2014-12-21 18:32:37 +01:00
|
|
|
// OpenVPN -- An application to securely tunnel IP networks
|
|
|
|
|
// over a single port, with support for SSL/TLS-based
|
|
|
|
|
// session authentication and key exchange,
|
|
|
|
|
// packet encryption, packet authentication, and
|
|
|
|
|
// packet compression.
|
|
|
|
|
//
|
2022-09-29 11:41:13 +02:00
|
|
|
// Copyright (C) 2012-2022 OpenVPN Inc.
|
2014-12-21 18:32:37 +01:00
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
2017-12-21 21:42:20 +01:00
|
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
2014-12-21 18:32:37 +01:00
|
|
|
// as published by the Free Software Foundation.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2017-12-21 21:42:20 +01:00
|
|
|
// GNU Affero General Public License for more details.
|
2014-12-21 18:32:37 +01:00
|
|
|
//
|
2017-12-21 21:42:20 +01:00
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
2014-12-21 18:32:37 +01:00
|
|
|
// along with this program in the COPYING file.
|
|
|
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
// OpenVPN AEAD data channel interface
|
|
|
|
|
|
|
|
|
|
#ifndef OPENVPN_CRYPTO_CRYPTO_AEAD_H
|
|
|
|
|
#define OPENVPN_CRYPTO_CRYPTO_AEAD_H
|
|
|
|
|
|
|
|
|
|
#include <cstring> // for std::memcpy, std::memset
|
|
|
|
|
|
2015-05-17 21:27:34 +02:00
|
|
|
#include <openvpn/common/size.hpp>
|
2014-12-21 18:32:37 +01:00
|
|
|
#include <openvpn/common/exception.hpp>
|
2023-08-23 18:11:16 +02:00
|
|
|
#include <openvpn/common/clamp_typerange.hpp>
|
2014-12-21 18:32:37 +01:00
|
|
|
#include <openvpn/buffer/buffer.hpp>
|
|
|
|
|
#include <openvpn/frame/frame.hpp>
|
|
|
|
|
#include <openvpn/crypto/static_key.hpp>
|
|
|
|
|
#include <openvpn/crypto/packet_id.hpp>
|
|
|
|
|
#include <openvpn/log/sessionstats.hpp>
|
|
|
|
|
#include <openvpn/crypto/cryptodc.hpp>
|
|
|
|
|
|
|
|
|
|
// Sample AES-GCM head:
|
|
|
|
|
// 48000001 00000005 7e7046bd 444a7e28 cc6387b1 64a4d6c1 380275a...
|
|
|
|
|
// [ OP32 ] [seq # ] [ auth tag ] [ payload ... ]
|
|
|
|
|
// [4-byte
|
|
|
|
|
// IV head]
|
|
|
|
|
|
2023-08-23 18:11:16 +02:00
|
|
|
using openvpn::numeric_util::clamp_to_default;
|
Eliminate some conversion warnings
- [ipv4.hpp, ipv6.hpp] In both v4 and v6 headers it is safe to cast the hex
so as to eliminate the spurious warnings.
- [lz4.hpp] Apply value clamp to the hint that is sent to the compressor
to prevent a potential conversion overflow.
- [zlib.hpp] In compress_gzip, zs.s.avail_in and zs.s.avail_out are
theoretically susceptable to overflow. To prevent this we use
numeric_cast. In decompress_gzip we do a similar thing for zs.s.avail_in
but only value clamp avail_out, since the read loop looks like it will
compensate
- [buffmt.hpp] It's safe to cast the result of the arithmentically caused
promotion back down to char.
- [base64.hpp] In Base64 CTOR, changed type of a couple variables to
match the type of the table they generate. In decode, perform a static
cast to the type of the template elements the function is
instantiated for.
- [core.hpp] Perform static cast long --> int on value representing
number of cores. If we run on systems where there are more cores than
int can represent this will behave oddly, but this circumstance
seems unlikely at the present time.
- [environ.hpp] The casts seem to be safe but I have added a todo ticket
to evaluate this change further.
- [hexstr.hpp] In render_hex_char there were two conversion warnings
and a bug involving out of range input. Those are addressed.
In dump_hex the result of some math and logic is now clamped
to the range of acceptable input values for string::spaces
In parse_hex the result of converting from a hex string to an
integral value is cast to the template value_type
- [hostport.hpp] The static_cast should be safe because the value
produced by validate_port is range checked.
- [split.hpp] Applied numeric cast to ensure output of lex.get stays
within acceptable type limit.
- [stop.hpp] In Stop::Scope It's extremely unlikely but was possible for
the vector size to exceed the limit of int. The size now has a much lower
limit applied and will throw if it is exceeded.
- [string.hpp] Changed the call to toupper/tolower so they call the
locale function template instead of the cctype C function. This
eliminates the warning and the need for the cast.
- [cliproto.hpp] The computation of mss_fix is stored in a size_t and
then assigned to an unsigned short. We clamp this assignment
to the range of unsigned short.
- [tempfile.hpp] In TempFile CTOR suffixLen is computed as one type
and consumed as another. Since the CTOR is already throwing
for a couple other error conditions, I have added a
numeric_cast to the conversion that also throws in case of a
value overflow.
- [unicode.hpp] In an 8 --> 16 bit string conversion we mask and assign
in a way the compiler can't be certain is safe even though it is safe.
