diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/asn1.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/asn1.h index fde328a..96c1c9a 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/asn1.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/asn1.h @@ -88,6 +88,21 @@ #define MBEDTLS_ASN1_PRIMITIVE 0x00 #define MBEDTLS_ASN1_CONSTRUCTED 0x20 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 + +/* + * Bit masks for each of the components of an ASN.1 tag as specified in + * ITU X.690 (08/2015), section 8.1 "General rules for encoding", + * paragraph 8.1.2.2: + * + * Bit 8 7 6 5 1 + * +-------+-----+------------+ + * | Class | P/C | Tag number | + * +-------+-----+------------+ + */ +#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 +#define MBEDTLS_ASN1_TAG_PC_MASK 0x20 +#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F + /* \} name */ /* \} addtogroup asn1_module */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/bn_mul.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/bn_mul.h index 354c1cc..956b0bc 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/bn_mul.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/bn_mul.h @@ -49,7 +49,14 @@ /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ #if defined(__GNUC__) && \ ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) -#if defined(__i386__) + +/* + * Disable use of the i386 assembly code below if option -O0, to disable all + * compiler optimisations, is passed, detected with __OPTIMIZE__ + * This is done as the number of registers used in the assembly code doesn't + * work with the -O0 option. + */ +#if defined(__i386__) && defined(__OPTIMIZE__) && (!defined(__ANDROID_API__) || defined(__clang__)) #define MULADDC_INIT \ asm( \ @@ -142,7 +149,7 @@ "movl %%esi, %3 \n\t" \ : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ecx", "edx", "esi", "edi" \ + : "eax", "ebx", "ecx", "edx", "esi", "edi" \ ); #else @@ -154,7 +161,7 @@ "movl %%esi, %3 \n\t" \ : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ecx", "edx", "esi", "edi" \ + : "eax", "ebx", "ecx", "edx", "esi", "edi" \ ); #endif /* SSE2 */ #endif /* i386 */ @@ -521,7 +528,7 @@ "swi r3, %2 \n\t" \ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4" "r5", "r6", "r7", "r8", \ + : "r3", "r4", "r5", "r6", "r7", "r8", \ "r9", "r10", "r11", "r12", "r13" \ ); diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ccm.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ccm.h index 5a9ee4a..630b7fd 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ccm.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ccm.h @@ -105,7 +105,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * Must be at least \p length Bytes wide. * \param tag The buffer holding the tag. * \param tag_len The length of the tag to generate in Bytes: - * 4, 6, 8, 10, 14 or 16. + * 4, 6, 8, 10, 12, 14 or 16. * * \note The tag is written to a separate buffer. To concatenate * the \p tag with the \p output, as done in RFC-3610: @@ -131,10 +131,13 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13. * \param add The additional data field. * \param add_len The length of additional data in Bytes. + * Must be less than 2^16 - 2^8. * \param input The buffer holding the input data. * \param output The buffer holding the output data. + * Must be at least \p length Bytes wide. * \param tag The buffer holding the tag. * \param tag_len The length of the tag in Bytes. + * 4, 6, 8, 10, 12, 14 or 16. * * \return 0 if successful and authenticated, or * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/check_config.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/check_config.h index 1143aa2..be80332 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/check_config.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/check_config.h @@ -78,6 +78,10 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC) +#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_CMAC_C) && \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) #error "MBEDTLS_CMAC_C defined, but not all prerequisites" diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cipher.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cipher.h index d1f4efe..1c453a1 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cipher.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cipher.h @@ -43,7 +43,7 @@ #define MBEDTLS_CIPHER_MODE_WITH_PADDING #endif -#if defined(MBEDTLS_ARC4_C) +#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) #define MBEDTLS_CIPHER_MODE_STREAM #endif diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cmac.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cmac.h index 628c9da..24839a2 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cmac.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/cmac.h @@ -26,7 +26,7 @@ #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H -#include "mbedtls/cipher.h" +#include "cipher.h" #ifdef __cplusplus extern "C" { diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/config.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/config.h index fc4bd16..9feb49b 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/config.