Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' changes from cc90cde57..6608878d5

6608878d5 [OVPN3-341] implement mssfix support
1bf3fc0e4 win: update project files
f8d209435 travis: update to default osx image: xcode9.4
31eb246a8 travis.yml: align deps version to lib-version
996f86635 RunContext: fixed rebase issue that added two "default: signal_rearm();" clauses
aebea6456 build script: minor changes to Cityhash inclusion
1d754072c modstat: make update_file_mod_time_nanoseconds() a no-op on non-Linux
7974c9867 Fixed some breakage caused by recent endian/ffs commits
a0dd7fe8b endian.hpp: break out endian compile-time tests to endian_platform.hpp
c8bdf5a34 ffs.hpp: support additional numeric types
dcb0c9452 BufferType: append() argument can now be a flexible buffer type
2009a8a25 Added AsioTimerSafe
39e71b7dd event_loop_wait_barrier: use a longer default timeout when running under valgrind
8b7e08e9b string::contains_non_space_ctrl: consider ASCII char 127 (DEL) to be a control char
e43024d7c RunContext: rearm non-terminating signals
6ab379323 write_binary_atomic: remove temporary file on move failure
55dc653cd path: added is_contained()
02bf235c6 Reverted previous commit: "ReplyParser: added undefined status"
84dbc5b9b Allow test/cli.cpp to be used with NetCfg Tunbuilder client
80fed2c55 Allow updating auth-token during session
ad7da751e don't print time in debug message and use OPENVPN_LOG_PROTO_VERBOSE
981407994 tls-crypt-v2: implement abstract metadata parser
be38bbeb8 tls-crypt-v2: test/ssl/proto.cpp - extend protocol test
60fcf374f tls-crypt-v2: implement WKc appending/unwrapping logic
51f4a3a29 tls-crypt-v2: introduce CONTROL_HARD_RESET_V3 packet type
156a6e58b tls-crypt-v2: implement client key parser and renderer
54a97b381 ssl: add support for encoding/decoding PEM format
f090fcda4 tls-crypt: make HMAC API more generic
d87f5bbc0 OpenSSL: init library
2ea88a93b Add Remote endpoint information to protect_socket call
0a081ee17 [OVPN3-315] cli/go: add option to compile SITNL component
5bbfb57c0 [OVPN3-315] TunLinux::Client: allow user to select netlink at compile time
e8458a68e [OVPN3-315] GW: add netlink support
4e77edb9e [OVPN3-315] TunLinux: add Netlink implementation for Tun setup methods
68508fe56 bigmutex: include missing extern.hpp header
a7b923e1e Fix logic inversion from commit 2de9aebc
923e10d13 runcontext: arrange members to allow inheritance
2de9aebc7 Replace deprecated mbedtls_sha1 with mbedtls_sha1_ret
e9c0bd00b Remove unused private field
ee17c33c2 Add virtual deconstructor to TransportClientParent
fab64ba0f Fix clang warning about unused attributes and missing overrides
2624d9ddf Also parse dhcp-option DNS6 as DNS server for compatibility with OpenVPN 2
6d12c9cc2 Refuse external pki with non RSA keys
4a25059f5 test/ovpncli: Don't override PROF env variable
f241c4c5f scripts: Add tool to update copyright years
27beeb03d Update lz4 version to 1.8.3
17e356858 Define DASIO_HAS_STD_STRING_VIEW on Android build
b107fd994 Remove unsupported platforms from Android build
6a200f72e Ensure all Android components are always installed
fbcd374a4 [OVPN3-327] OpenSSL: ensure >TLS1.0 is negotiated by default
d9b1f78b6 JSON: #define OPENVPN_JSON_INTERNAL when internal JSON library is used
39290f19d Fix build issues with #if macro on big-endian hardware
d4f62d9ed Fix instantiating a new URL instead of parsing the URL

git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn
git-subtree-split: 6608878d57eec1c64c16c5a13ee65b2cf0418ca1

test/ssl/proto.cpp

@@ -41,7 +41,8 @@
 
 #if !defined(USE_TLS_AUTH) && !defined(USE_TLS_CRYPT)
 //#define USE_TLS_AUTH
-#define USE_TLS_CRYPT
+//#define USE_TLS_CRYPT
+#define USE_TLS_CRYPT_V2
 #endif
 
 #define OPENVPN_INSTRUMENTATION
@@ -834,6 +835,8 @@ int test(const int thread_num)
     const std::string server_key = read_text("server.key");
     const std::string dh_pem = read_text("dh.pem");
     const std::string tls_auth_key = read_text("tls-auth.key");
+    const std::string tls_crypt_v2_server_key = read_text("tls-crypt-v2-server.key");
+    const std::string tls_crypt_v2_client_key = read_text("tls-crypt-v2-client.key");
 
     // client config
     ClientSSLAPI::Config::Ptr cc(new ClientSSLAPI::Config());
@@ -888,6 +891,17 @@ int test(const int thread_num)
     cp->tls_crypt_factory.reset(new CryptoTLSCryptFactory<ClientCryptoAPI>());
     cp->tls_key.parse(tls_auth_key);
     cp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR"));
+#endif
+#ifdef USE_TLS_CRYPT_V2
+    cp->tls_crypt_factory.reset(new CryptoTLSCryptFactory<ClientCryptoAPI>());
+    cp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR"));
+    {
+      TLSCryptV2ClientKey tls_crypt_v2_key(cp->tls_crypt_context);
+      tls_crypt_v2_key.parse(tls_crypt_v2_client_key);
+      tls_crypt_v2_key.extract_key(cp->tls_key);
+      tls_crypt_v2_key.extract_wkc(cp->wkc);
+    }
+    cp->tls_crypt_v2 = true;
 #endif
     cp->reliable_window = 4;
     cp->max_ack_list = 4;
@@ -959,10 +973,21 @@ int test(const int thread_num)
     sp->set_tls_auth_digest(CryptoAlgs::lookup(PROTO_DIGEST));
     sp->key_direction = 1;
 #endif
-#ifdef USE_TLS_CRYPT
-    sp->tls_crypt_factory.reset(new CryptoTLSCryptFactory<ServerCryptoAPI>());
+#if defined(USE_TLS_CRYPT)
+    sp->tls_crypt_factory.reset(new CryptoTLSCryptFactory<ClientCryptoAPI>());
     sp->tls_key.parse(tls_auth_key);
     sp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR"));
+#endif
+#ifdef USE_TLS_CRYPT_V2
+    sp->tls_crypt_factory.reset(new CryptoTLSCryptFactory<ClientCryptoAPI>());
+    {
+      TLSCryptV2ServerKey tls_crypt_v2_key;
+      tls_crypt_v2_key.parse(tls_crypt_v2_server_key);
+      tls_crypt_v2_key.extract_key(sp->tls_key);
+    }
+    sp->set_tls_crypt_algs(CryptoAlgs::lookup("SHA256"), CryptoAlgs::lookup("AES-256-CTR"));
+    sp->tls_crypt_metadata_factory.reset(new CryptoTLSCryptMetadataFactory());
+    sp->tls_crypt_v2 = true;
 #endif
     sp->reliable_window = 4;
     sp->max_ack_list = 4;