Added static cast to let the compiler know it's safe. In the second case
the class uses unsigned int to store a size, and then uses it in with size_t
which generates conversion warnings. I have changed the type of size
to size_t
- [logperiod.hpp] in log_period changed return type specification to
match the actual return type.
- [usergroup_retain_cap.hpp] In the unlikely event the caps size (size_t)
exceeds the range cap_set_flag can accept, an exception will be thrown.
- [crypto_aead.hpp] StaticKey::size provides a size_t where unsigned int
is required. We use numeric_cast to check the size() value in the
extremely unlikely event it is manipulated to exceed the allowed value.
- [packet_id.hpp] Code packs a time_t into a uint32_t for replay packet
ID protection purposes. The warning is supressed by a mask and cast
since the 32 bit limit is baked into the protocol and the overflow itself
does not cause a severe breakage.
- [headredact.hpp] Altered code such that the type that stores the find
result is compatible with the result from find. Additionally used the
npos constant instead of -1. There is a commented out code block that
claims to be dropped due to requiring C++ '14 - consider just using
that.
- [csum.hpp] in csum fold and cfold one has a mask and cast, the
second is just a cast to undo a promotion. Both appear safe.
- [ipv4.hpp] Values are masked and shifted so the cast should be safe.
Added cast.
- [ping4.hpp] ICMP ID and sequence number function arguments are
changed to the same type as needed by the structure. For
IPv4 header version_len 2nd arg is int but sizeof is not, so we
cast it. IPv4 tot_len is a uint16_t so we clamp to that value
range and compute it once.
- [ping6.hpp] Enforces a value constraint on the len argument to
csum_icmp, then checks the result of some math to ensure
the result will fit in the type it has to fit. In generate_echo_request
the ICMP ID and sequence args are changed to match the
type they are assigned to in the struct, and added
numeric_cast to range check payload_len.
- [remotelist.hpp] In get_endpoint, endpoint.port is called with an
unsigned int where the function is expecting an unsigned short int.
Since parse_number_throw is a function template, we just ask it to
return the correct type now.
- [compress.hpp] In v2_push we accept an int value that is assigned to
an unsigned char we push to the buffer. I changed the function to
accept an unsigned char directly.
Added unit tests - thanks Mark Deric.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
2023-02-27 21:47:53 +01:00
|
|
|
|
|
|
|
|
namespace openvpn::AEAD {
|
2014-12-21 18:32:37 +01:00
|
|
|
|
|
|
|
|
OPENVPN_EXCEPTION(aead_error);
|
|
|
|
|
|
|
|
|
|
template <typename CRYPTO_API>
|
|
|
|
|
class Crypto : public CryptoDCInstance
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
class Nonce
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
Nonce()
|
|
|
|
|
{
|
2020-02-17 17:16:54 +01:00
|
|
|
static_assert(4 + CRYPTO_API::CipherContextAEAD::IV_LEN == sizeof(data),
|
2014-12-21 18:32:37 +01:00
|
|
|
"AEAD IV_LEN inconsistency");
|
|
|
|
|
ad_op32 = false;
|
|
|
|
|
std::memset(data, 0, sizeof(data));
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// setup
|
|
|
|
|
void set_tail(const StaticKey &sk)
|
|
|
|
|
{
|
|
|
|
|
if (sk.size() < 8)
|
|
|
|
|
throw aead_error("insufficient key material for nonce tail");
|
|
|
|
|
std::memcpy(data + 8, sk.data(), 8);
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// for encrypt
|
|
|
|
|
Nonce(const Nonce &ref, PacketIDSend &pid_send, const PacketID::time_t now, const unsigned char *op32)
|
|
|
|
|
{
|
|
|
|
|
std::memcpy(data, ref.data, sizeof(data));
|
|
|
|
|
Buffer buf(data + 4, 4, false);
|
|
|
|
|
pid_send.write_next(buf, false, now);
|
|
|
|
|
if (op32)
|
|
|
|
|
{
|
|
|
|
|
ad_op32 = true;
|
|
|
|
|
std::memcpy(data, op32, 4);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
ad_op32 = false;
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// for encrypt
|
|
|
|
|
void prepend_ad(Buffer &buf) const
|
|
|
|
|
{
|
|
|
|
|
buf.prepend(data + 4, 4);
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// for decrypt
|
|
|
|
|
Nonce(const Nonce &ref, Buffer &buf, const unsigned char *op32)
|
|
|
|
|
{
|
|
|
|
|
std::memcpy(data, ref.data, sizeof(data));
|
|
|
|
|
buf.read(data + 4, 4);
|
|
|
|
|
if (op32)
|
|
|
|
|
{
|
|
|
|
|
ad_op32 = true;
|
|
|
|
|
std::memcpy(data, op32, 4);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
ad_op32 = false;
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// for decrypt
|
|
|
|
|
bool verify_packet_id(PacketIDReceive &pid_recv, const PacketID::time_t now)
|
|
|
|
|
{
|
|
|
|
|
Buffer buf(data + 4, 4, true);
|
|
|
|
|
const PacketID pid = pid_recv.read_next(buf);
|
2015-06-18 09:55:52 +02:00
|
|
|
return pid_recv.test_add(pid, now, true); // verify packet ID
|
2014-12-21 18:32:37 +01:00
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
const unsigned char *iv() const
|
|
|
|
|
{
|
|
|
|
|
return data + 4;
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
const unsigned char *ad() const
|
|
|
|
|
{
|
|
|
|
|
return ad_op32 ? data : data + 4;
