Rename BufferAllocated --> BufferAllocatedRc
Buffer: split RC from BufferAllocated
Also make changes as needed where BufferAllocated is used
Buffer: Split allocation flags into own struct
Leaving flags in template causes each alias to have identical flags
by different names, which requires each type to pointlessly use
the nested name.
Make RC: Clean up headers buffer.hpp, make_rc.hpp
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
Allow to set a program to get root (e.g. "sudo").
This allows to run the sitnl tests via ctest.
Only required on Linux, since those tests are
Linux-only.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Previously this logic was encoded in Jenkinsfile by
running the UTs manually. Much preferable to just
use ctest.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The AppControl feature provides an internal communications channel that
is described in detail in the relevant commits that implement it. This
change adds two intrinsic app control 'protocols' to the list of
supported handlers in the client. The new protocols are:
- cxa1: This is a request for the client to begin a TLS handshake via
the app control channel.
- cck1: This is the protocol that allows the exchange of the requested
TLS handshake data.
The 'cxa1' handler parses the request and initiates the handshake from
the client. This handshake is exchanged via the 'cck1' protocol and
serves to prove to the server that the client has access to the required
private key.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
Functions from_utf8() and to_utf8() added one extra '\0' glyph to the
output string, i.e. if the input basic_string::size() was 8 the output
was 9. Normally this would not make a difference since for most string
usage, as the extra NUL at the end would mostly be ignored. However if
you used the output string to append to another string the extra NULs
were actually also appended, resulting in a string with embedded NUL
characters. Which is a problem with the next use case.
The pack_string_vector() function failed to produce a wide MULTI_SZ
string from a vector of strings, unlike advertised. The extra NUL
actually led to the MULTI_SZ string always being terminated after the
first string. Besides that, the function actually never terminated the
MULTI_SZ in the first place and also failed to handle empty vectors
gracefully.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
With compression logic now being able to be tuned at runtime the
different executable to allow a different define for the compression
log level is no longer needed.
Prefix the defines of test_proto.cpp with PROTO_ to avoid collision of
these very generic named defines
Signed-off-by: Arne Schwabe <arne@openvpn.net>
When correcting conversion issues in RouteBase a to_string bug was
introduced which caused some characters to be escaped when inserted
to the string, for example a prefix_len of 0 would render as "\0"
rather than inserting '0'. The std::ios::binary flag does not seem
to prevent this for std::ostringstream so I have cast the data member
up to uint16_t which should be safe, and solves the issue.
Added a unit test to demonstrate the issue. Old code output was
"0.0.0.0/\0", now outputs "0.0.0.0/0" as expected.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
- Add notes regarding some unexpected behaviors in sslctx
- Add unit tests specifically for sslctx, including simple in-memory
handshaking with both success and failure examples.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
If we get a valid but almost empty PKCS7 structure we otherwise try
to access invalid fields.
CVE: CVE-2023-6247
Reported-by: Bahaa Naamneh <bahaa.cpl@gmail.com>
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This adds the capability to implement a custom app level protocol
that support message passing over the OpenVPN control channel.
The protocol is agnostic to the data that is transported over it
and the message splitting/reassmbly is handled transparently by the
OpenVPN library itself.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Fixed one issue while at it, with parse() not clearing
the username and password arguments.
The general issue that overflow doesn't throw is reflected in
a disabled test. This will need to be fixed in SplitLines,
probably.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The psid cookie defense is designed to thwart resource exhaustion and
amplification attacks wherein a malicious client sends the server a
flood of CONTROL_HARD_RESET_CLIENT_V2 packets with spooofed source
addresses. This patch allows the server to defer client tracking
state creation until the client responds to the server's
CONTROL_HARD_RESET_SERVER_V2 message.
Signed-off-by: Mark Deric <jmark@openvpn.net>
The undefined behavior is unary negation of T:min of a signed type
attempting to get a positive value of the same signed type.
This commit adds a unit test that exposes the original bug and well as
a fix for it.
Signed-off-by: Mark Deric <jmark@openvpn.net>
This fixes deprecation warnings with latest CMake.
("Compatibility with CMake < 3.5 will be removed
from a future version of CMake.")
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
When the test/ssl/proto was migrated to a unit test, all the
build time tuneables for changing the test scope got lost.
This change re-introduces these parameters in the appropriate
CMakeLists.txt. Further, it adds an improved README in .rst format
that describes the parameters; this is based on the original README
file in test/ssl.
In addition, it adds improved handling of the directory where the test
certificates and key files are located; now they can be adjusted more
easily.
Signed-off-by: Mark Deric <jmark@openvpn.net>
The new test file, test_proto.cpp, is moved from test/ssl/proto.cpp
and only minimally changed. The 2nd executable is based upon
core_tests.cpp, same as the 1st executable. But note that the CMake
file has differences between the executables.
Signed-off-by: Mark Deric <jmark@openvpn.net>
Always use find_package for all libraries.
Add missing Find*.cmake modules.
Always define an IMPORTED library in Find*
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- Increase required version to 3.10. That is the version in
Ubuntu Bionic and currently the oldest one we still want
to support.
- Enable CTest for test target
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This commit adds two useful numeric limiting functions in
two headers plus a third supporting header and unit tests.
