The need of having to call the assert_crypto() member function to ensure
that a cryptographically strong RNG is used where needed, was reported
as potentially insecure, since calling it manually can easily be missed.
In the commit the two new classes StrongRandomAPI and WeakRandomAPI are
introduced. They are to be used instead of just RandomAPI, unless it
doesn't matter what strength the RNG is.
All the places the assert_crypto() was called were converted to using
StrongRandomAPI instead. Also the RNGs for which assert_crypto() was not
throwing are now inheriting from StrongRandomAPI.
Variable names, which have the StrongRandomAPI type, but were called
prng, are changed to rng instead to follow the source code convention.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
-- disambiguate new_obj(): new_man_obj(), new_tun_obj
-- remove obfuscatory typedef <class> Base; use <class>
-- in servproto.hpp typedef ProtoContext::ProtoConfig to ProtoConfig
since Arne's already disambiguated Config
-- disambiguate Link<>: TCPLink<>, UDPLink<>
Added TODO comment on unneeded version of control_net_recv()
Signed-off-by: Mark Deric <jmark@openvpn.net>
Usually caused by the only use being in macros that do not
necessarily expand to code depending on the preprocessor
flags.
While here, convert existing work-arounds to [[maybe_unused]]
as well.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- Used static_cast instead of direct type conversions in places where
it's safe
- Used numeric_cast where failure is possible
- Changed types of arguments and locals when practical
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
All of these cases are safe casts since the
value is checked before-hand. So convert them
to explicit casts.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
* local_ip() has been renamed to local_addrs() and now
returns a vector of addresses. This is because the
user may want to specify local addresses for both
IPv4 and IPv6.
* error_expire() has been removed because it currently
has no users.
Signed-off-by: James Yonan <james@openvpn.net>
Previously, when WS::Client entered websocket streaming
mode, it would cancel the general_timeout.
Now when websocket_timeout is nonzero, general_timeout will
be reset to the websocket_timeout value when the websocket
begins streaming. This allows websocket use cases
to retain a general_timeout even during streaming.
By default, websocket_timeout is set to zero, which will
retain the pre-existing behavior of canceling the
general_timeout when streaming begins.
Signed-off-by: James Yonan <james@openvpn.net>
When WS::Client is operating with a AltRoutingShimFactory
object, bind to the local address provided by the local_ip()
method if defined.
Signed-off-by: James Yonan <james@openvpn.net>
Previously the debug message "ALT_ROUTING HTTP CONNECT to ..."
was conditional on debug_level in WS::Client::Config being
>= 2.
Instead, we now consult alt_routing_debug_level()
defined by AltRoutingShimFactory for the debug level.
This makes it more straightforward to debug
AltRoutingShimFactory because the relevant debug levels
have been consolidated within the class being debugged.
Signed-off-by: James Yonan <james@openvpn.net>
This is the result after running 'clang-format -i' on all C++ files and
headers, with the defined formatting rules in .clang-format.
Only the openvpn/common/unicode-impl.hpp has been excluded, as that is
mostly a copy of an external project.
Signed-off-by: David Sommerseth <davids@openvpn.net>
When enabled, retry_on_http_4xx indicates that HTTP status
codes between 400 and 499 should be considered a
retryable error. AWS appears to need this.
Note that error codes between 500 and 599 are always
considered to be retryable.
Signed-off-by: James Yonan <james@openvpn.net>
VPN Binding Profiles (previously committed as VPN Connection
Profiles) contain information on an active VPN client session
such as local VPN IPs, gateway, and DNS resolver addresses
that can be directly used by higher-layer HTTP/REST-API
clients to (a) ensure that sessions are routed over the VPN,
and (b) privately use the VPN-server-pushed DNS resolvers
without publishing them in /etc/resolv.conf.
Signed-off-by: James Yonan <james@openvpn.net>
A VPN connection profile is basically a JSON representation
of the server-pushed parameters of a VPN session such as
VPN IPs, Gateway IPs, and DNS servers. It can be obtained
on the client via TunBuilderCapture::to_json()
This patch allows an HTTP client or server to bind to the
VPN connection profile, so that the VPN IP is used as the
local address, the Gateway IP is optionally used as the
destination address, and DNS lookups are performed using
the pushed DNS servers (without needing to overwrite
/etc/resolv.conf).
For example, suppose the VPN connection profile
is in /pg/uplink-connection-info
Then we can bind to the VPN IP addresses on the server side:
http-listen @/pg/uplink-connection-info 8443 tcp4 ssl
http-listen @/pg/uplink-connection-info 8443 tcp6 ssl
Or connect to a remote REST API using the VPN session
and VPN server-provided resolvers.
<aws-client>
host mybucket.s3.amazonaws.com
port 443
vpn-connection-info /pg/uplink-connection-info
...
</aws-client>
Signed-off-by: James Yonan <james@openvpn.net>
HTTPStateContainer contains the current HTTP client session
state, and can be retained for multiple HTTP transactions
over a persistent HTTP session.
Since SyncPersistState can optionally contain the Asio
io_context for synchronous operations, it seems logical
to colocate this object with HTTPStateContainer.
Signed-off-by: James Yonan <james@openvpn.net>
Previously, ssl_up_stack() in httpcommon.hpp would
loop indefinitely until ssl_sess->read_cleartext_ready()
returned false, or halt is set. read_cleartext_ready()
will return true as long as the SSL_pending() function in
OpenSSL returns non-zero. But recent experience as well
as updates to the SSL_pending() man page suggest that
SSL_pending() may return non-zero even though no data is
actually readable from the object. In this case,
the previous code would enter an infinite loop.
The fix is to break out of the ssl_up_stack() loop when
ssl_sess->read_cleartext() returns zero size, rather
than solely relying on the return value of SSL_pending().
Signed-off-by: James Yonan <james@openvpn.net>
AltRoutingShimFactory::connect_timeout() returns an int, not an unsigned.
With that the if condition below makes sense again.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
Include openvpn/common/periodic_fail.hpp unconditionally,
since more than one test component now requires it.
Signed-off-by: James Yonan <james@openvpn.net>
This seems like a more general solution for developing resolver results mutators
such as randomize and filter by IP version.
Signed-off-by: James Yonan <james@openvpn.net>
Previously, all listener sockets were configured with both
reuseaddr and reuseport. reuseaddr is reasonable to use as
a default, but reuseport should only be used when different
threads are listening on the same local port/address for
load-balancing purposes.
This patch adds two new socket option flags DISABLE_REUSE_ADDR
and REUSE_PORT, to provide finer-grained control over
these options.
Signed-off-by: James Yonan <james@openvpn.net>
As noted in the Asio documentation, an AsioTimer handler can be
called with a non-error status after timer cancellation.
Unfortunately, this can lead to race conditions, so I'm moving over
all AsioTimer users to AsioTimerSafe when I don't see the handler
clearly checking for late cancellation.
Signed-off-by: James Yonan <james@openvpn.net>
The walk() method calls a caller-defined function on all
of the active client instance objects bound to the listener.
Signed-off-by: James Yonan <james@openvpn.net>
Child classes may want to operate on a received buffer, before it is
passed down the stack. This can be useful when the Proxy Protocol
parser wants to parse and wipe its header.
Make it a virtual method so that it can be overridden by child classes
where higher level logic are implemented.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>