Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' changes from 275cf80efb..7db7a009b0

7db7a009b0 proto: Client complains about stub compressors
390154d0e4 Update Build instructions for OSX
1b92069834 deps: Update to mbedtls-2.7.12
8cab79540d compression: Extend compression alert to include server pushes
67b4641a99 CompressContext: Add is_any_stub() method
cdf9e7bece compression: Issue an Event if compression is activated
fa38064403 build script: added a new PROF type "auto" that tries to automatically determine the local platform
7ce7b52b7c MTRand: added OPENVPN_INSECURE_RANDOM compile flag that allows MTRand to masquerade as a secure RNG
85e7e49f72 MTRand: added constructor accepting an initialization seed
1fa3229a10 IPv4, IPv6: added #include <openvpn/common/hash.hpp>
48e9217d26 vcxproj: add missing header file
d2a2601b2f Wintun: unmap ring buffers
e320bc63ff openssl: Improve OpenSSLContext fencing against multiple declarations
2f8fe2d318 openssl: Missing inline keyword in a couple of compat functions
32b984c0ff enum_dir: use a function template
725ee04593 VPNServerNetblock::Netblock::to_string(): show prefix_len
409d1c52b8 ManClientInstance::Send::describe_user(): added bool show_userprop parameter
e05fc16b20 string::indent(): try to fix all the corner cases
4e1645ea80 RunContext: mark virtual Stop* async_stop() with override attribute
e8b31c5454 cli: advertise "openurl" as supported SSO method
80b45731eb ICMPv6: added DEST_UNREACH code
679003094d AsioTimerSafe: refactor to allow as drop-in replacement for AsioTimer
f7845578f1 RunContext: check for halt in timer closure
84483eda25 AsioPolySock: add support for socket shutdown
1b3402aec3 tcplinkcommon.hpp: added missing include
2e26c7565c time: added nanotime_t typedef
c3c8ab7f6b string: added additional detail to split() comment
95ce4f22c8 string: added to_delim() method then redefined first_line() method to use it
448218b1e1 string: added add_leading() method
e3b0bf4f5c MSF iterator: allow conversion from ordinary iterator and added exists() method
11412ac50a AsioPolySock: in remote_endpoint_str() method, test for alt_routing_enabled()
9fb4e705f9 Added TimeSkew to skew a time duration by a random flux
7496383002 write_binary_atomic: reduce the length of the temporary filename
b31d9c0191 auth-token-user: increase size limit to 340 chars
c82644c03a Added BufferLineIterator
115cb656b6 RandomAPI: added randbyte() and randbool() methods
4fa8348689 RunContext: ASIO SIGNAL message now shows signal name rather than number
ebfce58513 Added StaticBuffer, a constant-length Buffer for writing that cannot be extended
c8f9cb88a4 string::split(): call reserve() on return vector
f15e566065 read_binary_unix_fast: should return an int (i.e. errno), not a bool
60501b4513 random: factor out rand32_distribute() from RandomAPI::randrange32()
90123495a5 wintun: get device interfaces list only once
ec790df73b wintun: read packets in bulk
0f85d3f729 wintun: use correct io_context when performing initial read
a6151cdeab wintun: use auto-reset events
29acfd95f3 libs: update ASIO to 1.14.0
438a0ef287 Remove outdated and unused android build files
e9df57969f Merge remote-tracking branch 'origin/released'
44725ad094 ssl: Fix building with OpenSSL 1.0.2
efe3f1f635 version: Reset version reference for git master
8c79c06d94 Make tls-crypt/tls-cryptv2 compile with multiple compilation units
4d18aaeb88 Fix LLVM warnings reported during OS X build
8c9496bb4d Use const_cast for SSL_session_reused
33be562a39 Add missing override keywords to openssl/sslctx.hpp
2c5435a000 dcocli: use compile time define for Tun methods instead of hardcoded iproute
7c39088f00 Allow overriding reported HW_ADDR and support IV_PLAT_VER
7bb1ea19ee Move sending IV_UI_VER and IV_SSO to build_peer_info
23959fa705 Add reporting of IV_SSL_VER
63ab5b5e46 Only initialise static member in OpenSSLContext once
ecebb40304 Merge remote-tracking branch 'origin/qa'
52c9702502 wintun: replace volatiles with atomics
d720c7104c appveyor: install Strawberry perl
60a253a7ef appveyor: update to VS2019
48f2b5100b wintun: support for privilege separation
6f266be3d8 wintun: ring buffers support
baa1ce2ccf vcxproj: bump VS version to 2019
98bfd037e3 tun/win: factor out ClientConfig into separate header
aeb5ce0ad7 wintun: open device with SetupAPI
3998d303ce Finalizing the OpenVPN 3 Core library 3.3 release
728733aee7 deps/mbedtls: rebase "enable unsupported critical extensions" patch
