passepartoutvpn / tunnelkit

VPN client library for Apple platforms.

GNU General Public License v3.0

3 stars 1 forks source link

OpenSSL 3 regressions in HMAC algorithms #403

Closed keeshux closed 8 months ago

keeshux commented 8 months ago

Might well be two symptoms of the same illness:

[x] OpenVPNErrorCodeCryptoEncryption (103) - Fixed in #405
[x] OpenVPNErrorCodeTLSCAPeerVerification (203) - Fixed in #406

keeshux commented 8 months ago

Got one OpenSSL failure at this line:

https://github.com/passepartoutvpn/tunnelkit/blob/138f1ca1686bba74b7bc53957fccca12e988c5ab/Sources/CTunnelKitOpenVPNProtocol/CryptoCBC.m#L180

right after "TLS.connect: Handshake is complete".

keeshux commented 8 months ago

As weird as it sounds, the above issue is resolved by not reusing the OSSL_PARAM structure for HMAC. Unless I corrupt it at some point, which is very hard to track down.

keeshux commented 8 months ago

405 doesn't fix error 203.