Merge commit 'e9b9b66317298258a27ad20c5a4ed7cac300acaa' into feature/update-dependencies

Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/openvpn/client/async_resolve.hpp

@@ -0,0 +1,37 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2019 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_CLIENT_ASYNC_RESOLVE_H
+#define OPENVPN_CLIENT_ASYNC_RESOLVE_H
+
+#ifdef USE_ASIO
+#include <openvpn/client/async_resolve/asio.hpp>
+#else
+#include <openvpn/client/async_resolve/generic.hpp>
+#endif
+
+// create shortcuts for common templated classes
+namespace openvpn {
+  typedef AsyncResolvable<openvpn_io::ip::udp::resolver> AsyncResolvableUDP;
+  typedef AsyncResolvable<openvpn_io::ip::tcp::resolver> AsyncResolvableTCP;
+}
+
+#endif /* OPENVPN_CLIENT_ASYNC_RESOLVE_H */

Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/openvpn/client/async_resolve/asio.hpp

@@ -0,0 +1,121 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2019 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_CLIENT_ASYNC_RESOLVE_ASIO_H
+#define OPENVPN_CLIENT_ASYNC_RESOLVE_ASIO_H
+
+#include <openvpn/io/io.hpp>
+#include <openvpn/asio/asiowork.hpp>
+
+#include <openvpn/common/bigmutex.hpp>
+#include <openvpn/common/rc.hpp>
+#include <openvpn/common/hostport.hpp>
+
+
+namespace openvpn {
+  template<typename RESOLVER_TYPE>
+  class AsyncResolvable: public virtual RC<thread_unsafe_refcount>
+  {
+  private:
+    typedef RCPtr<AsyncResolvable> Ptr;
+
+    openvpn_io::io_context& io_context;
+
+    class ResolveThread : public RC<thread_safe_refcount>
+    {
+      friend class AsyncResolvable<RESOLVER_TYPE>;
+
+    private:
+      typedef RCPtr<ResolveThread> Ptr;
+
+      std::unique_ptr<AsioWork> asio_work;
+      openvpn_io::io_context& io_context;
+      AsyncResolvable<RESOLVER_TYPE> *resolvable;
+
+      ResolveThread(openvpn_io::io_context &io_context_arg,
+		    AsyncResolvable<RESOLVER_TYPE> *resolvable_arg,
+		    const std::string& host, const std::string& port)
+	: asio_work(new AsioWork(io_context_arg)),
+	  io_context(io_context_arg),
+	  resolvable(resolvable_arg)
+      {
+	std::thread resolve_thread([self=Ptr(this), host, port]() {
+	    openvpn_io::io_context io_context(1);
+	    openvpn_io::error_code error;
+	    RESOLVER_TYPE resolver(io_context);
+	    typename RESOLVER_TYPE::results_type results;
+	    results = resolver.resolve(host, port, error);
+
+	    openvpn_io::post(self->io_context, [self, results, error]() {
+	      OPENVPN_ASYNC_HANDLER;
+	      self->resolvable->resolve_callback(error, results);
+	    });
+
+	    // the AsioWork can be released now that we have posted
+	    // something else to the main io_context queue
+	    self->asio_work.reset();
+	  });
+	// detach the thread so that the client won't need to wait for
+	// it to join.
+        resolve_thread.detach();
+      }
+    };
+
+  public:
+    AsyncResolvable(openvpn_io::io_context& io_context_arg)
+      : io_context(io_context_arg)
+    {
+    }
+
+    virtual void resolve_callback(const openvpn_io::error_code& error,
+				  typename RESOLVER_TYPE::results_type results) = 0;
+
+    // mimic the asynchronous DNS resolution by performing a
+    // synchronous one in a detached thread.
+    //
+    // This strategy has the advantage of allowing the core to
+    // stop/exit without waiting for the getaddrinfo() (used
+    // internally) to terminate.
+    // Note: getaddrinfo() is non-interruptible by design.
+    //
+    // In other words, we are re-creating exactly what ASIO would
+    // normally do in case of async_resolve(), with the difference
+    // that here we have control over the resolving thread and we
+    // can easily detach it. Deatching the internal thread created
+    // by ASIO would not be feasible as it is not exposed.
+    void async_resolve_name(const std::string& host, const std::string& port)
+    {
+      // there might be nothing else in the main io_context queue
+      // right now, therefore we use AsioWork to prevent the loop
+      // from exiting while we perform the DNS resolution in the
+      // detached thread.
+      typename ResolveThread::Ptr t(new ResolveThread(io_context, this, host, port));
+    }
+
+    // The core assumes the existence of this method because it is used on
+    // other platforms (i.e. iOS), therefore we must declare it, even if no-op
+    void async_resolve_cancel()
+    {
+    }
+  };
+}
+
+#endif /* OPENVPN_CLIENT_ASYNC_RESOLVE_ASIO_H */

Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/openvpn/client/async_resolve/generic.hpp

@@ -0,0 +1,74 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2019 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_CLIENT_ASYNC_RESOLVE_GENERIC_H
+#define OPENVPN_CLIENT_ASYNC_RESOLVE_GENERIC_H
+
+#include <openvpn/common/bigmutex.hpp>
+#include <openvpn/common/rc.hpp>
+#include <openvpn/common/hostport.hpp>
+
+
+namespace openvpn {
+  template<typename RESOLVER_TYPE>
+  class AsyncResolvable: public virtual RC<thread_unsafe_refcount>
+  {
+  private:
+    typedef RCPtr<AsyncResolvable> Ptr;
+
+    openvpn_io::io_context& io_context;
+    RESOLVER_TYPE resolver;
+
+  public:
+    AsyncResolvable(openvpn_io::io_context& io_context_arg)
+      : io_context(io_context_arg),
+        resolver(io_context_arg)
+    {
+    }
+
+    virtual void resolve_callback(const openvpn_io::error_code& error,
+				  typename RESOLVER_TYPE::results_type results) = 0;
+
+    // This implementation assumes that the i/o reactor provides an asynchronous
+    // DNS resolution routine using its own primitives and that doesn't require
+    // us to take care of any non-interruptible opration (i.e. getaddrinfo() in
+    // case of ASIO).
+    //
+    // For example, iOS implements aync_resolve using GCD and CFHost. This
+    // implementation satisfies the constraints mentioned above
+    void async_resolve_name(const std::string& host, const std::string& port)
+    {
+	resolver.async_resolve(host, port, [self=Ptr(this)](const openvpn_io::error_code& error,
+							    typename RESOLVER_TYPE::results_type results)
+	{
+	  OPENVPN_ASYNC_HANDLER;
+	  self->resolve_callback(error, results);
+	});
+    }
+
+    void async_resolve_cancel()
+    {
+      resolver.cancel();
+    }
+  };
+}
+
+#endif /* OPENVPN_CLIENT_ASYNC_RESOLVE_GENERIC_H */

Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/openvpn/client/remotelist.hpp

@@ -31,10 +31,12 @@
 #include <vector>
 #include <algorithm>
 #include <utility>
+#include <thread>
 
 #include <openvpn/io/io.hpp>
 #include <openvpn/asio/asiowork.hpp>
 
+#include <openvpn/common/bigmutex.hpp>
 #include <openvpn/common/exception.hpp>
 #include <openvpn/common/rc.hpp>
 #include <openvpn/common/options.hpp>
@@ -46,6 +48,7 @@
 #include <openvpn/transport/protocol.hpp>
 #include <openvpn/client/cliconstants.hpp>
 #include <openvpn/log/sessionstats.hpp>
+#include <openvpn/client/async_resolve.hpp>
 