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/config.h @@ -1049,7 +1049,8 @@ /** * \def MBEDTLS_RSA_NO_CRT * - * Do not use the Chinese Remainder Theorem for the RSA private operation. + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. * * Uncomment this macro to disable the use of CRT in RSA. * @@ -1411,6 +1412,30 @@ */ #define MBEDTLS_SSL_TRUNCATED_HMAC +/** + * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + * + * Fallback to old (pre-2.7), non-conforming implementation of the truncated + * HMAC extension which also truncates the HMAC key. Note that this option is + * only meant for a transitory upgrade period and is likely to be removed in + * a future version of the library. + * + * \warning The old implementation is non-compliant and has a security weakness + * (2^80 brute force attack on the HMAC key used for a single, + * uninterrupted connection). This should only be enabled temporarily + * when (1) the use of truncated HMAC is essential in order to save + * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use + * the fixed implementation yet (pre-2.7). + * + * \deprecated This option is deprecated and will likely be removed in a + * future version of Mbed TLS. + * + * Uncomment to fallback to old, non-compliant truncated HMAC implementation. + * + * Requires: MBEDTLS_SSL_TRUNCATED_HMAC + */ +//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT + /** * \def MBEDTLS_THREADING_ALT * @@ -2793,7 +2818,7 @@ /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations */ -//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h" +//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h" #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE) #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ctr_drbg.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ctr_drbg.h index 121575a..e554a0a 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ctr_drbg.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ctr_drbg.h @@ -31,7 +31,7 @@ #include "aes.h" #if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" +#include "threading.h" #endif #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/dhm.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/dhm.h index da2e66b..00fafd8 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/dhm.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/dhm.h @@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t; * in RFC-5114: Additional Diffie-Hellman Groups for Use with * IETF Standards. */ -#define MBEDTLS_DHM_RFC5114_MODP_P \ +#define MBEDTLS_DHM_RFC5114_MODP_2048_P \ MBEDTLS_DEPRECATED_STRING_CONSTANT( \ "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecdsa.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecdsa.h index aa23d67..ff6efbc 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecdsa.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecdsa.h @@ -272,8 +272,8 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * * \return \c 0 on success, * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, - * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than \p siglen, + * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. * diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp.h index b00ba4d..7b8ffff 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp.h @@ -36,7 +36,7 @@ #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ -#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp_internal.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp_internal.h index 8a6d517..1804069 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp_internal.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ecp_internal.h @@ -48,7 +48,7 @@ * [6] Digital Signature Standard (DSS), FIPS 186-4. * * - * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer + * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer * Security (TLS), RFC 4492. * * diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/gcm.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/gcm.h index 1e5a507..00ed421 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/gcm.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/gcm.h @@ -106,20 +106,41 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * If the buffers overlap, the output buffer must trail at least 8 Bytes * behind the input buffer. * + * \warning When this function performs a decryption, it outputs the + * authentication tag and does not verify that the data is + * authentic. You should use this function to perform encryption + * only. For decryption, use mbedtls_gcm_auth_decrypt() instead. + * * \param ctx The GCM context to use for encryption or decryption. - * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or - * #MBEDTLS_GCM_DECRYPT. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param mode The operation to perform: + * - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption. + * The ciphertext is written to \p output and the + * authentication tag is written to \p tag. + * - #MBEDTLS_GCM_DECRYPT to perform decryption. + * The plaintext is written to \p output and the + * authentication tag is written to \p tag. + * Note that this mode is not recommended, because it does + * not verify the authenticity of the data. For this reason, + * you should use mbedtls_gcm_auth_decrypt() instead of + * calling this function in decryption mode. + * \param length The length of the input data, which is equal to the length + * of the output data. * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. * \param add_len The length of the additional data. - * \param input The buffer holding the input data. - * \param output The buffer for holding the output data. + * \param input The buffer holding the input data. Its size is \b length. + * \param output The buffer for holding the output data. It must have room + * for \b length bytes. * \param tag_len The length of the tag to generate. * \param tag The buffer for holding the tag. * - * \return \c 0 on success. + * \return \c 0 if the encryption or decryption was performed + * successfully. Note that in #MBEDTLS_GCM_DECRYPT mode, + * this does not indicate that the data is authentic. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid. + * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific + * error code if the encryption or decryption failed. */ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, int mode, @@ -142,18 +163,23 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * behind the input buffer. * * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish(). + * \param length The length of the ciphertext to decrypt, which is also + * the length of the decrypted plaintext. * \param iv The initialization vector. * \param iv_len The length of the IV. * \param add The buffer holding the additional data. * \param add_len The length of the additional data. - * \param tag The buffer holding the tag. - * \param tag_len The length of the tag. - * \param input The buffer holding the input data. - * \param output The buffer for holding the output data. + * \param tag The buffer holding the tag to verify. + * \param tag_len The length of the tag to verify. + * \param input The buffer holding the ciphertext. Its size is \b length. + * \param output The buffer for holding the decrypted plaintext. It must + * have room for \b length bytes. * - * \return 0 if successful and authenticated, or - * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match. + * \return \c 0 if successful and authenticated. + * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid. + * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific + * error code if the decryption failed. */ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, size_t length, diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/hmac_drbg.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/hmac_drbg.h index e0821cf..2608de8 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/hmac_drbg.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/hmac_drbg.h @@ -27,7 +27,7 @@ #include "md.h" #if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" +#include "threading.h" #endif /* diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md2.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md2.h index 2ff3f17..0fd8b5a 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md2.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md2.h @@ -39,11 +39,6 @@ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_MD2_ALT) // Regular implementation // @@ -187,11 +182,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( - mbedtls_md2_context *ctx ) -{ - mbedtls_md2_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -207,13 +198,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( - mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md2_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD2 final digest @@ -228,12 +215,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( - mbedtls_md2_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md2_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, + unsigned char output[16] ); /** * \brief MD2 process data block (internal use only) @@ -247,11 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( - mbedtls_md2_context *ctx ) -{ - mbedtls_internal_md2_process( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -304,12 +283,9 @@ int mbedtls_md2_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md2_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md4.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md4.h index a2ab57f..23fa95e 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md4.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md4.h @@ -40,11 +40,6 @@ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_MD4_ALT) // Regular implementation // @@ -188,11 +183,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( - mbedtls_md4_context *ctx ) -{ - mbedtls_md4_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( - mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md4_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD4 final digest @@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( - mbedtls_md4_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md4_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, + unsigned char output[16] ); /** * \brief MD4 process data block (internal use only) @@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( - mbedtls_md4_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md4_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -309,12 +288,9 @@ int mbedtls_md4_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md4_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md5.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md5.h index d49391f..06ea4c5 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md5.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/md5.h @@ -43,11 +43,6 @@ // Regular implementation // -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #ifdef __cplusplus extern "C" { #endif @@ -188,11 +183,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( - mbedtls_md5_context *ctx ) -{ - mbedtls_md5_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( - mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md5_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD5 final digest @@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( - mbedtls_md5_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md5_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, + unsigned char output[16] ); /** * \brief MD5 process data block (internal use only) @@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( - mbedtls_md5_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md5_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -309,12 +288,9 @@ int mbedtls_md5_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md5_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net.h index 28ae821..6c13b53 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net.h @@ -1,7 +1,7 @@ /** * \file net.h * - * \brief Deprecated header file that includes mbedtls/net_sockets.h + * \brief Deprecated header file that includes net_sockets.h * * \deprecated Superseded by mbedtls/net_sockets.h */ @@ -25,7 +25,7 @@ */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#include "mbedtls/net_sockets.h" +#include "net_sockets.h" #if defined(MBEDTLS_DEPRECATED_WARNING) #warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" #endif /* MBEDTLS_DEPRECATED_WARNING */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net_sockets.