github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-02-11 00:00:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert patches

Browse Source
This commit is contained in:
Sergey Abramchuk
2020-08-18 13:46:07 +03:00
parent a3f8df48a8
commit ec718ccc57
15 changed files with 18 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Sources/ASIO/asio/include/asio/basic_socket.hpp
View File

@@ -950,8 +950,6 @@ public:
{
const protocol_type protocol = peer_endpoint.protocol();
impl_.get_service().open(impl_.get_implementation(), protocol, open_ec);
if (!open_ec)
async_connect_post_open(protocol, open_ec);
}
return async_initiate<ConnectHandler, void (asio::error_code)>(
@@ -1802,11 +1800,6 @@ protected:
#endif
private:
// optional user code hook immediately after socket open in async_connect
virtual void async_connect_post_open(const protocol_type& protocol, asio::error_code& ec)
{
}
// Disallow copying and assignment.
basic_socket(const basic_socket&) ASIO_DELETED;
basic_socket& operator=(const basic_socket&) ASIO_DELETED;

17
Sources/ASIO/asio/include/asio/detail/impl/socket_ops.ipp
View File

@@ -3339,23 +3339,6 @@ asio::error_code getaddrinfo(const char* host,
# endif
#elif !defined(ASIO_HAS_GETADDRINFO)
int error = getaddrinfo_emulation(host, service, &hints, result);
return ec = translate_addrinfo_error(error);
#elif defined(ASIO_HAS_GETADDRINFO) && defined(ASIO_APPLE_NAT64)
// For NAT64 compatibility, Apple recommends to set AI_DEFAULT flags
addrinfo_type new_hints = hints;
new_hints.ai_flags |= AI_DEFAULT;
int error = ::getaddrinfo(host, service, &new_hints, result);
// iOS bug workaround: sometimes iOS getaddrinfo() returns a non-zero scope ID
// for non-link-local addresses. Workaround by forcing scope ID to 0 for
// non-link-local addresses.
if (!error && (*result)->ai_family == AF_INET6)
{
sockaddr_in6* a6 = (sockaddr_in6*)(*result)->ai_addr;
if (a6->sin6_scope_id && !(IN6_IS_ADDR_LINKLOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_NODELOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&a6->sin6_addr)))
a6->sin6_scope_id = 0;
}
return ec = translate_addrinfo_error(error);
#else
int error = ::getaddrinfo(host, service, &hints, result);

2
Sources/ASIO/asio/include/asio/impl/error_code.ipp
View File

@@ -80,7 +80,7 @@ public:
DWORD length = ::FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER
| FORMAT_MESSAGE_FROM_SYSTEM
| FORMAT_MESSAGE_IGNORE_INSERTS, 0, value,
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), (char*)&msg, 0, 0);
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (char*)&msg, 0, 0);
detail::local_free_on_block_exit local_free_obj(msg);
if (length && msg[length - 1] == '\n')
msg[--length] = '\0';

7
Sources/ASIO/asio/include/asio/ip/basic_resolver_results.hpp
View File

@@ -18,7 +18,6 @@
#include "asio/detail/config.hpp"
#include <cstddef>
#include <cstring>
#include <algorithm>
#include "asio/detail/socket_ops.hpp"
#include "asio/detail/socket_types.hpp"
#include "asio/ip/basic_resolver_iterator.hpp"
@@ -300,12 +299,6 @@ public:
return !a.equal(b);
}
template <typename Random>
void randomize(Random& r)
{
std::shuffle(this->values_->begin(), this->values_->end(), r);
}
private:
typedef std::vector<basic_resolver_entry<InternetProtocol> > values_type;
};

2
Sources/mbedTLS/include/mbedtls/bn_mul.h
View File

@@ -62,7 +62,7 @@
* This is done as the number of registers used in the assembly code doesn't
* work with the -O0 option.
*/
#if defined(__i386__) && defined(__OPTIMIZE__) && (!defined(__ANDROID_API__) || defined(__clang__))
#if defined(__i386__) && defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \

13
Sources/mbedTLS/include/mbedtls/oid.h
View File

@@ -410,7 +410,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
* \brief Translate supported X.509 extension OID into local values
* \brief Translate an X.509 extension OID into local values
*
* \param oid OID to use
* \param ext_type place to store the extension type
@@ -418,17 +418,6 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
/**
* \brief Translate supported and unsupported X.509 extension OID into local values
*
* \param oid OID to use
* \param ext_type place to store the extension type
* \param is_supported place to store flag if extension is supported (1 - supported, 0 otherwise)
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type_supported( const mbedtls_asn1_buf *oid, int *ext_type, int *is_supported );
#endif
/**

