github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
84ad2a289f33a43dd71276cc494f337d0fbb3ed6
OpenVPNAdapter/openvpn/compress/lzoasym_impl.hpp
T
Sergey Abramchuk 82fea30fcc Squashed 'OpenVPN Adapter/Vendors/openvpn/' changes from 4095565..3e002c8 
3e002c8 remove unused Jenkinsfile
16b1055 [OVPN3-140] Update company names in copyrights
6caca2c [OVPN3-140] Relicense back to AGPLv3
4f9ae74 cliproto: react to tls_warnings
546547b Proto: export tls_warnings attribute from SSL session
7cbaa26 SSLAPI: add tls_warning attribute
7ed93a3 clievent: add Warn event class
7a71ba1 win: get 'arch' param value from environment
61bb21b win: make parameter optional
15d66c4 [OVPN3-141] win: disable WPO
97d9c28 [OU-15] mbedtls: remove duplicated code
95aec32 [OU-15] mbedtls: refactor X509Cert to allow reuse der2pem
946753e [OVPN3-135] Win: remove unneeded default route
d7f8c47 nrpt: create separate policy per dns suffix
577b5ca cli.cpp: fix typ0 in define
fc8f89d [OVPN3-129] android: ensure all SWIG files are archived and saved
e143bc0 [OVPN3-129] android: improve build system in order to perform full build
06d23ec [OVPN3-129] build-system: let scripts download dependencies
76bb99c fix usage of to_string() in Android
44c183a time: mute type conversion warnings for UWP client
7d7490c transport: enable socket protect call for UWP
1c003ac transport: pass protocol type to external factory
c0de92c transport: add stop_requeueing method
e2c60c8 android: build core library with MD5 support
3928069 [OVPN3-119] mbedTLS: create INSECURE profile including MD5
4f99310 remove function accidentally duplicated by last merge
b91d841 self-test: add missing includes
19e33c4 [OA-14] mbedTLS: relax x509 date/time format check
f3cf645 [OVPN3-116] disable SSL_CBC_RECORD_SPLITTING
fca9ed2 [OVPN3-105] ParseClientConfig: avoid crash when not all key material is provided
7299fef [OC-42] Android: specify API level on command line
d3da3df android: build client lib for x86 (for emulator)
8e501c5 Update version for mbedTLS and lz4
e57676e ParseClientConfig: export config to json format
9aa715f ParseClientConfig: export configuration to ovpn file format
1eab4cb ParseClientConfig: add helper constructor
71a59e4 ParseClientConfig: store the entire ovpn profile
e0bb85a Transport: convert from transport protocol to config string
2fe56c3 Compress: convert from ctx type to config string
174ee25 OpenSSL: implement stub methods for new private_key_type/length() SSLAPIs
3d57708 mbedTLS: implement private_key_type/length() API
a3210f0 SSLAPI: add private_key_type/length() getter methods
8ffe888 OpenSSL: implement stub methods for new extract_* SSLAPIs
16e9160 mbedTLS: implement extended API for key material extraction
fe3d519 SSLAPI: extend API with methods to extract key material
2b4c850 Debugging: added header and build flag for valgrind run-time extensions.
b948cde ManClientInstance::Factory: added virtual stop() method.
121e975 client API: added portOverride
106981c JSON: allow alternative JSON library implementations
f206ae2 logging: added logdatetime.hpp which prepends date/time to log lines
49e933d Time: added to_double, delta_float, and delta_str methods
569b1da daemon.hpp: added class WritePid for managing pid files
63e9e04 ClientProto: reset CoarseTime object when AsioTimer is canceled
f64b501 Cleanup: allow functor to be passed by value.
ebe2560 RunContext: add configurable exit via EXIT_IN env var for debugging
1fbff4f tls-crypt: revised server-side validate_initial_packet() methods to use a BufferAllocated rather than a Buffer.
0090c51 SSLConst: added new ssl_flags() method which filters out non-ssl flags from given argument.
