Merging release/3.5.5 into master

deps/lib-versions

@@ -4,8 +4,8 @@ export ASIO_CSUM=bdb01a649c24d73ca4a836662e7af442d935313ed6deef6b07f17f3bc5f78d7
 export LZ4_VERSION=lz4-1.8.3
 export LZ4_CSUM=33af5936ac06536805f9745e0b6d61da606a1f8b4cc5c04dd3cbaca3b9b4fc43
 
-export MBEDTLS_VERSION=mbedtls-2.7.12
+export MBEDTLS_VERSION=mbedtls-2.7.13
-export MBEDTLS_CSUM=d3a36dbc9f607747daa6875c1ab2e41f49eff5fc99d3436b4f3ac90c89f3c143
+export MBEDTLS_CSUM=6772fe21c7755dc513920e84adec629d39188b6451542ebaece428f0eba655c9
 
 export JSONCPP_VERSION=1.8.4
 export JSONCPP_CSUM=c49deac9e0933bcb7044f08516861a2d560988540b23de2ac1ad443b219afdb6
@@ -19,6 +19,7 @@ export CITYHASH_CSUM=f70368facd15735dffc77fe2b27ab505bfdd05be5e9166d94149a8744c2
 export LZO_VERSION=lzo-2.10
 export LZO_CSUM=c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072
 
-export OPENSSL_VERSION=openssl-1.1.1d
+export OPENSSL_VERSION=openssl-1.1.1g
-export OPENSSL_CSUM=1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
+export OPENSSL_CSUM=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
+
 

deps/openssl/build-openssl

@@ -38,7 +38,7 @@ fi
 # source helper functions
 . $O3/core/deps/functions.sh
 
-FNAME=openssl-${OPNESSL_VERSION}.tar.gz
+FNAME=openssl-${OPENSSL_VERSION}.tar.gz
 URL=https://www.openssl.org/source/${OPENSSL_VERSION}.tar.gz
 CSUM=${OPENSSL_CSUM}
 

openvpn/error/error.hpp

@@ -61,6 +61,9 @@ namespace openvpn {
       UDP_CONNECT_ERROR,   // client error on UDP connect
       SSL_ERROR,           // errors resulting from read/write on SSL object
       SSL_PARTIAL_WRITE,   // SSL object did not process all written cleartext
+      SSL_CA_MD_TOO_WEAK,  // CA message digest is too weak
+      SSL_CA_KEY_TOO_SMALL, // CA key is too small
+      SSL_DH_KEY_TOO_SMALL, // DH key is too small
       ENCAPSULATION_ERROR, // exceptions thrown during packet encapsulation
       EPKI_CERT_ERROR,     // error obtaining certificate from External PKI provider
       EPKI_SIGN_ERROR,     // error obtaining RSA signature from External PKI provider
@@ -139,6 +142,9 @@ namespace openvpn {
 	"UDP_CONNECT_ERROR",
 	"SSL_ERROR",
 	"SSL_PARTIAL_WRITE",
+	"SSL_CA_MD_TOO_WEAK",
+	"SSL_CA_KEY_TOO_SMALL",
+	"SSL_DH_KEY_TOO_SMALL",
 	"ENCAPSULATION_ERROR",
 	"EPKI_CERT_ERROR",
 	"EPKI_SIGN_ERROR",

openvpn/http/reply.hpp

@@ -245,7 +245,12 @@ namespace openvpn {
 		return fail;
 	      }
 	  case status_text_start:
-	    if (!Util::is_char(input) || Util::is_ctl(input) || Util::is_tspecial(input))
+	    if (input == '\r')
+	      {
+		state_ = expecting_newline_1;
+		return pending;
+	      }
+	    else if (!Util::is_char(input) || Util::is_ctl(input) || Util::is_tspecial(input))
 	      {
 		return fail;
 	      }

openvpn/openssl/util/error.hpp

@@ -144,6 +144,18 @@ namespace openvpn {
 	    case SSL_R_UNSUPPORTED_PROTOCOL:
 	      set_code(Error::TLS_VERSION_MIN, true);
 	      break;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+            // These error codes are not available in older OpenSSL versions
+	    case SSL_R_CA_MD_TOO_WEAK:
+	      set_code(Error::SSL_CA_MD_TOO_WEAK, true);
+	      break;
+	    case SSL_R_CA_KEY_TOO_SMALL:
+	      set_code(Error::SSL_CA_KEY_TOO_SMALL, true);
+	      break;
+#endif // OpenSSL >= 1.1.0
+	    case SSL_R_DH_KEY_TOO_SMALL:
+	      set_code(Error::SSL_DH_KEY_TOO_SMALL, true);
+	      break;
 	    }
 	}
       errtxt = tmp.str();

openvpn/tun/win/tunutil.hpp

@@ -293,15 +293,16 @@ namespace openvpn {
 		  continue;
 
 		wchar_t wbuf[256] = L"";
+		DWORD cbwbuf = sizeof(wbuf);
 		status = ::RegQueryValueExW(connection_key(),
 					    L"Name",
 					    nullptr,
 					    &data_type,
 					    (LPBYTE)wbuf,
-					    &len);
+					    &cbwbuf);
 		if (status != ERROR_SUCCESS || data_type != REG_SZ)
 		  continue;
-		wbuf[(sizeof(wbuf) / sizeof(wchar_t)) - 1] = L'\0';
+		wbuf[(cbwbuf / sizeof(wchar_t)) - 1] = L'\0';
 
 		// iterate through self and try to patch the name
 		{