 #if OPENVPN_DEBUG_REMOTELIST >= 1
 #define OPENVPN_LOG_REMOTELIST(x) OPENVPN_LOG(x)
@@ -54,80 +57,6 @@
 #endif
 
 namespace openvpn {
-  template<typename RESOLVER_TYPE>
-  class AsyncResolvable: public virtual RC<thread_unsafe_refcount>
-  {
-  private:
-    typedef RCPtr<AsyncResolvable> Ptr;
-
-    openvpn_io::io_context& io_context;
-    std::unique_ptr<AsioWork> asio_work;
-
-  public:
-    AsyncResolvable(openvpn_io::io_context& io_context_arg)
-      : io_context(io_context_arg)
-    {
-    }
-
-    virtual void resolve_callback(const openvpn_io::error_code& error,
-				  typename RESOLVER_TYPE::results_type results) = 0;
-
-    // mimic the asynchronous DNS resolution by performing a
-    // synchronous one in a detached thread.
-    //
-    // This strategy has the advantage of allowing the core to
-    // stop/exit without waiting for the getaddrinfo() (used
-    // internally) to terminate.
-    // Note: getaddrinfo() is non-interruptible by design.
-    //
-    // In other words, we are re-creating exactly what ASIO would
-    // normally do in case of async_resolve(), with the difference
-    // that here we have control over the resolving thread and we
-    // can easily detach it. Deatching the internal thread created
-    // by ASIO would not be feasible as it is not exposed.
-    void async_resolve_name(const std::string& host, const std::string& port)
-    {
-      // there might be nothing else in the main io_context queue
-      // right now, therefore we use AsioWork to prevent the loop
-      // from exiting while we perform the DNS resolution in the
-      // detached thread.
-      asio_work.reset(new AsioWork(io_context));
-
-      std::thread resolve_thread([self=Ptr(this), host, port]() {
-        openvpn_io::io_context io_context(1);
-	openvpn_io::error_code error;
-	RESOLVER_TYPE resolver(io_context);
-	typename RESOLVER_TYPE::results_type results;
-	results = resolver.resolve(host, port, error);
-
-	openvpn_io::post(self->io_context, [self, results, error]() {
-	  OPENVPN_ASYNC_HANDLER;
-	  self->resolve_callback(error, results);
-	});
-
-	// the AsioWork can be released now that we have posted
-	// something else to the main io_context queue
-	self->asio_work.reset();
-      });
-
-      // detach the thread so that the client won't need to wait for
-      // it to join.
-      resolve_thread.detach();
-    }
-
-    // to be called by the child class when the core wants to stop
-    // and we don't need to wait for the detached thread any longer.
-    // It simulates a resolve abort
-    void async_resolve_cancel()
-    {
-      asio_work.reset();
-    }
-  };
-
-  typedef AsyncResolvable<openvpn_io::ip::udp::resolver> AsyncResolvableUDP;
-  typedef AsyncResolvable<openvpn_io::ip::tcp::resolver> AsyncResolvableTCP;
-
-
   class RemoteList : public RC<thread_unsafe_refcount>
   {
     // A single IP address that is part of a list of IP addresses

Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/openvpn/mbedtls/ssl/sslctx.hpp

@@ -36,6 +36,7 @@
 #include <mbedtls/sha1.h>
 #include <mbedtls/debug.h>
 #include <mbedtls/asn1.h>
+#include <mbedtls/version.h>
 
 #include <openvpn/common/size.hpp>
 #include <openvpn/common/exception.hpp>
@@ -1224,11 +1225,20 @@ namespace openvpn {
 	    {
 	      const int SHA_DIGEST_LEN = 20;
 	      static_assert(sizeof(AuthCert::issuer_fp) == SHA_DIGEST_LEN, "size inconsistency");
+#if MBEDTLS_VERSION_NUMBER < 0x02070000
+	      // mbed TLS 2.7.0 and newer deprecates mbedtls_sha1()
+	      // in favour of mbedtls_sha1_ret().
+
+	      // We support for older mbed TLS versions
+	      // to be able to build on Debian 9 and Ubuntu 16.
+	      mbedtls_sha1(cert->raw.p, cert->raw.len, ssl->authcert->issuer_fp);
+#else
 	      if(mbedtls_sha1_ret(cert->raw.p, cert->raw.len, ssl->authcert->issuer_fp))
 		{
 		  OPENVPN_LOG_SSL("VERIFY FAIL -- SHA1 calculation failed.");
 		  fail = true;
 		}
+#endif
 	    }
 	}
       else if (depth == 0) // leaf-cert