8379b0a CryptoDCInstance: added new RekeyType PRIMARY_SECONDARY_SWAP and use it in ProtoContext::promote_secondary_to_primary() since it more accurately reflects the underlying implementation.
18f45c2 ManClientInstance::Send: added AuthStatus::Type parameter to disconnect_user() method.
4bba803 Listen::List: added expand_ports() method.
5122e7d Listen::List: in port_offset(), set n_threads to 0 since number-of-threads data for port_offset items isn't really relevant.
4e11a6c StaticKey: added render_to_base64() and init_from_rng() methods.
190ece9 CryptoAlgs: added mode() method.
76e65cf CryptoAlgs: added AEAD_NONCE_TAIL_SIZE constant (set to 8 bytes) to represent the size in bytes of AEAD "nonce tail" normally taken from the HMAC key material.
2738718 compress: added method_to_string() method, i.e. the inverse of parse_method().
7b47f99 compress: since parse_method() performs a linear search on method, reorder so that more frequently used methods appear at the top of the list.
b428f74 library: added integer is_pow2() and log2() methods based on efficient __builtin_ffs and __builtin_clz intrinsics.
4926011 Android: adapt toolchain scripts to new SDK and move to API 26
ad4e995 mbedTLS: use mbedtls API to initialize cert object
908c611 transport: use socket_protect to communicate socket handle on UWP
92a6216 build win: read certain params from env
8166ea8 common: define uwp platform macro
0186bf6 common: report platform name as "uwp"
3f291b0 netconf: disable getting hwaddr for UWP
6365d26 transport: external factory
2ffa0c9 transport: synchronous DNS lookup
2c09c7c cliconnect.hpp: support for AsioWork always on
4f5a04d rand.hpp: allow external entropy source
b19c5da time.hpp: use GetTickCount64 on Vista and newer
712ccfc android: export DEP_DIR via vars files only if not already defined
1b5a784 asio: make sure to switch to DEP_DIR before building
4302651 changes to support android building
6f56b2b Merge pull request #21 from OpenVPN/make_test_proto_deterministic
3a5ef2b travis-ci: make testing binary deterministic
b76882d mbedtls: fix typ0 in exception message
40065a6 avoid "uninitialized variable warning"
f33e7c2 [OVPN3-5] tls-crypt: add tls-crypt support in proto.hpp test unit
74c5f4f [OVPN3-5] tls-crypt: introduce tls-crypt support
389353c proto.cpp: uninit process at the end of the execution
56a831f [OVPN3-5] crypto/ssl: add support for AES-256-CTR
7cbf539 [OVPN3-5] build script: allow user to specify its own mbedTLS folder and LDFLAGS
8ae2a3f Integrate Google Test framework
68ae101 Add swig build to jenkins pipeline
d496311 ovpncli.hpp: inline LogInfo constructor for clarity
96e0d89 Revert "Merged in OVPN3-21-prepend-log-record-with-unique- (pull request #7)"