The unit tests cover all code paths and many conditions
but may not be 100% complete from a viewpoint of
covering all edge cases.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
Previously, ConstBuffer was simply a BufferType with a const
data type. However this model, and the fact that BufferType
has a vtable, makes it difficult to efficiently cast Buffer
to ConstBuffer via static_cast without introducing an unsafe
downcast.
This commit tries a different approach by factoring out const
BufferType operations into a new base class ConstBufferType.
In the new model, BufferType inherits from ConstBufferType.
Member functions that treat the underlying data buffer as
const have been moved to ConstBufferType while member
functions that treat it as mutable remain in BufferType.
This makes casting BufferType to ConstBufferType a trivial
upcast while also greatly simplifying const_buffer_ref().
Signed-off-by: James Yonan <james@openvpn.net>
Adds a library method C2os:cast() that converts an iterable container,
i.e., one that can be a range-expression in a range-based for loop,
into a type that can be inserted into an ostream. This only addresses
the container semantics in the ostream insertion. The underlying
contained type T (if the container were stl, the value_type) must work
with ostream<<.
The result of the operator<< insertion is a square bracket enclosed,
comma delimited string of the items in the container. Note that the
commit includes ideas on expanding choices of container rendering
details.
Attribution to James Yonan. Made significant contribution to
expanding the scope of collections. And reduced code complexity.
Also to Charlie Vigue; eliminated the "first" test inside the loop.
Signed-off-by: Mark Deric <jmark@openvpn.net>
This commit removes the ability to pass down the windows sizes for ack
windows down from the configuration. This capability was never used and
instead the receive and send window were both hardcoded at 4. Also
change the receive window to 12 and the send window to 6 like
OpenVPN 2.6 does.
Also to improve control channel reliability, resend previous ACKs in MRU
fashion if there is still room for them in a control channel packet.
This patch is based on a patch was written
by Charlie Vigue <charlie.vigue@openvpn.net>.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
The tests in common were based on running main(); the tests have been
converted to the gtest framework and are now part of the automated
unit test suite.
Signed-off-by: Mark Deric <jmark@openvpn.net>
Previously, we only supported int64 serial numbers.
This change renames get_sn() method to serial_number_as_int64()
for code that cares about 64-bit serial numbers.
Signed-off-by: James Yonan <james@openvpn.net>
This commit add several improvements to dealing with unknown options
in client configuration files:
- implement ignore-unknown-option
- categorise the OpenVPN2 options in multiple categories and
warn/error out depending on the category
- error out when unsupported/unknown options are found. This avoids
problems like with --tls-crypt/--tls-crypt-v2 before where client
would ignore these options and not connect at all
Signed-off-by: Arne Schwabe <arne@openvpn.net>
As a first step towards DNS configuration in openvpn and a unified way
to push DNS related settings to clients in v2 and v3, this commit adds
support for parsing the new --dns option. Later commits will add support
for setting up DNS on different platforms.
For now, --dns and DNS related --dhcp-option can be used together for
smoother transition. Settings from --dns will override ones --dhcp-option
where applicable.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
- Test for CAP_NET_ADMIN instead of root.
This correctly skips the test if you're root but have
dropped capabilities, e.g. inside docker.
- Fix TestSetMTU to correctly ignore any additional lines
in the output.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The old API is deprecated in OpenSSL 3.0 and the new API does not yet
exist in OpenSSL 1.1. Emulating the new API or using one class with
ifdefs would be more complex than just having two implementations. So
this adds a new implementation for OpenSSL 3.0.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This might not be the final fix. Note the extensive code comment
inside the cmake file if(). The comment suggest a potentially better
fix, but it's unlikely.
Signed-off-by: Mark Deric <jmark@openvpn.net>
Removed declared_size_defined in favor of just setting
declared_size to a special value (SIZE_UNDEF) when it's
undefined.
Signed-off-by: James Yonan <james@openvpn.net>
This option lets you specify the SHA256 fingerprint of a peer's self-signed
certificate. The peer's certificate, presented during connection bring-up,
is compared to the fingerprint. The connection fails if it doesn't
match.
So, this serves as an easy, yet secure, alternative to setting up a PKI,
but can also be used in conjunction with one to add one more check during
leaf certificate validation.
The option can also be given as inline block, for easier management for
multiple fingerprints:
<peer-fingerprint>
00:11:22:33:...:BB:CC:DD:FF
BB:CC:DD:FF:...:00:11:22:33
</peer-fingerprint>
Signed-off-by: Heiko Hund <heiko@openvpn.net>
The CMakeLists.txt settings from the project root directory are
inherited by the defined subdirectories automatically.
Also switch to a simpler way of setting the CMAKE_MODULE_PATH.
According to the CMake documentation, this variable is empty by
default [1] and should not need to pull in existing settings.
Finally remove the comment regarding CMake's use case, as we are
moving towards full CMake support for OpenVPN 3.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Add the option from openvpn2. If given, prepend hostnames
from remote options with six random hex bytes before
DNS resolution is taking place, e.g.
host.domain -> e3b17bf7cd57.host.domain
Signed-off-by: Heiko Hund <heiko@openvpn.net>
Use ::CreateIpForwardEntry2() to add route instead of
expensive netsh call. Make it as a default choce.
Add unit test.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use ::CreateIpForwardEntry2() to add route instead of
expensive netsh call. Make it as a default choce.
Add unit test.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Commit 941104cf4 refactored the way how test files are added, but
broke (disabled) execution of sitnl and cputime tests. Fix that.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