43e36ca45a lib-version: update to mbedtls-2.7.11
4dbcd85e50 openssl/cipher.hpp: add missing include <compat.hpp>
69d72ed64f DCOTransport: Fix server side specific trunk handling
ff732e3b5d Fix OpenVPN Core build with OpenSSL 1.1.0
0da42f393f Do not use deprecated OpenSSL 1.1.0 methods
35062c0b60 travis.yml: update environment
47046cf6d2 Merge branch 'qa'
6933c395a4 [OVPN3-423] cliconnect.hpp: fix reconnect on Windows after sleep
462c36c813 random_subnet(): added comment
ac1d447156 IP::Addr::from_byte_string(): fixed bug for IPv6 case
d6eaea3468 string::split(): minor implementation tweaks
ca15b7cdf4 hexstr: added dump_hex() variant accepting void *
0e61a2afd7 SessionIDType::find_weak: added conflict parameter
089aec00b1 DCOTransport: new routing code for trunk links
5befbd430f build: added CAP=1 -- build with libcap
eb85ada21e signals: added trivial signal_name() function
f89013ef92 RunContext: don't try to catch SIGQUIT by default
e0ee540135 SessionIDType: added hash() method
f0e1f8aa42 logging: added basic components for logrotate
fbb0c81f29 UMask: added UMaskDaemon, a umask context object appropriate for daemons
1c7bac90d9 build script: when building with DEBUG=1 on Linux, use -ggdb instead of -g
73cce80e43 OpenSSL: added openssl_reseed_rng() function
25780cf798 OpenSSL: fixed some memory leaks in CipherContextGCM and TokenEncrypt
168dba95f5 OpenSSL: define OPENSSL_SERVER_SNI when OpenSSL version is at least 1.1
84e78d8fed SNI: added OpenVPN client support for SNI (currently OpenSSL only)
310766b270 build: added MTLS_DIST setting
4eaa46a879 MbedTLS: added MBEDTLS_DISABLE_NAME_CONSTRAINTS preprocessor flag
16226d1b05 OpenSSLSign: updated for OpenSSL 1.1
aed0678c96 SSL: added SNI::Metadata, an abstract base class for packaging app-specific SNI metadata in AuthCert
001b731fe2 SNI: create SNI namespace and rename SNIHandlerBase -> SNI::HandlerBase
4bd5869305 README.rst: Make Windows-specific build steps up to date.
ac365ee977 wintun: support for 0.4
9245056a2a wintun: support for 0.3
b73d484950 mbedtls: throw exception on unsupported SSL:Const::PEER_CERT_OPTIONAL option
1d6bae4b5b tcplinkcommon: bubble up real exception error
c18c8bd156 tcpcli: ensure SSL Factory survives as long as TLS link
4192193087 tls: parse and load TLS specific CA
2a19b7fcff win/tuncli.hpp: fix Wintun padding calculation
44cb9f44da appveyor: make ReleaseOpenSSL default configuration
5485de19a2 win/impersonate: refactor impersonate logic
29a655147b win/tunsetup.hpp: remove unneeded parameter
61794b0efd win: link OpenSSL dynamically
e569b84465 win/tuncli.hpp: fix indentation
374c57e708 frame_init.hpp: tweak wintun read buf size
c3c45c9b38 tun: added Error::TUN_HALT for tun_error() signaling
acd7af5e9a RandomAPI: added randrange32() method
c1a7f8cc68 std::clamp() is useful but only available in C++17 and up, so we add our own clamp()
f8c71ef1ce Minor change to Error::INACTIVE_TIMEOUT handler
3202ab5fce OpenSSLSign: renamed OpenSSLPKI::X509Base to OpenSSLPKI::X509 to conform to changes in OpenSSLPKI
8d767febb5 ReachabilityBase: added virtual destructor
6a4826965f MbedTLS: update json_override() prototype
bee0d8d187 SSL: added SSLConst::SEND_CLIENT_CA_LIST server-side flag and implemented for OpenSSL
5eb39c1dea AuthCert: save the SNI name
3b34449d0e SSLAPI: auth_cert() can now be const
a672e91631 SNI server-side: support additional JSON configuration settings
95e761f3cc OpenSSL PKI cleanup
d5eb77c53c AuthCert::Fail cleanup
6e98b9aadc SSLAPI: move PKType from SSLConfigAPI into standalone header to avoid dependency inversion
bbae814864 OpenSSL: added SNI implementation
5def1d23ab OpenSSLContext: in constructor, removed redundant if statement
1a0747e783 OpenSSLContext: in constructor, consolidate sslopt fixed flags
eef9868816 OpenSSLContext::SSL::ssl_handshake_details(): include leaf-cert CN in details
f9631cd90f AuthCert::Fail: use std::string for the reason string (instead of const char *)
a17b77641f OpenSSLPKI::X509: copy constructor doesn't need erase() and define X509::Ptr
78cae5bb52 OpenSSLPKI::DH: copy constructor doesn't need erase()
c0d43a4153 RCPtr: added static_pointer_cast() method
34a3f264f5 [OVPN-314] Add support for signalling SSO support via IV_SSO
7d112eb3e5 cli: enable utf8 console output
980ef1eff8 win/call.hpp: re-encode command output to utf8
fddb440e99 unicode.hpp: customize utf16 conversion routine
4d7c12ac4d [OVPN3-405] Support for non-ASCII profile path on Windows