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-05-18 04:37:27 +02:00
|
|
|
size_t ad_len() const
|
2014-12-21 18:32:37 +01:00
|
|
|
{
|
|
|
|
|
return ad_op32 ? 8 : 4;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
bool ad_op32; // true if AD includes op32 opcode
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Sample data:
|
2021-10-11 14:55:59 +02:00
|
|
|
// [ OP32 (optional) ] [ pkt ID ] [ nonce tail ]
|
2014-12-31 08:24:54 +01:00
|
|
|
// [ 48 00 00 01 ] [ 00 00 00 05 ] [ 7f 45 64 db 33 5b 6c 29 ]
|
|
|
|
|
unsigned char data[16];
|
2014-12-21 18:32:37 +01:00
|
|
|
};
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
struct Encrypt
|
|
|
|
|
{
|
2021-10-11 14:55:59 +02:00
|
|
|
typename CRYPTO_API::CipherContextAEAD impl;
|
2014-12-21 18:32:37 +01:00
|
|
|
Nonce nonce;
|
2021-10-11 14:55:59 +02:00
|
|
|
PacketIDSend pid_send;
|
2014-12-21 18:32:37 +01:00
|
|
|
BufferAllocated work;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct Decrypt
|
|
|
|
|
{
|
2021-10-11 14:55:59 +02:00
|
|
|
typename CRYPTO_API::CipherContextAEAD impl;
|
|
|
|
|
Nonce nonce;
|
2020-08-13 15:47:42 +02:00
|
|
|
PacketIDReceive pid_recv;
|
2020-02-17 17:16:54 +01:00
|
|
|
BufferAllocated work;
|
2014-12-21 18:32:37 +01:00
|
|
|
};
|
2023-01-11 20:43:22 +01:00
|
|
|
|
|
|
|
|
public:
|
2014-12-21 18:32:37 +01:00
|
|
|
typedef CryptoDCInstance Base;
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
Crypto(SSLLib::Ctx libctx_arg,
|
|
|
|
|
const CryptoAlgs::Type cipher_arg,
|
2014-12-21 18:32:37 +01:00
|
|
|
const Frame::Ptr &frame_arg,
|
|
|
|
|
const SessionStats::Ptr &stats_arg)
|
|
|
|
|
: cipher(cipher_arg),
|
|
|
|
|
frame(frame_arg),
|
2021-10-11 14:55:59 +02:00
|
|
|
stats(stats_arg),
|
|
|
|
|
libctx(libctx_arg)
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Encrypt/Decrypt
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// returns true if packet ID is close to wrapping
|
2021-10-11 14:55:59 +02:00
|
|
|
bool encrypt(BufferAllocated &buf, const PacketID::time_t now, const unsigned char *op32) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
// only process non-null packets
|
|
|
|
|
if (buf.size())
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
// build nonce/IV/AD
|
|
|
|
|
Nonce nonce(e.nonce, e.pid_send, now, op32);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
// encrypt to work buf
|
|
|
|
|
frame->prepare(Frame::ENCRYPT_WORK, e.work);
|
|
|
|
|
if (e.work.max_size() < buf.size())
|
|
|
|
|
throw aead_error("encrypt work buffer too small");
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
// alloc auth tag in buffer
|
|
|
|
|
unsigned char *auth_tag = e.work.prepend_alloc(CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
unsigned char *auth_tag_end;
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
// prepare output buffer
|
|
|
|
|
unsigned char *work_data = e.work.write_alloc(buf.size());
|
|
|
|
|
if (e.impl.requires_authtag_at_end())
|
|
|
|
|
{
|
|
|
|
|
auth_tag_end = e.work.write_alloc(CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
// encrypt
|
|
|
|
|
e.impl.encrypt(buf.data(), work_data, buf.size(), nonce.iv(), auth_tag, nonce.ad(), nonce.ad_len());
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
if (e.impl.requires_authtag_at_end())
|
|
|
|
|
{
|
|
|
|
|
/* move the auth tag to the front */
|
|
|
|
|
std::memcpy(auth_tag, auth_tag_end, CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
|
|
|
|
/* Ignore the auth tag at the end */
|
|
|
|
|
e.work.inc_size(-CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
buf.swap(e.work);
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// prepend additional data
|
|
|
|
|
nonce.prepend_ad(buf);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
2014-12-21 18:32:37 +01:00
|
|
|
return e.pid_send.wrap_warning();
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
Error::Type decrypt(BufferAllocated &buf, const PacketID::time_t now, const unsigned char *op32) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
// only process non-null packets
|
|
|
|
|
if (buf.size())
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
// get nonce/IV/AD
|
|
|
|
|
Nonce nonce(d.nonce, buf, op32);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// get auth tag
|
2020-02-17 17:16:54 +01:00
|
|
|
unsigned char *auth_tag = buf.read_alloc(CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// initialize work buffer
|
|
|
|
|
frame->prepare(Frame::DECRYPT_WORK, d.work);
|
|
|
|
|
if (d.work.max_size() < buf.size())
|
|
|
|
|
throw aead_error("decrypt work buffer too small");
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-03-03 13:17:13 +01:00
|
|
|
if (e.impl.requires_authtag_at_end())
|
|
|
|
|
{
|
|
|
|
|
unsigned char *auth_tag_end = buf.write_alloc(CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
|
|
|
|
std::memcpy(auth_tag_end, auth_tag, CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// decrypt from buf -> work
|
2014-12-31 08:24:54 +01:00
|
|
|
if (!d.impl.decrypt(buf.c_data(), d.work.data(), buf.size(), nonce.iv(), auth_tag, nonce.ad(), nonce.ad_len()))
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
buf.reset_size();
|
|
|
|
|