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net_sockets.h index 54e612c..52bb8de 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net_sockets.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/net_sockets.h @@ -118,9 +118,10 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * * \param bind_ctx Relevant socket * \param client_ctx Will contain the connected client socket - * \param client_ip Will contain the client IP address + * \param client_ip Will contain the client IP address, can be NULL * \param buf_size Size of the client_ip buffer - * \param ip_len Will receive the size of the client IP written + * \param ip_len Will receive the size of the client IP written, + * can be NULL if client_ip is null * * \return 0 if successful, or * MBEDTLS_ERR_NET_ACCEPT_FAILED, or diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/pk.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/pk.h index 1059bda..ee06b2f 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/pk.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/pk.h @@ -63,7 +63,7 @@ #define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ -#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ +#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */ #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus @@ -269,8 +269,8 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note For RSA keys, the default padding type is PKCS#1 v1.5. @@ -300,10 +300,10 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \param sig_len Signature length * * \return 0 on success (signature is valid), - * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be * used for this type of signatures, - * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is - * valid but its actual length is less than sig_len, + * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid + * signature in sig but its length is less than \p siglen, * or a specific error code. * * \note If hash_len is 0, then the length associated with md_alg diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/platform.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/platform.h index ed10775..7c2835b 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/platform.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/platform.h @@ -31,7 +31,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" +#include "platform_time.h" #endif #ifdef __cplusplus @@ -210,7 +210,7 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO #else -#define mbedtls_snprintf snprintf +#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF #endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ripemd160.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ripemd160.h index c21868b..3a8b50a 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ripemd160.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ripemd160.h @@ -35,11 +35,6 @@ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_RIPEMD160_ALT) // Regular implementation // @@ -139,11 +134,8 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, * * \param ctx context to be initialized */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( - mbedtls_ripemd160_context *ctx ) -{ - mbedtls_ripemd160_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( + mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -154,13 +146,10 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( * \param input buffer holding the data * \param ilen length of the input data */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, const unsigned char *input, - size_t ilen ) -{ - mbedtls_ripemd160_update_ret( ctx, input, ilen ); -} + size_t ilen ); /** * \brief RIPEMD-160 final digest @@ -170,12 +159,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) -{ - mbedtls_ripemd160_finish_ret( ctx, output ); -} + unsigned char output[20] ); /** * \brief RIPEMD-160 process data block (internal use only) @@ -185,12 +171,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( * \param ctx RIPEMD-160 context * \param data buffer holding one block of data */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( +MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_ripemd160_process( ctx, data ); -} + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -235,13 +218,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input, * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( - const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_ripemd160_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa.h index fb2f77f..5548f3c 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa.h @@ -518,6 +518,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * * \note The input and output buffers must be large * enough. For example, 128 Bytes if RSA-1024 is used. + * + * \note Blinding is used if and only if a PRNG is provided. + * + * \note If blinding is used, both the base of exponentation + * and the exponent are blinded, providing protection + * against some side-channel attacks. + * + * \warning It is deprecated and a security risk to not provide + * a PRNG here and thereby prevent the use of blinding. + * Future versions of the library may enforce the presence + * of a PRNG. + * */ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa_internal.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa_internal.h index bcb3c94..53abd3c 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa_internal.