CryptSetHashParam, I set the initial hash value
- Signed the hash using CryptSignHash.
- After that, reverse the bytes order (as OpenSSL signature is Big endian mentioned.
But TLS 1.2 has to sign hash using RSA-SHA256. How can I achieve using Crypto APIs?
I have tried to Created hash using Certificate key handle provider and use CALG_SHA_256 algorithm instead of CALG_SSL3_SHAMD5. But Certificate verification failed at server with error as "Bad Signature".
I have been surfing MSDN pages and I assuming that CNG APIs can do my Job for Windows 7 OS. If it is true, How can I achieve? Also I am not seeing CNG equivalent APIs in Windows CE, How can I achieve in Windows CE?
Thanks.