return Error::DECRYPT_ERROR;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
2023-03-03 13:17:13 +01:00
|
|
|
if (e.impl.requires_authtag_at_end())
|
|
|
|
|
{
|
|
|
|
|
d.work.set_size(buf.size() - CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
d.work.set_size(buf.size());
|
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// verify packet ID
|
|
|
|
|
if (!nonce.verify_packet_id(d.pid_recv, now))
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
buf.reset_size();
|
|
|
|
|
return Error::REPLAY_ERROR;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// return cleartext result in buf
|
|
|
|
|
buf.swap(d.work);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
2014-12-21 18:32:37 +01:00
|
|
|
return Error::SUCCESS;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Initialization
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2023-08-23 18:11:16 +02:00
|
|
|
// TODO: clamp_to_default probably will cause an error further along if triggered, investigate
|
2021-10-11 14:55:59 +02:00
|
|
|
void init_cipher(StaticKey &&encrypt_key, StaticKey &&decrypt_key) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
Eliminate some conversion warnings
- [ipv4.hpp, ipv6.hpp] In both v4 and v6 headers it is safe to cast the hex
so as to eliminate the spurious warnings.
- [lz4.hpp] Apply value clamp to the hint that is sent to the compressor
to prevent a potential conversion overflow.
- [zlib.hpp] In compress_gzip, zs.s.avail_in and zs.s.avail_out are
theoretically susceptable to overflow. To prevent this we use
numeric_cast. In decompress_gzip we do a similar thing for zs.s.avail_in
but only value clamp avail_out, since the read loop looks like it will
compensate
- [buffmt.hpp] It's safe to cast the result of the arithmentically caused
promotion back down to char.
- [base64.hpp] In Base64 CTOR, changed type of a couple variables to
match the type of the table they generate. In decode, perform a static
cast to the type of the template elements the function is
instantiated for.
- [core.hpp] Perform static cast long --> int on value representing
number of cores. If we run on systems where there are more cores than
int can represent this will behave oddly, but this circumstance
seems unlikely at the present time.
- [environ.hpp] The casts seem to be safe but I have added a todo ticket
to evaluate this change further.
- [hexstr.hpp] In render_hex_char there were two conversion warnings
and a bug involving out of range input. Those are addressed.
In dump_hex the result of some math and logic is now clamped
to the range of acceptable input values for string::spaces
In parse_hex the result of converting from a hex string to an
integral value is cast to the template value_type
- [hostport.hpp] The static_cast should be safe because the value
produced by validate_port is range checked.
- [split.hpp] Applied numeric cast to ensure output of lex.get stays
within acceptable type limit.
- [stop.hpp] In Stop::Scope It's extremely unlikely but was possible for
the vector size to exceed the limit of int. The size now has a much lower
limit applied and will throw if it is exceeded.
- [string.hpp] Changed the call to toupper/tolower so they call the
locale function template instead of the cctype C function. This
eliminates the warning and the need for the cast.
- [cliproto.hpp] The computation of mss_fix is stored in a size_t and
then assigned to an unsigned short. We clamp this assignment
to the range of unsigned short.
- [tempfile.hpp] In TempFile CTOR suffixLen is computed as one type
and consumed as another. Since the CTOR is already throwing
for a couple other error conditions, I have added a
numeric_cast to the conversion that also throws in case of a
value overflow.
- [unicode.hpp] In an 8 --> 16 bit string conversion we mask and assign
in a way the compiler can't be certain is safe even though it is safe.
Added static cast to let the compiler know it's safe. In the second case
the class uses unsigned int to store a size, and then uses it in with size_t
which generates conversion warnings. I have changed the type of size
to size_t
- [logperiod.hpp] in log_period changed return type specification to
match the actual return type.
- [usergroup_retain_cap.hpp] In the unlikely event the caps size (size_t)
exceeds the range cap_set_flag can accept, an exception will be thrown.
- [crypto_aead.hpp] StaticKey::size provides a size_t where unsigned int
is required. We use numeric_cast to check the size() value in the
extremely unlikely event it is manipulated to exceed the allowed value.
- [packet_id.hpp] Code packs a time_t into a uint32_t for replay packet
ID protection purposes. The warning is supressed by a mask and cast
since the 32 bit limit is baked into the protocol and the overflow itself
does not cause a severe breakage.
- [headredact.hpp] Altered code such that the type that stores the find
result is compatible with the result from find. Additionally used the
npos constant instead of -1. There is a commented out code block that
claims to be dropped due to requiring C++ '14 - consider just using
that.
- [csum.hpp] in csum fold and cfold one has a mask and cast, the
second is just a cast to undo a promotion. Both appear safe.
