git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Max Fillinger <max@max-fillinger.net>
	Wed, 25 Oct 2023 12:18:30 +0000 (14:18 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 29 Oct 2023 19:11:17 +0000 (20:11 +0100)
commit	ace7a4f1c271550bb8ad276663e045ab97a46f16
tree	1798cd060f81a91f1fa92acb8cf83280fb656136	tree
parent	5b088913e5854aba4e71f459844a1aa147d82b8a	commit \| diff

Add support for mbedtls 3.X.Y

Most struct fields in mbedtls 3 are private and now need accessor
functions. Most of it was straightforward to adapt, but for two things
there were no accessor functions yet:

* Netscape certificate type
* key usage (you can check key usage, but not get the raw bytes)

I decided to remove Netscape certificate type checks when using OpenVPN
with mbedtls. The key usage bytes were printed in an error message, and
I removed that part from it.

Adding the random number functions to the load private key function may
look weird, but the purpose is to make side channels for elliptic curve
operations harder to exploit.

Change-Id: I445a93e84dc54b865b757038d22318ac427fce96
Signed-off-by: Max Fillinger <max@max-fillinger.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231025121830.1030959-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27295.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

configure.ac		diff \| blob \| blame \| history
src/openvpn/crypto_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/mbedtls_compat.h	[new file with mode: 0644]	blob
src/openvpn/options.c		diff \| blob \| blame \| history
src/openvpn/ssl_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/ssl_verify_mbedtls.c		diff \| blob \| blame \| history