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/rsa_internal.h @@ -2,6 +2,37 @@ * \file rsa_internal.h * * \brief Context-independent RSA helper functions + * + * This module declares some RSA-related helper functions useful when + * implementing the RSA interface. These functions are provided in a separate + * compilation unit in order to make it easy for designers of alternative RSA + * implementations to use them in their own code, as it is conceived that the + * functionality they provide will be necessary for most complete + * implementations. + * + * End-users of Mbed TLS who are not providing their own alternative RSA + * implementations should not use these functions directly, and should instead + * use only the functions declared in rsa.h. + * + * The interface provided by this module will be maintained through LTS (Long + * Term Support) branches of Mbed TLS, but may otherwise be subject to change, + * and must be considered an internal interface of the library. + * + * There are two classes of helper functions: + * + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_primes + * - mbedtls_rsa_deduce_private_exponent + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters and + * generates some other, or CRT related parameters. + * + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters and check their + * validity. + * */ /* * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved @@ -21,31 +52,6 @@ * * This file is part of mbed TLS (https://tls.mbed.org) * - * - * This file declares some RSA-related helper functions useful when - * implementing the RSA interface. They are public and provided in a - * separate compilation unit in order to make it easy for designers of - * alternative RSA implementations to use them in their code, as it is - * conceived that the functionality they provide will be necessary - * for most complete implementations. - * - * End-users of Mbed TLS not intending to re-implement the RSA functionality - * are not expected to get into the need of making use of these functions directly, - * but instead should be able to use the functions declared in rsa.h. - * - * There are two classes of helper functions: - * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_primes - * - mbedtls_rsa_deduce_private_exponent - * - mbedtls_rsa_deduce_crt - * Each of these functions takes a set of core RSA parameters - * and generates some other, or CRT related parameters. - * (2) Parameter-checking helpers. These are: - * - mbedtls_rsa_validate_params - * - mbedtls_rsa_validate_crt - * They take a set of core or CRT related RSA parameters - * and check their validity. - * */ #ifndef MBEDTLS_RSA_INTERNAL_H @@ -213,4 +219,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); +#ifdef __cplusplus +} +#endif + #endif /* rsa_internal.h */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha1.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha1.h index e4f8650..05540cd 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha1.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha1.h @@ -39,11 +39,6 @@ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if !defined(MBEDTLS_SHA1_ALT) // Regular implementation // @@ -190,11 +185,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( - mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -210,13 +201,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( - mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-1 final digest @@ -231,12 +218,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( - mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, + unsigned char output[20] ); /** * \brief SHA-1 process data block (internal use only) @@ -251,12 +234,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( - mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -317,12 +296,9 @@ int mbedtls_sha1_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_sha1_ret( input, ilen, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha256.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha256.h index a2b6e11..ffb16c2 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha256.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha256.h @@ -35,10 +35,6 @@ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -156,12 +152,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, *
  • 0: Use SHA-256.
    • *
  • 1: Use SHA-224.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( - mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, + int is224 ); /** * \brief This function feeds an input buffer into an ongoing @@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( * \param input The buffer holding the data. * \param ilen The length of the input data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( - mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-256 operation, and writes @@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( * \param ctx The SHA-256 context. * \param output The SHA-224or SHA-256 checksum result. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( - mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, + unsigned char output[32] ); /** * \brief This function processes a single data block within @@ -207,12 +191,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( * \param ctx The SHA-256 context. * \param data The buffer holding one block of data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( - mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -276,14 +256,10 @@ int mbedtls_sha256_ret( const unsigned char *input, *
  • 0: Use SHA-256.
    • *
  • 1: Use SHA-224.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha256( - const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) -{ - mbedtls_sha256_ret( input, ilen, output, is224 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha512.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha512.h index 52ae204..8404a2d 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha512.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/sha512.h @@ -35,10 +35,6 @@ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif #if !defined(MBEDTLS_SHA512_ALT) // Regular implementation // @@ -156,12 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, *
  • 0: Use SHA-512.