- [ipv4.hpp] Values are masked and shifted so the cast should be safe.
Added cast.
- [ping4.hpp] ICMP ID and sequence number function arguments are
changed to the same type as needed by the structure. For
IPv4 header version_len 2nd arg is int but sizeof is not, so we
cast it. IPv4 tot_len is a uint16_t so we clamp to that value
range and compute it once.
- [ping6.hpp] Enforces a value constraint on the len argument to
csum_icmp, then checks the result of some math to ensure
the result will fit in the type it has to fit. In generate_echo_request
the ICMP ID and sequence args are changed to match the
type they are assigned to in the struct, and added
numeric_cast to range check payload_len.
- [remotelist.hpp] In get_endpoint, endpoint.port is called with an
unsigned int where the function is expecting an unsigned short int.
Since parse_number_throw is a function template, we just ask it to
return the correct type now.
- [compress.hpp] In v2_push we accept an int value that is assigned to
an unsigned char we push to the buffer. I changed the function to
accept an unsigned char directly.
Added unit tests - thanks Mark Deric.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
2023-02-27 21:47:53 +01:00
|
|
|
e.impl.init(libctx,
|
|
|
|
|
cipher,
|
|
|
|
|
encrypt_key.data(),
|
2023-08-23 18:11:16 +02:00
|
|
|
clamp_to_default<unsigned int>(encrypt_key.size(), 0),
|
Eliminate some conversion warnings
- [ipv4.hpp, ipv6.hpp] In both v4 and v6 headers it is safe to cast the hex
so as to eliminate the spurious warnings.
- [lz4.hpp] Apply value clamp to the hint that is sent to the compressor
to prevent a potential conversion overflow.
- [zlib.hpp] In compress_gzip, zs.s.avail_in and zs.s.avail_out are
theoretically susceptable to overflow. To prevent this we use
numeric_cast. In decompress_gzip we do a similar thing for zs.s.avail_in
but only value clamp avail_out, since the read loop looks like it will
compensate
- [buffmt.hpp] It's safe to cast the result of the arithmentically caused
promotion back down to char.
- [base64.hpp] In Base64 CTOR, changed type of a couple variables to
match the type of the table they generate. In decode, perform a static
cast to the type of the template elements the function is
instantiated for.
- [core.hpp] Perform static cast long --> int on value representing
number of cores. If we run on systems where there are more cores than
int can represent this will behave oddly, but this circumstance
seems unlikely at the present time.
- [environ.hpp] The casts seem to be safe but I have added a todo ticket
to evaluate this change further.
- [hexstr.hpp] In render_hex_char there were two conversion warnings
and a bug involving out of range input. Those are addressed.
In dump_hex the result of some math and logic is now clamped
to the range of acceptable input values for string::spaces
In parse_hex the result of converting from a hex string to an
integral value is cast to the template value_type
- [hostport.hpp] The static_cast should be safe because the value
produced by validate_port is range checked.
- [split.hpp] Applied numeric cast to ensure output of lex.get stays
within acceptable type limit.
- [stop.hpp] In Stop::Scope It's extremely unlikely but was possible for
the vector size to exceed the limit of int. The size now has a much lower
limit applied and will throw if it is exceeded.
- [string.hpp] Changed the call to toupper/tolower so they call the
locale function template instead of the cctype C function. This
eliminates the warning and the need for the cast.
- [cliproto.hpp] The computation of mss_fix is stored in a size_t and
then assigned to an unsigned short. We clamp this assignment
to the range of unsigned short.
- [tempfile.hpp] In TempFile CTOR suffixLen is computed as one type
and consumed as another. Since the CTOR is already throwing
for a couple other error conditions, I have added a
numeric_cast to the conversion that also throws in case of a
value overflow.
- [unicode.hpp] In an 8 --> 16 bit string conversion we mask and assign
in a way the compiler can't be certain is safe even though it is safe.
Added static cast to let the compiler know it's safe. In the second case
the class uses unsigned int to store a size, and then uses it in with size_t
which generates conversion warnings. I have changed the type of size
to size_t
- [logperiod.hpp] in log_period changed return type specification to
match the actual return type.
- [usergroup_retain_cap.hpp] In the unlikely event the caps size (size_t)
exceeds the range cap_set_flag can accept, an exception will be thrown.
- [crypto_aead.hpp] StaticKey::size provides a size_t where unsigned int
is required. We use numeric_cast to check the size() value in the
extremely unlikely event it is manipulated to exceed the allowed value.
- [packet_id.hpp] Code packs a time_t into a uint32_t for replay packet
ID protection purposes. The warning is supressed by a mask and cast
since the 32 bit limit is baked into the protocol and the overflow itself
does not cause a severe breakage.
- [headredact.hpp] Altered code such that the type that stores the find
result is compatible with the result from find. Additionally used the
npos constant instead of -1. There is a commented out code block that
claims to be dropped due to requiring C++ '14 - consider just using
that.
- [csum.hpp] in csum fold and cfold one has a mask and cast, the
second is just a cast to undo a promotion. Both appear safe.
- [ipv4.hpp] Values are masked and shifted so the cast should be safe.
Added cast.
