github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Apply patches

Browse Source
This commit is contained in:
Sergey Abramchuk
2020-08-18 13:54:37 +03:00
parent a559b32781
commit 7b1f143822
15 changed files with 212 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Sources/mbedTLS/include/mbedtls/bn_mul.h
+1 -1
View File
@@ -62,7 +62,7 @@
* This is done as the number of registers used in the assembly code doesn't
* work with the -O0 option.
*/
#if defined(__i386__) && defined(__OPTIMIZE__)
#if defined(__i386__) && defined(__OPTIMIZE__) && (!defined(__ANDROID_API__) || defined(__clang__))
#define MULADDC_INIT \
asm( \
Sources/mbedTLS/include/mbedtls/oid.h
+12 -1
View File
@@ -410,7 +410,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
* \brief Translate an X.509 extension OID into local values
* \brief Translate supported X.509 extension OID into local values
*
* \param oid OID to use
* \param ext_type place to store the extension type
@@ -418,6 +418,17 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
/**
* \brief Translate supported and unsupported X.509 extension OID into local values
*
* \param oid OID to use
* \param ext_type place to store the extension type
* \param is_supported place to store flag if extension is supported (1 - supported, 0 otherwise)
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type_supported( const mbedtls_asn1_buf *oid, int *ext_type, int *is_supported );
#endif
/**
Sources/mbedTLS/include/mbedtls/ssl.h
+22
View File
@@ -696,6 +696,10 @@ struct mbedtls_ssl_config
retransmission timeout (ms) */
#endif
uint32_t allowed_unsupported_critical_exts; /*!< Bit flags which represent runtime-enabled
unsupported critical extensions, e.g.
MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
@@ -2298,6 +2302,24 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
* \brief Allows unsupported critical extensions
*
* Without compile-time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
* mbedTLS fails certificate verification if certificate contains
* unsupported critical extensions.
*
* This method allows to modify behavior in runtime by providing
* bit flags which represent unsupported extensions (for example MBEDTLS_X509_EXT_NAME_CONSTRAINTS)
* which should be allowed despite missing above mentioned compile-time flag.
*
* \param conf SSL configuration
* \param exts Bit flags which represent runtime-enabled unsupported critical extensions,
* e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS
*
*/
void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts );
/**
* \brief Return the number of data bytes available to read
*
Sources/mbedTLS/include/mbedtls/x509_crt.h
+2
View File
@@ -90,6 +90,8 @@ typedef struct mbedtls_x509_crt
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
uint32_t allowed_unsupported_critical_exts; /**< Optional Bit flags which represent runtime-enabled unsupported critical extensions, e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;