    • *
  • 1: Use SHA-384.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( - mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, + int is384 ); /** * \brief This function feeds an input buffer into an ongoing @@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( * \param input The buffer holding the data. * \param ilen The length of the input data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( - mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-512 operation, and writes @@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( * \param ctx The SHA-512 context. * \param output The SHA-384 or SHA-512 checksum result. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( - mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, + unsigned char output[64] ); /** * \brief This function processes a single data block within @@ -207,12 +191,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( * \param ctx The SHA-512 context. * \param data The buffer holding one block of data. */ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( +MBEDTLS_DEPRECATED void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} + const unsigned char data[128] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -278,14 +259,10 @@ int mbedtls_sha512_ret( const unsigned char *input, *
  • 0: Use SHA-512.
    • *
  • 1: Use SHA-384.
*/ -MBEDTLS_DEPRECATED static inline void mbedtls_sha512( - const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) -{ - mbedtls_sha512_ret( input, ilen, output, is384 ); -} +MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl.h index cc3c862..72374e3 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl.h @@ -53,7 +53,7 @@ #endif #if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" +#include "platform_time.h" #endif /* @@ -932,14 +932,6 @@ extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl); extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ -/** - * \brief Returns the list of ciphersuites supported by the SSL/TLS module. - * - * \return a statically allocated array of ciphersuites, the last - * entry is 0. - */ -const int *mbedtls_ssl_list_ciphersuites( void ); - /** * \brief Return the name of the ciphersuite associated with the * given ID @@ -975,8 +967,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \note No copy of the configuration context is made, it can be * shared by many mbedtls_ssl_context structures. * - * \warning Modifying the conf structure after it has been used in this - * function is unsupported! + * \warning The conf structure will be accessed during the session. + * It must not be modified or freed as long as the session + * is active. + * + * \warning This function must be called exactly once per context. + * Calling mbedtls_ssl_setup again is not supported, even + * if no session is active. * * \param ssl SSL context * \param conf SSL configuration to use @@ -1591,6 +1588,10 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, /** * \brief Set the data required to verify peer certificate * + * \note See \c mbedtls_x509_crt_verify() for notes regarding the + * parameters ca_chain (maps to trust_ca for that function) + * and ca_crl. + * * \param conf SSL configuration * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs @@ -1831,21 +1832,21 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, * too, if that extension is enabled. (client-side only) * * \param ssl SSL context * \param hostname the server hostname, may be NULL to clear hostname - + * * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * * Hostname set to the one provided on success (cleared - * when NULL). On allocation failure hostname is cleared. + * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); @@ -2391,7 +2392,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * \brief Save session in order to resume it later (client-side only) * Session data is copied to presented session structure. * - * \warning Currently, peer certificate is lost in the operation. * * \param ssl SSL context * \param session session context @@ -2399,7 +2399,18 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * \return 0 if successful, * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or - * arguments are otherwise invalid + * arguments are otherwise invalid. + * + * \note Only the server certificate is copied, and not the full chain, + * so you should not attempt to validate the certificate again + * by calling \c mbedtls_x509_crt_verify() on it. + * Instead, you should use the results from the verification + * in the original handshake by calling \c mbedtls_ssl_get_verify_result() + * after loading the session again into a new SSL context + * using \c mbedtls_ssl_set_session(). + * + * \note Once the session object is not needed anymore, you should + * free it by calling \c mbedtls_ssl_session_free(). * * \sa mbedtls_ssl_set_session() */ @@ -2525,15 +2536,19 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, * or another negative error code. * - * \note If this function returns something other than a positive - * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context - * becomes unusable, and you should either free it or call - * \c mbedtls_ssl_session_reset() on it before re-using it for - * a new connection; the current connection must be closed. + * \note If this function returns something other than 0, a positive + * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop + * using the SSL context for reading or writing, and either + * free it or call \c mbedtls_ssl_session_reset() on it before + * re-using it for a new connection; the current connection + * must be closed. * * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, * it must be called later with the *same* arguments, - * until it returns a positive value. + * until it returns a value greater that or equal to 0. When + * the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be + * some partial data in the output buffer, however this is not + * yet sent. * * \note If the requested length is greater than the maximum * fragment length (either the built-in limit or the one set @@ -2542,6 +2557,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. * \c mbedtls_ssl_get_max_frag_len() may be used to query the * active maximum fragment length. + * + * \note Attempting to write 0 bytes will result in an empty TLS + * application record being sent. */ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); @@ -2634,6 +2652,9 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); * \brief Free referenced items in an SSL session including the * peer certificate and clear memory * + * \note A session object can be freed even if the SSL context + * that was used to retrieve the session is still in use. + * * \param session SSL session */ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_ciphersuites.