22
Sources/mbedTLS/include/mbedtls/ssl.h
View File

@@ -696,10 +696,6 @@ struct mbedtls_ssl_config
retransmission timeout (ms) */
#endif
uint32_t allowed_unsupported_critical_exts; /*!< Bit flags which represent runtime-enabled
unsupported critical extensions, e.g.
MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
@@ -2302,24 +2298,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
* \brief Allows unsupported critical extensions
*
* Without compile-time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* mbedTLS fails certificate verification if certificate contains
* unsupported critical extensions.
*
* This method allows to modify behavior in runtime by providing
* bit flags which represent unsupported extensions (for example MBEDTLS_X509_EXT_NAME_CONSTRAINTS)
* which should be allowed despite missing above mentioned compile-time flag.
*
* \param conf SSL configuration
* \param exts Bit flags which represent runtime-enabled unsupported critical extensions,
* e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS
*
*/
void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts );
/**
* \brief Return the number of data bytes available to read
*

2
Sources/mbedTLS/include/mbedtls/x509_crt.h
View File

@@ -90,8 +90,6 @@ typedef struct mbedtls_x509_crt
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
uint32_t allowed_unsupported_critical_exts; /**< Optional Bit flags which represent runtime-enabled unsupported critical extensions, e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;

81
Sources/mbedTLS/library/oid.c
View File

@@ -254,95 +254,38 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, co
typedef struct {
mbedtls_oid_descriptor_t descriptor;
int ext_type;
int is_supported;
} oid_x509_ext_t;
static const oid_x509_ext_t oid_x509_ext[] =
{
{
{ ADD_LEN( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), "id-ce-authorityKeyIdentifier", "Authority Key Identifier" },
MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, 0,
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier", "Subject Key Identifier" },
MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, 0,
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
MBEDTLS_X509_EXT_KEY_USAGE,
},
{
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
MBEDTLS_X509_EXT_KEY_USAGE, 1,
{ ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
},
{
{ ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, 0,
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
},
{
{ ADD_LEN( MBEDTLS_OID_POLICY_MAPPINGS ), "id-ce-policyMappings", "Policy Mapping" },
MBEDTLS_X509_EXT_POLICY_MAPPINGS, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_ISSUER_ALT_NAME ), "id-ce-issuerAltName", "Issuer Alt Name" },
MBEDTLS_X509_EXT_ISSUER_ALT_NAME, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS ), "id-ce-subjectDirectoryAttributes", "Subject Directory Attributes" },
MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, 1,
},
{
{ ADD_LEN( MBEDTLS_OID_NAME_CONSTRAINTS ), "id-ce-nameConstraints", "Name Constraints" },
MBEDTLS_X509_EXT_NAME_CONSTRAINTS, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_POLICY_CONSTRAINTS ), "id-ce-policyConstraints", "Policy Constraints" },
MBEDTLS_X509_EXT_POLICY_CONSTRAINTS, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, 1
},
{
{ ADD_LEN( MBEDTLS_OID_CRL_DISTRIBUTION_POINTS ), "id-ce-cRLDistributionPoints", "CRL Distribution Points" },
MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_INIHIBIT_ANYPOLICY ), "id-ce-inhibitAnyPolicy", "Inhibit Any Policy" },
MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_FRESHEST_CRL ), "id-ce-freshestCRL", "Freshest CRL" },
MBEDTLS_X509_EXT_FRESHEST_CRL, 0,
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, 1
},
{
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
MBEDTLS_X509_EXT_NS_CERT_TYPE, 1
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
MBEDTLS_X509_EXT_NS_CERT_TYPE,
},
{
{ NULL, 0, NULL, NULL },
0, 0
0,
},
};
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
FN_OID_GET_ATTR2(mbedtls_oid_get_x509_ext_type_supported, oid_x509_ext_t, x509_ext, int, ext_type, int, is_supported)
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type )
{
int ret = 0;
int is_supported = 0;
ret = mbedtls_oid_get_x509_ext_type_supported(oid, ext_type, &is_supported);
if( is_supported == 0 )
ret = MBEDTLS_ERR_OID_NOT_FOUND;
return( ret );
}
FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{

8
Sources/mbedTLS/library/ssl_tls.c
View File

@@ -4668,9 +4668,6 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
ssl->session_negotiate->peer_cert->allowed_unsupported_critical_exts =
ssl->conf->allowed_unsupported_critical_exts;
i += 3;
while( i < ssl->in_hslen )
@@ -6629,11 +6626,6 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts )
{
conf->allowed_unsupported_critical_exts = exts;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_SSL_CLI_C)
void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )

18
Sources/mbedTLS/library/x509.c
View File

@@ -564,20 +564,13 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
/*
* Parse seconds if present
*/
if ( len >= 2 && **p >= '0' && **p <= '9' )
if ( len >= 2 )
{
CHECK( x509_parse_int( p, 2, &tm->sec ) );
len -= 2;
}
else
{
#if defined(MBEDTLS_RELAXED_X509_DATE)
/* if relaxed mode, allow seconds to be absent */
tm->sec = 0;
#else
return ( MBEDTLS_ERR_X509_INVALID_DATE );
#endif
}
/*
* Parse trailing 'Z' if present
@@ -587,15 +580,6 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
(*p)++;
len--;
}
#if defined(MBEDTLS_RELAXED_X509_DATE)
else if ( len == 5 && **p == '+' )
{
int tz; /* throwaway timezone */
(*p)++;
CHECK( x509_parse_int( p, 4, &tz ) );
return 0;
}
#endif
/*
* We should have parsed all characters at this point