- [ping4.hpp] ICMP ID and sequence number function arguments are
changed to the same type as needed by the structure. For
IPv4 header version_len 2nd arg is int but sizeof is not, so we
cast it. IPv4 tot_len is a uint16_t so we clamp to that value
range and compute it once.
- [ping6.hpp] Enforces a value constraint on the len argument to
csum_icmp, then checks the result of some math to ensure
the result will fit in the type it has to fit. In generate_echo_request
the ICMP ID and sequence args are changed to match the
type they are assigned to in the struct, and added
numeric_cast to range check payload_len.
- [remotelist.hpp] In get_endpoint, endpoint.port is called with an
unsigned int where the function is expecting an unsigned short int.
Since parse_number_throw is a function template, we just ask it to
return the correct type now.
- [compress.hpp] In v2_push we accept an int value that is assigned to
an unsigned char we push to the buffer. I changed the function to
accept an unsigned char directly.
Added unit tests - thanks Mark Deric.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
2023-02-27 21:47:53 +01:00
|
|
|
CRYPTO_API::CipherContextAEAD::ENCRYPT);
|
|
|
|
|
d.impl.init(libctx,
|
|
|
|
|
cipher,
|
|
|
|
|
decrypt_key.data(),
|
2023-08-23 18:11:16 +02:00
|
|
|
clamp_to_default<unsigned int>(decrypt_key.size(), 0),
|
Eliminate some conversion warnings
- [ipv4.hpp, ipv6.hpp] In both v4 and v6 headers it is safe to cast the hex
so as to eliminate the spurious warnings.
- [lz4.hpp] Apply value clamp to the hint that is sent to the compressor
to prevent a potential conversion overflow.
- [zlib.hpp] In compress_gzip, zs.s.avail_in and zs.s.avail_out are
theoretically susceptable to overflow. To prevent this we use
numeric_cast. In decompress_gzip we do a similar thing for zs.s.avail_in
but only value clamp avail_out, since the read loop looks like it will
compensate
- [buffmt.hpp] It's safe to cast the result of the arithmentically caused
promotion back down to char.
- [base64.hpp] In Base64 CTOR, changed type of a couple variables to
match the type of the table they generate. In decode, perform a static
cast to the type of the template elements the function is
instantiated for.
- [core.hpp] Perform static cast long --> int on value representing
number of cores. If we run on systems where there are more cores than
int can represent this will behave oddly, but this circumstance
seems unlikely at the present time.
- [environ.hpp] The casts seem to be safe but I have added a todo ticket
to evaluate this change further.
- [hexstr.hpp] In render_hex_char there were two conversion warnings
and a bug involving out of range input. Those are addressed.
In dump_hex the result of some math and logic is now clamped
to the range of acceptable input values for string::spaces
In parse_hex the result of converting from a hex string to an
integral value is cast to the template value_type
- [hostport.hpp] The static_cast should be safe because the value
produced by validate_port is range checked.
- [split.hpp] Applied numeric cast to ensure output of lex.get stays
within acceptable type limit.
- [stop.hpp] In Stop::Scope It's extremely unlikely but was possible for
the vector size to exceed the limit of int. The size now has a much lower
limit applied and will throw if it is exceeded.
- [string.hpp] Changed the call to toupper/tolower so they call the
locale function template instead of the cctype C function. This
eliminates the warning and the need for the cast.
- [cliproto.hpp] The computation of mss_fix is stored in a size_t and
then assigned to an unsigned short. We clamp this assignment
to the range of unsigned short.
- [tempfile.hpp] In TempFile CTOR suffixLen is computed as one type
and consumed as another. Since the CTOR is already throwing
for a couple other error conditions, I have added a
numeric_cast to the conversion that also throws in case of a
value overflow.
- [unicode.hpp] In an 8 --> 16 bit string conversion we mask and assign
in a way the compiler can't be certain is safe even though it is safe.
Added static cast to let the compiler know it's safe. In the second case
the class uses unsigned int to store a size, and then uses it in with size_t
which generates conversion warnings. I have changed the type of size
to size_t
- [logperiod.hpp] in log_period changed return type specification to
match the actual return type.
- [usergroup_retain_cap.hpp] In the unlikely event the caps size (size_t)
exceeds the range cap_set_flag can accept, an exception will be thrown.
- [crypto_aead.hpp] StaticKey::size provides a size_t where unsigned int
is required. We use numeric_cast to check the size() value in the
extremely unlikely event it is manipulated to exceed the allowed value.
- [packet_id.hpp] Code packs a time_t into a uint32_t for replay packet
ID protection purposes. The warning is supressed by a mask and cast
since the 32 bit limit is baked into the protocol and the overflow itself
does not cause a severe breakage.
- [headredact.hpp] Altered code such that the type that stores the find
result is compatible with the result from find. Additionally used the
npos constant instead of -1. There is a commented out code block that
claims to be dropped due to requiring C++ '14 - consider just using
that.
- [csum.hpp] in csum fold and cfold one has a mask and cast, the
second is just a cast to undo a promotion. Both appear safe.
- [ipv4.hpp] Values are masked and shifted so the cast should be safe.
Added cast.
- [ping4.hpp] ICMP ID and sequence number function arguments are
changed to the same type as needed by the structure. For
IPv4 header version_len 2nd arg is int but sizeof is not, so we
cast it. IPv4 tot_len is a uint16_t so we clamp to that value
range and compute it once.