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_ciphersuites.h index 545468a..1d2aabc 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_ciphersuites.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_ciphersuites.h @@ -267,7 +267,7 @@ typedef enum { defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED #endif diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_internal.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_internal.h index 9f583a8..2b5a616 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_internal.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/ssl_internal.h @@ -71,6 +71,9 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */ +#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 +#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 + /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 @@ -627,7 +630,13 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t volatile unsigned char diff = 0; for( i = 0; i < n; i++ ) - diff |= A[i] ^ B[i]; + { + /* Read volatile data in order before computing diff. + * This avoids IAR compiler warning: + * 'the order of volatile accesses is undefined ..' */ + unsigned char x = A[i], y = B[i]; + diff |= x ^ y; + } return( diff ); } diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/threading.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/threading.h index 58e6db2..aeea5d0 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/threading.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/threading.h @@ -96,8 +96,12 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); /* * Global mutexes */ +#if defined(MBEDTLS_FS_IO) extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; +#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/version.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/version.h index 961be59..aa2764b 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/version.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/version.h @@ -40,16 +40,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 7 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 5 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02070000 -#define MBEDTLS_VERSION_STRING "2.7.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0" +#define MBEDTLS_VERSION_NUMBER 0x02070500 +#define MBEDTLS_VERSION_STRING "2.7.5" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.5" #if defined(MBEDTLS_VERSION_C) diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/x509_crt.h b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/x509_crt.h index 46780bd..2e48991 100644 --- a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/x509_crt.h +++ b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/include/mbedtls/x509_crt.h @@ -289,8 +289,15 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * used to sign the certificate, CRL verification is skipped * silently, that is *without* setting any flag. * + * \note The \c trust_ca list can contain two types of certificates: + * (1) those of trusted root CAs, so that certificates + * chaining up to those CAs will be trusted, and (2) + * self-signed end-entity certificates to be trusted (for + * specific peers you know) - in that case, the self-signed + * certificate doesn't need to have the CA bit set. + * * \param crt a certificate (chain) to be verified - * \param trust_ca the list of trusted CAs + * \param trust_ca the list of trusted CAs (see note above) * \param ca_crl the list of CRLs for trusted CAs (see note above) * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedcrypto.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedcrypto.a index 17ead60..b786c4a 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedcrypto.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedcrypto.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedtls.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedtls.a index c5452ec..60ad8f2 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedtls.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedtls.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedx509.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedx509.a index c590a18..2cb06a8 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedx509.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/ios/libmbedx509.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedcrypto.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedcrypto.a index 61f5c72..89bed92 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedcrypto.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedcrypto.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedtls.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedtls.a index 8cd0621..f2c031b 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedtls.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedtls.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedx509.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedx509.a index 9c930d3..9c54dbe 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedx509.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/macos/libmbedx509.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedcrypto.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedcrypto.a index 2857ecb..c618591 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedcrypto.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedcrypto.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedtls.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedtls.a index 88a463c..cdb69d8 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedtls.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedtls.a differ diff --git a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedx509.a b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedx509.a index a25c5af..f6159f8 100644 Binary files a/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedx509.a and b/Sources/OpenVPNAdapter/Libraries/Vendors/mbedtls/lib/sim/libmbedx509.a differ