mbedtls clearly don't want to apply this patch. So
affected users will need to find other solutions.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
We're specifically interested in the fix for the unit tests.
("Update test data to avoid failures of unit tests after
2023-08-07")
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
lz4 and mbedtls are currently the only deps
that are built for linux (asio and xxHash
are only copied, not built).
If LTO flag is specified (which is a variable
already supported by scrips/build) and target
is linux then enable -flto but allow to
speficy a random-seed to allow reproducibility.
This code was originally used in the Connect clients to allow PKIs that
use the (not commonly used) Name constraints feature. This is a
potential security risk but was done to allow PKIs that used that
feature. OpenSSL natively supports Name constraints and will check these.
Remove this hacky feature as feature as it also breaks compiling with
an unpatched mbed TLS and is not used by code anymore.
Mbedtls 2.7.5 included a bugfix (e08754762d) that ASM code in bn_mul.h
was only enabled with -O0 instead of not enabling it with -O0
unfortenately the old gcc version (4.9.x) we use for our Android
build does not handle this. Fall back to not using ASM code on the
gcc/Android combination.
Update dep on mbedTLS to latest maintenance release
of the 2.7 branch.
Mst of our private patches are now upstream and can
be removed.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
When 'git apply' is run inside repository folder, it ignores files
missing in index. To make it work, run 'git apply' outside of repository.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
At the same time rebase patches on top of ne wversion
and get rid of fixes that have been merged upstream.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Backport patches from mbedTLS-2.7.0 to address the CVE
in the subject:
28a0c727 RSA: Fix buffer overflow in PSS signature verification
6a54b024 RSA: Fix another buffer overflow in PSS signature verification
139108af RSA PSS: fix minimum length check for keys of size 8N+1
b00b0da4 RSA PSS: fix first byte check for keys of size 8N+1
91048a3a RSA PSS: remove redundant check; changelog
This bug can be exploited by sending a malicious certificate
chain signed using RSASSA-PSS.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
mbedTLS commit 8873bcc4def433aa0edfbe260083f32f04aa097e
Timing self test: increased duration
Increase the duration of the self test, otherwise it tends to fail on
a busy machine even with the recently upped tolerance. But run the
loop only once, it's enough for a simple smoke test.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This will ensure that mbedtls is still passing all its
unit test before building it.
It is important to run the checks because we backport patches
on our own and they may break during the process.
Checks are perfomed only when building for linux or for osx.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Please check the commit messages of the new patches for a better
description.
In a nutshell, this change allows mbedTLS to properly decrypt
keys created by OpenSSL using PKCS#5v2 with PRF different from
SHA1.
This change also add their related unit-tests.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
With this change a dep build script will now download
the related tarball automatically if not already present.
This way, we ensure that the core is built with the dep
package version specified in lib-versions.
After finding or downloading a tarball, its checksum is
computed and compared with the one in lib-versions to
ensure that the file is the expected one.
This logic has been applied to asio, mbedtls and lz4.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
some CA provides certificates that do not fully follow
the RFC in terms of date format.
This patch relaxes the constrains in mbedTLS so that also
not sully compliant certificates can be accepted.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This patch builds on work by David Sommerseth <davids@openvpn.net>
to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which
has significant differences in some areas.
- Strings containing keys, certificates, CRLs, and DH parameters
need to be NULL-terminated and the length argument provided to
the corresponding mbedtls parse function must be able to read
the NULL-terminator. These places have been modified with a
'+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp,
pkctx.hpp).
- The SSL context object has been split up in mbedtls-2.3
Now many of the SSL configurations are done in a separate
SSL config object, which is added to the SSL context once
configured. In addition private/public keys are now stored
in a separate pk_context, which is later on attached to the
SSL context. Due to this, many of the calls setting either
SSL configuration parameters or working with pk_contexts have
been refactored. (sslctx.hpp)
- The older API loading the CA chain took a hostname argument.
The new API requires mbedtls_ssl_set_hostname() explicitly to
be called setting hostname. Some refactoring was needed here
too (sslctx.hpp).
- x509_oid_get_description() is now replaced by
mbedtls_oid_get_extended_key_usage().
- when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return
value was changed so that a return value of 0 now means equal
rather than not-equal.
- mbedtls/platform.h must be loaded before any other mbedtls
include files (sslchoose.hpp).
- All functions and macros related to mbedTLS are now prefixed
with mbedtls_/MBEDTLS_
- Refactored External PKI and added some options to cli.cpp
to make it easier to test that the feature still works
correctly. This included removing the sig_type var and
standardizing on a PKCS#1 digest prefix per RFC 3447.
- Updated test keys to 2048 bits.
- Updated dependency build scripts to build mbedTLS.
- Enable MD4 in mbedTLS build script (needed for NTLM auth).
- Use an allow-all X509 cert profile to preserve compatibility
with older configs. Going forward, we will implement new
options to increase strictness on minimum RSA key size and
required cert signing algs.
- Added human-readable reason strings that explain why
a given cert in the chain wasn't accepted.
- This patch doesn't rename any files or rename internal
OpenVPN 3 symbols such as PolarSSLContext. This will
be done in a separate commit.
Signed-off-by: James Yonan <james@openvpn.net>