git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Fri, 9 Feb 2024 11:06:29 +0000 (12:06 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 9 Feb 2024 16:36:40 +0000 (17:36 +0100)
commit	7435114d9a979611dfe5ab751c213900cc1773e8
tree	2cccfad3798368fbfc54d6de24a117c32e703ec2	tree \| snapshot
parent	b431721eb1b676f8e1a1cbcf233507d2dd29f846	commit \| diff

Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

OpenSSL 3.0 introduced a new API for doing key derivation. So this leaves
us now with three different implementation for 1.0.2, 1.1.x and 3.x.

This was initially done to maybe still have a working TLS 1.0 PRF when
using OpenSSL 3.0 in FIPS but it gives the same error as with the older API.
But since moving to a new API is always good, we use the new API when using
OpenSSL 3.0. We also print the internal OpenSSL error message when
the KDF fails.

This also allows us now to compile an OpenSSL build that has been built with
OPENSSL_NO_MD5. Which is not yet common but might be in the future.

Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240209110629.15364-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28203.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>