git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn
git-subtree-split: 7db7a009b0b4eca0fc3733c99c50aff7f7c2556f

deps/lib-versions

@@ -1,11 +1,11 @@
-export ASIO_VERSION=asio-1-13-0
-export ASIO_CSUM=54a1208d20f2104dbd6b7a04a9262f5ab649f4b7a9faf7eac4c2294e9e104c06
+export ASIO_VERSION=asio-1-14-0
+export ASIO_CSUM=bdb01a649c24d73ca4a836662e7af442d935313ed6deef6b07f17f3bc5f78d7a
 
 export LZ4_VERSION=lz4-1.8.3
 export LZ4_CSUM=33af5936ac06536805f9745e0b6d61da606a1f8b4cc5c04dd3cbaca3b9b4fc43
 
-export MBEDTLS_VERSION=mbedtls-2.7.5
-export MBEDTLS_CSUM=a1302ad9094aabb9880d2755927b466a6bac8e02b68e04dee77321f3859e9b40
+export MBEDTLS_VERSION=mbedtls-2.7.12
+export MBEDTLS_CSUM=d3a36dbc9f607747daa6875c1ab2e41f49eff5fc99d3436b4f3ac90c89f3c143
 
 export JSONCPP_VERSION=1.8.4
 export JSONCPP_CSUM=c49deac9e0933bcb7044f08516861a2d560988540b23de2ac1ad443b219afdb6

deps/mbedtls/patches/0002-Enable-allowing-unsupported-critical-extensions-in-r.patch

@@ -1,8 +1,7 @@
-From c6963e33209e7fd40d65513e06c1bbb20319abe3 Mon Sep 17 00:00:00 2001
+From 076f1437fe82de0b1f0ecf9a7ca031cd94c0c579 Mon Sep 17 00:00:00 2001
 From: Lev Stipakov <lev@openvpn.net>
 Date: Fri, 23 Feb 2018 17:12:49 +0200
-Subject: [PATCH 2/2] Enable allowing unsupported critical extensions in
- runtime
+Subject: [PATCH] Enable allowing unsupported critical extensions in runtime
 
 When compile time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 is not set, certificate parsing fails if certificate contains unsupported critical extension.
@@ -55,7 +54,7 @@ index 408645ece..b116736f8 100644
  
  /**
 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
-index c6e453274..72374e36b 100644
+index 5fd6969da..1087ea166 100644
 --- a/include/mbedtls/ssl.h
 +++ b/include/mbedtls/ssl.h
 @@ -696,6 +696,10 @@ struct mbedtls_ssl_config
@@ -69,7 +68,7 @@ index c6e453274..72374e36b 100644
  #if defined(MBEDTLS_SSL_RENEGOTIATION)
      int renego_max_records;         /*!< grace period for renegotiation     */
      unsigned char renego_period[8]; /*!< value of the record counters
-@@ -2275,6 +2279,24 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+@@ -2298,6 +2302,24 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
                                     const unsigned char period[8] );
  #endif /* MBEDTLS_SSL_RENEGOTIATION */
  