7db95cc Make build fail on compilation errors
860129a TunBuilderCapture: make (to|from)_json methods public
2486494 random: added helper class Rand2 containing a crypto and non-crypto RNG
04175c2 appversion.hpp: Stringize VERSION -> MY_VERSION
81cb887 build script: added DPROF=1 flag
a3dd47f timestr.hpp: moved milliseconds_since_epoch() to time/epoch.hpp
59b9492 sslchoose.hpp: added SSL_LIB_NAME
8fcb797 ProtoContext::KeyContext::raw_recv() : fix state transition
e49e993 ProtoContext: comment edit
1d941aa VPNServerNetblock::Netblock refactor
7190495 Server-side renamings to break up long class names using namespaces.
3f74ec1 Listen::List: minor changes
79c789b RandomAPI: comment edit
5b5af36 Added SSLConst::SERVER_TO_SERVER flag
fe00df4 OpenSSLContext::Config::set_rng: call assert_crypto()
3ae0076 In sslchoose.hpp, move OPENVPN_LOG_SSL macro to new file ssllog.hpp
1502cf6 URL::Parse: made is_valid_uri_char() standalone and moved to validate_uri.hpp
2dcb189 Added HTTP::Status::SwitchingProtocols constant
2f57024 HTTP::HeaderList: added get_value_trim_lower() method
bee94d2 HTTP::HeaderList: get_value() and get_value_trim() should return std::string instead of const std::string
5debab1 Frame::Context: #define OPENVPN_NO_IO to allow building without i/o layer
faf8f8f StaticKey: added parse_from_base64() method
d11f250 HashString: added final_base64() method
c373bf8 CompressContext: use C++11 member initialization and remove explicit attribute on constructor
bd75cd7 RCPtr: added operator==() and operator!=() methods
7be33c5 PThreadBarrier: fixed incorrect comment
6f5f77b Link: use move semantics
17a5d89 inotify.hpp: no longer used
8ce39fc added render_hex() and render_hex_sep() methods that accept void* data
ddc8e8a Function: use std::forward
76ee587 write_binary_atomic(): added tmpdir (temporary directory) parameter
f366d55 base64: encode() now accepts void* data
462fe90 BufferType: added read(), write(), and prepend() variants that accept void* data
9ad1be4 IP::RouteType: added host_bits() method
3ebc8c7 IPv[46]::Addr::to_sockaddr() now accepts optional port number
ce0977b Support Cityhash.
fdbb0b9 IP::Addr: added validate_prefix_len()
25146d8 IP::Addr::from_ipv[4|6](): use move semantics
a264f99 Merge pull request #20 from OpenVPN/fix_travis_ci_coverity
966e212 travis: don't mess up the SSL libs for wget/curl
2b8f09d Merge pull request #19 from OpenVPN/antonio/travis-ci-to-coverity
127cbb0 travis.yml: send build to Coverity SCAN when building master
2bca49b Merge pull request #15 from OpenVPN/antonio/travis-ci
a5ce566 add basic support for Travis CI
f9b14e9 macOS: add basic logging support
2b9188d Remotelist: pass meaningful port value to resolve::async_resolve()
4ebdbd0 Merged in OVPN3-38-improve-jenkins-pipeline-script (pull request #8)
832cf7f Report build status to Bitbucket
62423c9 Merged in OVPN3-21-prepend-log-record-with-unique- (pull request #7)
cce2455 Prepend log string with unique reference.
f26b08b Merged in OVPN3-25-pipeline-build (pull request #4)
dc5ff1f Add OpenSSL version building.
c77e1d6 Add pipeline script for multiplatform build.
4fab9b0 Merged in OVPN3-18-vs-project (pull request #2)
8eb0d6c Add Visual Studio project info to README
67c4989 Visual Studio 2015 solution and project files
52bfcd3 Merged in OVPN3-17 (pull request #1)
5f648ce Document Windows build process
3213c48 Support for local build settings
b3ec01b Support for gpl version of mbedtls
903abc8 Support for zipballs
4029579 AsioPolySock: support bind to local address.
1e85566 Use openvpn::strerror_str() instead of std::strerror().
3ba37fc OpenVPN 3 client: added OPENVPN_OVPNCLI_ASYNC_SETUP flag.

git-subtree-dir: OpenVPN Adapter/Vendors/openvpn
git-subtree-split: 3e002c83ce2e9f9f40ddcee750d3cfa664238abe
2018-01-08 11:44:56 +03:00

411 lines
11 KiB
C++
Raw Blame History

// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// This is a special OpenVPN-specific implementation of LZO decompression.
// It is generally only used when OpenVPN is built without linkage to the
// actual LZO library, but where we want to maintain compatibility with
// peers that might send us LZO-compressed packets.
//
// It is significantly faster than LZO 2 on ARM because it makes heavy use
// of branch prediction hints.
#ifndef OPENVPN_COMPRESS_LZOASYM_IMPL_H
#define OPENVPN_COMPRESS_LZOASYM_IMPL_H
#include <cstdint> // for std::uint32_t, etc.