- [ping6.hpp] Enforces a value constraint on the len argument to
csum_icmp, then checks the result of some math to ensure
the result will fit in the type it has to fit. In generate_echo_request
the ICMP ID and sequence args are changed to match the
type they are assigned to in the struct, and added
numeric_cast to range check payload_len.
- [remotelist.hpp] In get_endpoint, endpoint.port is called with an
unsigned int where the function is expecting an unsigned short int.
Since parse_number_throw is a function template, we just ask it to
return the correct type now.
- [compress.hpp] In v2_push we accept an int value that is assigned to
an unsigned char we push to the buffer. I changed the function to
accept an unsigned char directly.
Added unit tests - thanks Mark Deric.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
2023-02-27 21:47:53 +01:00
|
|
|
CRYPTO_API::CipherContextAEAD::DECRYPT);
|
2014-12-21 18:32:37 +01:00
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
void init_hmac(StaticKey &&encrypt_key,
|
|
|
|
|
StaticKey &&decrypt_key) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
e.nonce.set_tail(encrypt_key);
|
|
|
|
|
d.nonce.set_tail(decrypt_key);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
void init_pid(const int send_form,
|
2014-12-21 18:32:37 +01:00
|
|
|
const int recv_mode,
|
|
|
|
|
const int recv_form,
|
|
|
|
|
const char *recv_name,
|
|
|
|
|
const int recv_unit,
|
2021-10-11 14:55:59 +02:00
|
|
|
const SessionStats::Ptr &recv_stats_arg) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
e.pid_send.init(send_form);
|
2015-06-18 09:55:52 +02:00
|
|
|
d.pid_recv.init(recv_mode, recv_form, recv_name, recv_unit, recv_stats_arg);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Indicate whether or not cipher/digest is defined
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
unsigned int defined() const override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
unsigned int ret = CRYPTO_DEFINED;
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// AEAD mode doesn't use HMAC, but we still indicate HMAC_DEFINED
|
|
|
|
|
// because we want to use the HMAC keying material for the AEAD nonce tail.
|
|
|
|
|
if (CryptoAlgs::defined(cipher))
|
|
|
|
|
ret |= (CIPHER_DEFINED | HMAC_DEFINED);
|
|
|
|
|
return ret;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
bool consider_compression(const CompressContext &comp_ctx) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
return true;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Rekeying
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
void rekey(const typename Base::RekeyType type) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
2014-12-21 18:32:37 +01:00
|
|
|
CryptoAlgs::Type cipher;
|
|
|
|
|
Frame::Ptr frame;
|
|
|
|
|
SessionStats::Ptr stats;
|
2021-10-11 14:55:59 +02:00
|
|
|
SSLLib::Ctx libctx;
|
2014-12-21 18:32:37 +01:00
|
|
|
Encrypt e;
|
|
|
|
|
Decrypt d;
|
2023-01-11 20:43:22 +01:00
|
|
|
};
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
template <typename CRYPTO_API>
|
|
|
|
|
class CryptoContext : public CryptoDCContext
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
|
|
|
|
public:
|
2015-05-18 05:26:53 +02:00
|
|
|
typedef RCPtr<CryptoContext> Ptr;
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
CryptoContext(SSLLib::Ctx libctx_arg,
|
|
|
|
|
const CryptoAlgs::Type cipher_arg,
|
2020-08-13 15:47:42 +02:00
|
|
|
const CryptoAlgs::KeyDerivation key_method,
|
2014-12-21 18:32:37 +01:00
|
|
|
const Frame::Ptr &frame_arg,
|
|
|
|
|
const SessionStats::Ptr &stats_arg)
|
2020-08-13 15:47:42 +02:00
|
|
|
: CryptoDCContext(key_method),
|
|
|
|
|
cipher(CryptoAlgs::legal_dc_cipher(cipher_arg)),
|
2014-12-21 18:32:37 +01:00
|
|
|
frame(frame_arg),
|
2021-10-11 14:55:59 +02:00
|
|
|
stats(stats_arg),
|
|
|
|
|
libctx(libctx_arg)
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
CryptoDCInstance::Ptr new_obj(const unsigned int key_id) override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2021-10-11 14:55:59 +02:00
|
|
|
return new Crypto<CRYPTO_API>(libctx, cipher, frame, stats);
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// cipher/HMAC/key info
|
2021-10-11 14:55:59 +02:00
|
|
|
Info crypto_info() override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2014-12-21 18:32:37 +01:00
|
|
|
Info ret;
|
|
|
|
|
ret.cipher_alg = cipher;
|
|
|
|
|
ret.hmac_alg = CryptoAlgs::NONE;
|
2020-08-13 15:47:42 +02:00
|
|
|
ret.key_derivation = key_derivation;
|
2014-12-21 18:32:37 +01:00
|
|
|
return ret;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
2014-12-21 18:32:37 +01:00
|
|
|
// Info for ProtoContext::link_mtu_adjust
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2021-10-11 14:55:59 +02:00
|
|
|
size_t encap_overhead() const override
|
2023-01-11 20:43:22 +01:00
|
|
|
{
|
2020-02-17 17:16:54 +01:00
|
|
|
return CRYPTO_API::CipherContextAEAD::AUTH_TAG_LEN;
|
2023-01-11 20:43:22 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
2014-12-21 18:32:37 +01:00
|
|
|
CryptoAlgs::Type cipher;
|
|
|
|
|
Frame::Ptr frame;
|
|
|
|
|
SessionStats::Ptr stats;
|
2021-10-11 14:55:59 +02:00
|
|
|
SSLLib::Ctx libctx;
|
2023-01-11 20:43:22 +01:00
|
|
|
};
|
Eliminate some conversion warnings
- [ipv4.hpp, ipv6.hpp] In both v4 and v6 headers it is safe to cast the hex
so as to eliminate the spurious warnings.