10
Sources/mbedTLS/library/x509_crt.c
View File

@@ -539,7 +539,6 @@ static int x509_get_crt_ext( unsigned char **p,
int ret;
size_t len;
unsigned char *end_ext_data, *end_ext_octet;
int is_supported;
if( *p == end )
return( 0 );
@@ -594,9 +593,9 @@ static int x509_get_crt_ext( unsigned char **p,
/*
* Detect supported extensions
*/
ret = mbedtls_oid_get_x509_ext_type_supported( &extn_oid, &ext_type, &is_supported );
ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
if( ( ret != 0 ) || ( is_supported == 0 ) )
if( ret != 0 )
{
/* No parser found, skip extension */
*p = end_ext_octet;
@@ -604,10 +603,6 @@ static int x509_get_crt_ext( unsigned char **p,
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
/* Do not fail if extension is found, but unsupported and allowed in runtime */
if( ( ret == 0 ) && ( ext_type & crt->allowed_unsupported_critical_exts ) )
continue;
/* Data is marked as critical: fail */
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
@@ -961,7 +956,6 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
prev = crt;
mbedtls_x509_crt_init( crt->next );
crt->next->allowed_unsupported_critical_exts = crt->allowed_unsupported_critical_exts;
crt = crt->next;
}

20
Sources/mbedTLS/tests/data_files/test-ca-nc.crt
View File

@@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIJAJx/NjT4C4viMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
BAMMCExlZXZpQ0E0MB4XDTE4MDEyNzE1MDczMloXDTI4MDEyNTE1MDczMlowEzER
MA8GA1UEAwwITGVldmlDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDWN79RTlyFm5o0LVMSVjc68W0+gtl95xpaaD7IS6gDYjcbGnCwSefiq7y9rtck
OM1A5Bzhj5+iWbmZStUmeJUhSGgxP/FxuUaAV0fsBGJ5jDrzmbhzDkHsNxDMB2ks
XFyy4LfODcBs9TXxY43KUKuq/0meiT3WAaZWHMYle9vkQJM2l0RyH4IXHCHiIRwd
2wntin6T9QOFJOc2ietNb7KsXVne81wb7h9BVMsjCIAsbPpHa+PZQs1xFuxmRxCs
kpavnMy+SqevHhvqtvbHppcXYtZspTnkVoXWUdx3HHXgZMQKlAWlwyx57xpZBU2g
qksO+KCLVYOQMN9usmuMOpHHAgMBAAGjgaEwgZ4wHQYDVR0eAQH/BBMwEaAPMA2C
C2V4YW1wbGUuY29tMB0GA1UdDgQWBBR3T9IilPeRAFfLO8ocg216OBo+6DBDBgNV
HSMEPDA6gBR3T9IilPeRAFfLO8ocg216OBo+6KEXpBUwEzERMA8GA1UEAwwITGVl
dmlDQTSCCQCcfzY0+AuL4jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAR086ciNM3ujSQNhhguqFHYGfDRRuAgOk4l7GXIfFa9te
B2KMLSwP367QaMwFxRrOoDvixIjzbpiiKB3cv+IXqGyfsRJw47XLwGK4FtSsXjst
m2M8W5iXBQ94XoLj9OKb4ZJWKI930S/PF7uuxICtWttYSoylfyMkiR45+1SLj2eF
X4EnXK3Q0H42v8LCDFqj9iNQ2WMLwA7kFPB+oOZxkFi2G0F3VuW+JZeBPQCpYdRO
0kQQ/gIZE6KEdscKHi9y6OfGSeRlDBMADky9NiZy7I3AcspLcmMQh/191/DnooNe
OwQ6w1HweApjB46bGyILpGUi9MZhvCnoLWg+cN3/wQ==
-----END CERTIFICATE-----

6
Sources/mbedTLS/tests/suites/test_suite_x509parse.data
View File

@@ -1798,12 +1798,6 @@ X509 File parse (trailing spaces, OK)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
X509 File parse (unsupported critical ext Name Constraints, fail)
x509parse_crt_file:"data_files/test-ca-nc.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 File parse (allowed unsupported critical ext Name Constraints, ok)
x509parse_crt_file_allow_exts:"data_files/test-ca-nc.crt":MBEDTLS_X509_EXT_NAME_CONSTRAINTS:0
X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0

15
Sources/mbedTLS/tests/suites/test_suite_x509parse.function
View File

@@ -448,21 +448,6 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
void x509parse_crt_file_allow_exts( char *crt_file, int exts, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
crt.allowed_unsupported_critical_exts = exts;
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{