#include <openvpn/common/size.hpp> // for ssize_t
#include <openvpn/common/likely.hpp> // for likely/unlikely
// Implementation of asymmetrical LZO compression (only uncompress, don't compress)
// Branch prediction hints (these make a difference on ARM)
# define LZOASYM_LIKELY(x) likely(x)
# define LZOASYM_UNLIKELY(x) unlikely(x)
// Failure modes
#define LZOASYM_CHECK_INPUT_OVERFLOW(x) if (LZOASYM_UNLIKELY(int(input_ptr_end - input_ptr) < int(x))) goto input_overflow
#define LZOASYM_CHECK_OUTPUT_OVERFLOW(x) if (LZOASYM_UNLIKELY(int(output_ptr_end - output_ptr) < int(x))) goto output_overflow
#define LZOASYM_CHECK_MATCH_OVERFLOW(match_ptr) if (LZOASYM_UNLIKELY(match_ptr < output) || LZOASYM_UNLIKELY(match_ptr >= output_ptr)) goto match_overflow
#define LZOASYM_ASSERT(cond) if (LZOASYM_UNLIKELY(!(cond))) goto assert_fail
namespace openvpn {
namespace lzo_asym_impl {
// Return status values
enum {
LZOASYM_E_OK=0,
LZOASYM_E_EOF_NOT_FOUND=-1,
LZOASYM_E_INPUT_NOT_CONSUMED=-2,
LZOASYM_E_INPUT_OVERFLOW=-3,
LZOASYM_E_OUTPUT_OVERFLOW=-4,
LZOASYM_E_MATCH_OVERFLOW=-5,
LZOASYM_E_ASSERT_FAILED=-6,
LZOASYM_E_INPUT_TOO_LARGE=-7,
};
// Internal constants
enum {
LZOASYM_EOF_CODE=1,
LZOASYM_M2_MAX_OFFSET=0x0800,
};
// Polymorphic get/set/copy
template <typename T>
inline T get_mem(const void *p)
{
typedef volatile const T* cptr;
return *cptr(p);
}
template <typename T>
inline T set_mem(void *p, const T value)
{
typedef volatile T* ptr;
*ptr(p) = value;
}
template <typename T>
inline void copy_mem(void *dest, const void *src)
{
typedef volatile T* ptr;
typedef volatile const T* cptr;
*ptr(dest) = *cptr(src);
}
template <typename T>
inline bool ptr_aligned_4(const T* a, const T* b)
{
return ((size_t(a) | size_t(b)) & 3) == 0;
}
// take the number of objects difference between two pointers
template <typename T>
inline size_t ptr_diff(const T* a, const T* b)
{
return a - b;
}
// read uint16_t from memory
inline size_t get_u16(const unsigned char *p)
{
// NOTE: assumes little-endian and unaligned 16-bit access is okay.
// For a slower alternative without these assumptions, try: p[0] | (p[1] << 8)
return get_mem<std::uint16_t>(p);
}
// copy 64 bits
inline void copy_64(unsigned char *dest, const unsigned char *src)
{
// NOTE: assumes that 64-bit machines can do 64-bit unaligned access, and
// 32-bit machines can do 32-bit unaligned access.
if (sizeof(void *) == 8)
{
copy_mem<std::uint64_t>(dest, src);
}
else
{
copy_mem<std::uint32_t>(dest, src);
copy_mem<std::uint32_t>(dest+4, src+4);
}
}
// Fast version of incremental copy.
// NOTE: we might write up to ten extra bytes after the end of the copy.
