Those suites were defined in ciphersuite_definitions[] but not included in
ciphersuite_preference[] which meant they couldn't be negotiated unless
explicitly added by the user. Add them so that they're usable by default like
any other suite.
Disabled by default, needs OpenSSL >= 1.1.1 - tested locally with 1.1.1-pre1
Local version of OpenSSL was compiled with:
./config --prefix=$HOME/usr/openssl-1.1.1-pre1 -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)'
make
make install
With OpenSSL 1.1.1-pre1, two ciphersuites were incorrectly skipped,
but this has since been fixed in OpenSSL master, see:
https://github.com/openssl/openssl/issues/5406
The change in the truncated HMAC extension aligns Mbed TLS with the
standard, but breaks interoperability with previous versions. Indicate
this in the ChangeLog, as well as how to restore the old behavior.
Add mbedTLS.vcxproj to the VS2010 application template so that the next
time we auto-generate the application project files, the
LinkLibraryDependencies for mbedTLS.vcxproj are maintained.
Fixes#1347
In 2.7.0, we replaced a number of MD functions with deprecated inline
versions. This causes ABI compatibility issues, as the functions are no
longer guaranteed to be callable when built into a shared library.
Instead, deprecate the functions without also inlining them, to help
maintain ABI backwards compatibility.
Add missing MBEDTLS_DEPRECATED_REMOVED guards around the definitions
of mbedtls_aes_decrypt and mbedtls_aes_encrypt.
This fixes the build under -Wmissing-prototypes -Werror.
Fixes#1388
Conflict: configs/config-picocoin.h was both edited and removed.
Resolution: removed, since this is the whole point of PR #1280 and the
changes in development are no longer relevant.
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.
This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.
Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.
(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)
The new keys are generated by specifying different PRFs with
-v2prf.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.
For this reason extend the result array to accommodate
longer strings.
At the same time make memset() parametric to avoid
bugs in the future.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>