- [lz4.hpp] Apply value clamp to the hint that is sent to the compressor
to prevent a potential conversion overflow.
- [zlib.hpp] In compress_gzip, zs.s.avail_in and zs.s.avail_out are
theoretically susceptable to overflow. To prevent this we use
numeric_cast. In decompress_gzip we do a similar thing for zs.s.avail_in
but only value clamp avail_out, since the read loop looks like it will
compensate
- [buffmt.hpp] It's safe to cast the result of the arithmentically caused
promotion back down to char.
- [base64.hpp] In Base64 CTOR, changed type of a couple variables to
match the type of the table they generate. In decode, perform a static
cast to the type of the template elements the function is
instantiated for.
- [core.hpp] Perform static cast long --> int on value representing
number of cores. If we run on systems where there are more cores than
int can represent this will behave oddly, but this circumstance
seems unlikely at the present time.
- [environ.hpp] The casts seem to be safe but I have added a todo ticket
to evaluate this change further.
- [hexstr.hpp] In render_hex_char there were two conversion warnings
and a bug involving out of range input. Those are addressed.
In dump_hex the result of some math and logic is now clamped
to the range of acceptable input values for string::spaces
In parse_hex the result of converting from a hex string to an
integral value is cast to the template value_type
- [hostport.hpp] The static_cast should be safe because the value
produced by validate_port is range checked.
- [split.hpp] Applied numeric cast to ensure output of lex.get stays
within acceptable type limit.
- [stop.hpp] In Stop::Scope It's extremely unlikely but was possible for
the vector size to exceed the limit of int. The size now has a much lower
limit applied and will throw if it is exceeded.
- [string.hpp] Changed the call to toupper/tolower so they call the
locale function template instead of the cctype C function. This
eliminates the warning and the need for the cast.
- [cliproto.hpp] The computation of mss_fix is stored in a size_t and
then assigned to an unsigned short. We clamp this assignment
to the range of unsigned short.
- [tempfile.hpp] In TempFile CTOR suffixLen is computed as one type
and consumed as another. Since the CTOR is already throwing
for a couple other error conditions, I have added a
numeric_cast to the conversion that also throws in case of a
value overflow.
- [unicode.hpp] In an 8 --> 16 bit string conversion we mask and assign
in a way the compiler can't be certain is safe even though it is safe.
Added static cast to let the compiler know it's safe. In the second case
the class uses unsigned int to store a size, and then uses it in with size_t
which generates conversion warnings. I have changed the type of size
to size_t
- [logperiod.hpp] in log_period changed return type specification to
match the actual return type.
- [usergroup_retain_cap.hpp] In the unlikely event the caps size (size_t)
exceeds the range cap_set_flag can accept, an exception will be thrown.
- [crypto_aead.hpp] StaticKey::size provides a size_t where unsigned int
is required. We use numeric_cast to check the size() value in the
extremely unlikely event it is manipulated to exceed the allowed value.
- [packet_id.hpp] Code packs a time_t into a uint32_t for replay packet
ID protection purposes. The warning is supressed by a mask and cast
since the 32 bit limit is baked into the protocol and the overflow itself
does not cause a severe breakage.
- [headredact.hpp] Altered code such that the type that stores the find
result is compatible with the result from find. Additionally used the
npos constant instead of -1. There is a commented out code block that
claims to be dropped due to requiring C++ '14 - consider just using
that.
- [csum.hpp] in csum fold and cfold one has a mask and cast, the
second is just a cast to undo a promotion. Both appear safe.
- [ipv4.hpp] Values are masked and shifted so the cast should be safe.
Added cast.
- [ping4.hpp] ICMP ID and sequence number function arguments are
changed to the same type as needed by the structure. For
IPv4 header version_len 2nd arg is int but sizeof is not, so we
cast it. IPv4 tot_len is a uint16_t so we clamp to that value
range and compute it once.
- [ping6.hpp] Enforces a value constraint on the len argument to
csum_icmp, then checks the result of some math to ensure
the result will fit in the type it has to fit. In generate_echo_request
the ICMP ID and sequence args are changed to match the
type they are assigned to in the struct, and added
numeric_cast to range check payload_len.
- [remotelist.hpp] In get_endpoint, endpoint.port is called with an
unsigned int where the function is expecting an unsigned short int.
Since parse_number_throw is a function template, we just ask it to
return the correct type now.
- [compress.hpp] In v2_push we accept an int value that is assigned to
an unsigned char we push to the buffer. I changed the function to
accept an unsigned char directly.
Added unit tests - thanks Mark Deric.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
2023-02-27 21:47:53 +01:00
|
|
|
} // namespace openvpn::AEAD
|
2014-12-21 18:32:37 +01:00
|
|
|
|
|
|
|
|
#endif
|