inline void incremental_copy_fast(unsigned char *dest, const unsigned char *src, ssize_t len)
{
while (LZOASYM_UNLIKELY(dest - src < 8))
{
copy_64(dest, src);
len -= dest - src;
dest += dest - src;
}
while (len > 0)
{
copy_64(dest, src);
src += 8;
dest += 8;
len -= 8;
}
}
// Slow version of incremental copy
inline void incremental_copy(unsigned char *dest, const unsigned char *src, ssize_t len)
{
do {
*dest++ = *src++;
} while (--len);
}
// Faster version of memcpy
inline void copy_fast(unsigned char *dest, const unsigned char *src, ssize_t len)
{
while (len >= 8)
{
copy_64(dest, src);
src += 8;
dest += 8;
len -= 8;
}
if (len >= 4)
{
copy_mem<std::uint32_t>(dest, src);
src += 4;
dest += 4;
len -= 4;
}
switch (len)
{
case 3:
*dest++ = *src++;
case 2:
*dest++ = *src++;
case 1:
*dest = *src;
}
}
inline int lzo1x_decompress_safe(const unsigned char *input,
size_t input_length,
unsigned char *output,
size_t *output_length)
{
size_t z;
const unsigned char *input_ptr;
unsigned char *output_ptr;
const unsigned char *match_ptr;
const unsigned char *const input_ptr_end = input + input_length;
unsigned char *const output_ptr_end = output + *output_length;
*output_length = 0;
input_ptr = input;
output_ptr = output;
if (LZOASYM_UNLIKELY(input_length > 65536)) // quick fix to prevent 16MB integer overflow vulnerability
goto input_too_large;
if (LZOASYM_LIKELY(*input_ptr <= 17))
{
while (LZOASYM_LIKELY(input_ptr < input_ptr_end) && LZOASYM_LIKELY(output_ptr <= output_ptr_end))
{
z = *input_ptr++;
if (z < 16) // literal data?
{
if (LZOASYM_UNLIKELY(z == 0))
{
LZOASYM_CHECK_INPUT_OVERFLOW(1);
while (LZOASYM_UNLIKELY(*input_ptr == 0))
{
z += 255;
input_ptr++;
LZOASYM_CHECK_INPUT_OVERFLOW(1);
}
z += 15 + *input_ptr++;
}
// copy literal data
{
LZOASYM_ASSERT(z > 0);
const size_t len = z + 3;
LZOASYM_CHECK_OUTPUT_OVERFLOW(len);
LZOASYM_CHECK_INPUT_OVERFLOW(len+1);
copy_fast(output_ptr, input_ptr, len);
input_ptr += len;
output_ptr += len;
}
initial_literal:
z = *input_ptr++;
if (LZOASYM_UNLIKELY(z < 16))
{
match_ptr = output_ptr - (1 + LZOASYM_M2_MAX_OFFSET);
match_ptr -= z >> 2;
match_ptr -= *input_ptr++ << 2;
LZOASYM_CHECK_MATCH_OVERFLOW(match_ptr);
LZOASYM_CHECK_OUTPUT_OVERFLOW(3);
*output_ptr++ = *match_ptr++;
*output_ptr++ = *match_ptr++;
*output_ptr++ = *match_ptr;
goto match_complete;
}
}
// found a match (M2, M3, M4, or M1)
do {
if (LZOASYM_LIKELY(z >= 64)) // LZO "M2" match (most likely)
{
match_ptr = output_ptr - 1;
match_ptr -= (z >> 2) & 7;
match_ptr -= *input_ptr++ << 3;
z = (z >> 5) - 1;
}
else if (LZOASYM_LIKELY(z >= 32)) // LZO "M3" match
{
z &= 31;
if (LZOASYM_UNLIKELY(z == 0))
{
LZOASYM_CHECK_INPUT_OVERFLOW(1);
while (LZOASYM_UNLIKELY(*input_ptr == 0))
{
z += 255;
input_ptr++;
LZOASYM_CHECK_INPUT_OVERFLOW(1);
}
z += 31 + *input_ptr++;
}
match_ptr = output_ptr - 1;
match_ptr -= get_u16(input_ptr) >> 2;
input_ptr += 2;
}
else if (LZOASYM_LIKELY(z >= 16)) // LZO "M4" match
{
match_ptr = output_ptr;
match_ptr -= (z & 8) << 11;
z &= 7;
if (LZOASYM_UNLIKELY(z == 0))
{
LZOASYM_CHECK_INPUT_OVERFLOW(1);
while (LZOASYM_UNLIKELY(*input_ptr == 0))
{
z += 255;
input_ptr++;
LZOASYM_CHECK_INPUT_OVERFLOW(1);
}
z += 7 + *input_ptr++;
}
match_ptr -= get_u16(input_ptr) >> 2;
input_ptr += 2;
if (LZOASYM_UNLIKELY(match_ptr == output_ptr))
goto success;
match_ptr -= 0x4000;
}
else // LZO "M1" match (least likely)
{
match_ptr = output_ptr - 1;
match_ptr -= z >> 2;
match_ptr -= *input_ptr++ << 2;
LZOASYM_CHECK_MATCH_OVERFLOW(match_ptr);
LZOASYM_CHECK_OUTPUT_OVERFLOW(2);
*output_ptr++ = *match_ptr++;
*output_ptr++ = *match_ptr;
goto match_complete;
}
// copy the match we found above
{
LZOASYM_CHECK_MATCH_OVERFLOW(match_ptr);
LZOASYM_ASSERT(z > 0);
LZOASYM_CHECK_OUTPUT_OVERFLOW(z+3-1);
const size_t len = z + 2;
// Should we use optimized incremental copy?