@@ -95,7 +94,7 @@ index c6e453274..72374e36b 100644
   * \brief          Return the number of data bytes available to read
   *
 diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
-index ac23cffe8..2e489915f 100644
+index e72231ee8..9df19e52c 100644
 --- a/include/mbedtls/x509_crt.h
 +++ b/include/mbedtls/x509_crt.h
 @@ -90,6 +90,8 @@ typedef struct mbedtls_x509_crt
@@ -220,10 +219,10 @@ index edea950f8..a756d2801 100644
  static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
  {
 diff --git a/library/ssl_tls.c b/library/ssl_tls.c
-index ca9b8c432..dba0d5122 100644
+index 1270ee9b8..2ce3f9b7d 100644
 --- a/library/ssl_tls.c
 +++ b/library/ssl_tls.c
-@@ -4656,6 +4656,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+@@ -4668,6 +4668,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
  
      mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
  
@@ -233,7 +232,7 @@ index ca9b8c432..dba0d5122 100644
      i += 3;
  
      while( i < ssl->in_hslen )
-@@ -6586,6 +6589,11 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+@@ -6626,6 +6629,11 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
  }
  #endif /* MBEDTLS_SSL_RENEGOTIATION */
  
@@ -246,18 +245,18 @@ index ca9b8c432..dba0d5122 100644
  #if defined(MBEDTLS_SSL_CLI_C)
  void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
 diff --git a/library/x509_crt.c b/library/x509_crt.c
-index 6751da0d2..149149b96 100644
+index 3ad53a715..130b3ad1b 100644
 --- a/library/x509_crt.c
 +++ b/library/x509_crt.c
-@@ -530,6 +530,7 @@ static int x509_get_crt_ext( unsigned char **p,
+@@ -539,6 +539,7 @@ static int x509_get_crt_ext( unsigned char **p,
      int ret;
      size_t len;
      unsigned char *end_ext_data, *end_ext_octet;
 +    int is_supported;
  
-     if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
-     {
-@@ -589,9 +590,9 @@ static int x509_get_crt_ext( unsigned char **p,
+     if( *p == end )
+         return( 0 );
+@@ -593,9 +594,9 @@ static int x509_get_crt_ext( unsigned char **p,
          /*
           * Detect supported extensions
           */
@@ -269,7 +268,7 @@ index 6751da0d2..149149b96 100644
          {
              /* No parser found, skip extension */
              *p = end_ext_octet;
-@@ -599,6 +600,10 @@ static int x509_get_crt_ext( unsigned char **p,
+@@ -603,6 +604,10 @@ static int x509_get_crt_ext( unsigned char **p,
  #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
              if( is_critical )
              {
@@ -280,7 +279,7 @@ index 6751da0d2..149149b96 100644
                  /* Data is marked as critical: fail */
                  return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                          MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-@@ -952,6 +957,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
+@@ -956,6 +961,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
  
          prev = crt;
          mbedtls_x509_crt_init( crt->next );
@@ -315,10 +314,10 @@ index 000000000..7e0c56134
 +OwQ6w1HweApjB46bGyILpGUi9MZhvCnoLWg+cN3/wQ==
 +-----END CERTIFICATE-----
 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
-index 406cf5931..212a2825a 100644
+index 0fe68cb06..e39f065e2 100644
 --- a/tests/suites/test_suite_x509parse.data
 +++ b/tests/suites/test_suite_x509parse.data
-@@ -1766,6 +1766,12 @@ X509 File parse (trailing spaces, OK)
+@@ -1798,6 +1798,12 @@ X509 File parse (trailing spaces, OK)
  depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
  x509parse_crt_file:"data_files/server7_trailing_space.crt":0
  
@@ -332,10 +331,10 @@ index 406cf5931..212a2825a 100644
  depends_on:MBEDTLS_X509_USE_C
  x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
-index 06f010828..75936010f 100644
+index 584ee822b..c12a0e0ef 100644
 --- a/tests/suites/test_suite_x509parse.function
 +++ b/tests/suites/test_suite_x509parse.function
-@@ -437,6 +437,21 @@ exit:
+@@ -448,6 +448,21 @@ exit:
  }
  /* END_CASE */
  
@@ -358,5 +357,5 @@ index 06f010828..75936010f 100644
  void x509parse_crt( char *crt_data, char *result_str, int result )
  {
 -- 
-2.18.0
+2.22.0.windows.1