git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Max Fillinger <max@max-fillinger.net>
	Wed, 25 Oct 2023 12:18:30 +0000 (14:18 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 17 Jan 2024 16:50:37 +0000 (17:50 +0100)
commit	2942ef5d405413d990d1fc2fa06976bcdd24742e
tree	906e8c87cd197350483014fcbb8eb1e307996757	tree \| snapshot
parent	62d14fcf253c4ff4055b70c1db947ceae928c776	commit \| diff

Add support for mbedtls 3.X.Y

Most struct fields in mbedtls 3 are private and now need accessor
functions. Most of it was straightforward to adapt, but for two things
there were no accessor functions yet:

* Netscape certificate type
* key usage (you can check key usage, but not get the raw bytes)

I decided to remove Netscape certificate type checks when using OpenVPN
with mbedtls. The key usage bytes were printed in an error message, and
I removed that part from it.

Adding the random number functions to the load private key function may
look weird, but the purpose is to make side channels for elliptic curve
operations harder to exploit.

Change-Id: I445a93e84dc54b865b757038d22318ac427fce96
Signed-off-by: Max Fillinger <max@max-fillinger.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231025121830.1030959-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27295.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit ace7a4f1c271550bb8ad276663e045ab97a46f16)

configure.ac		diff \| blob \| blame \| history
src/openvpn/crypto_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/mbedtls_compat.h	[new file with mode: 0644]	blob
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/ssl_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify_mbedtls.c		diff \| blob \| blame \| history