// incremental_copy_fast might copy 10 more bytes than needed, so
// don't use it unless we have enough trailing space in buffer.
if (LZOASYM_LIKELY(size_t(output_ptr_end - output_ptr) >= len + 10))
incremental_copy_fast(output_ptr, match_ptr, len);
else
incremental_copy(output_ptr, match_ptr, len);
match_ptr += len;
output_ptr += len;
}
match_complete:
z = input_ptr[-2] & 3;
if (LZOASYM_LIKELY(z == 0))
break;
match_continue:
// copy literal data
LZOASYM_ASSERT(z > 0);
LZOASYM_ASSERT(z < 4);
LZOASYM_CHECK_OUTPUT_OVERFLOW(z);
LZOASYM_CHECK_INPUT_OVERFLOW(z+1);
*output_ptr++ = *input_ptr++;
if (LZOASYM_LIKELY(z > 1))
{
*output_ptr++ = *input_ptr++;
if (z > 2)
*output_ptr++ = *input_ptr++;
}
z = *input_ptr++;
} while (LZOASYM_LIKELY(input_ptr < input_ptr_end) && LZOASYM_LIKELY(output_ptr <= output_ptr_end));
}
}
else
{
// input began with a match or a literal (rare)
z = *input_ptr++ - 17;
if (z < 4)
goto match_continue;
LZOASYM_ASSERT(z > 0);
LZOASYM_CHECK_OUTPUT_OVERFLOW(z);
LZOASYM_CHECK_INPUT_OVERFLOW(z+1);
do {
*output_ptr++ = *input_ptr++;
} while (--z > 0);
goto initial_literal;
}
*output_length = ptr_diff(output_ptr, output);
return LZOASYM_E_EOF_NOT_FOUND;
success:
LZOASYM_ASSERT(z == 1);
*output_length = ptr_diff(output_ptr, output);
return (input_ptr == input_ptr_end ? LZOASYM_E_OK :
(input_ptr < input_ptr_end ? LZOASYM_E_INPUT_NOT_CONSUMED : LZOASYM_E_INPUT_OVERFLOW));
input_overflow:
*output_length = ptr_diff(output_ptr, output);
return LZOASYM_E_INPUT_OVERFLOW;
output_overflow:
*output_length = ptr_diff(output_ptr, output);
return LZOASYM_E_OUTPUT_OVERFLOW;
match_overflow:
*output_length = ptr_diff(output_ptr, output);
return LZOASYM_E_MATCH_OVERFLOW;
assert_fail:
return LZOASYM_E_ASSERT_FAILED;
input_too_large:
return LZOASYM_E_INPUT_TOO_LARGE;
}
}
}
#undef LZOASYM_CHECK_INPUT_OVERFLOW
#undef LZOASYM_CHECK_OUTPUT_OVERFLOW
#undef LZOASYM_CHECK_MATCH_OVERFLOW
#undef LZOASYM_ASSERT
#undef LZOASYM_LIKELY
#undef LZOASYM_UNLIKELY
#endif
Reference in New Issue View Git Blame Copy Permalink