Following an high number of users complaints, it was suggested
to re-enable MD5 and to give our users a notice period of some
months before dropping its support entirely.
With this patch we add a new certificate profile called "insecure"
which is equal to "legacy" with the addition of MD5.
By default OpenVPN3 still use legacy and the insecure profile
must be enabled explicitly by the client app.
The new profile is also enveloped in an ifdef so that
such support is not introduced, unless who builds the core
knows about it.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Allow source files that require JSON library functionality
to include a single file (openvpn/common/jsonlib.hpp) which
will then draw in the appropriate JSON library header based
on configuration #defines.
Code can #ifdef on HAVE_JSON to test whether or not JSON
functionality is available (previously, HAVE_JSONCPP
was used).
Currently supports JsonCpp and an OpenVPN-internal JSON
implementation.
This model assumes that alternative JSON implementations
are API-compatible with JsonCpp.
Signed-off-by: James Yonan <james@openvpn.net>
By default tls-crypt is now enabled instead of tls-auth.
It can be easily changed by editing the define at the top
of test/ssl/proto.hpp
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Not really important, but worth fixing to avoid polluting
any memchecker output with unreleased (leaked) resources.
Release process resources before exiting the main function.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
* enabled by OPENVPN_OVPNCLI_SINGLE_THREAD compile flag.
* turns off the signal blocker.
* Adds overrideable clock_tick() virtual method with
configurable frequency that is used when processing
signals when the OpenVPN client is running in
single-thread mode.
Signed-off-by: James Yonan <james@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
legacy -- allow 1024-bit RSA certs signed with SHA1
preferred -- require at least 2048-bit RSA certs signed
with SHA256 or higher
suiteb -- require NSA Suite-B
The current default is legacy.
The directive can be set in the profile or overridden/defaulted
in the client API via ClientAPI::Config::tlsCertProfileOverride
var.
TODO: implement for OpenSSL.
This patch builds on work by David Sommerseth <davids@openvpn.net>
to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which
has significant differences in some areas.
- Strings containing keys, certificates, CRLs, and DH parameters
need to be NULL-terminated and the length argument provided to
the corresponding mbedtls parse function must be able to read
the NULL-terminator. These places have been modified with a
'+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp,
pkctx.hpp).
- The SSL context object has been split up in mbedtls-2.3
Now many of the SSL configurations are done in a separate
SSL config object, which is added to the SSL context once
configured. In addition private/public keys are now stored
in a separate pk_context, which is later on attached to the
SSL context. Due to this, many of the calls setting either
SSL configuration parameters or working with pk_contexts have
been refactored. (sslctx.hpp)
- The older API loading the CA chain took a hostname argument.
The new API requires mbedtls_ssl_set_hostname() explicitly to
be called setting hostname. Some refactoring was needed here
too (sslctx.hpp).
- x509_oid_get_description() is now replaced by
mbedtls_oid_get_extended_key_usage().
- when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return
value was changed so that a return value of 0 now means equal
rather than not-equal.
- mbedtls/platform.h must be loaded before any other mbedtls
include files (sslchoose.hpp).
- All functions and macros related to mbedTLS are now prefixed
with mbedtls_/MBEDTLS_
- Refactored External PKI and added some options to cli.cpp
to make it easier to test that the feature still works
correctly. This included removing the sig_type var and
standardizing on a PKCS#1 digest prefix per RFC 3447.
- Updated test keys to 2048 bits.
- Updated dependency build scripts to build mbedTLS.
- Enable MD4 in mbedTLS build script (needed for NTLM auth).
- Use an allow-all X509 cert profile to preserve compatibility
with older configs. Going forward, we will implement new
options to increase strictness on minimum RSA key size and
required cert signing algs.
- Added human-readable reason strings that explain why
a given cert in the chain wasn't accepted.
- This patch doesn't rename any files or rename internal
OpenVPN 3 symbols such as PolarSSLContext. This will
be done in a separate commit.
Signed-off-by: James Yonan <james@openvpn.net>
Triple DES, and other 64-bit block-size ciphers vulnerable
to "Sweet32" birthday attack (CVE-2016-6329). Limit such
cipher keys to no more than 64 MB of data
encrypted/decrypted. While our overall goal is to limit
data-limited keys to 64 MB, we trigger a renegotiation
at 48 MB to compensate for possible delays in renegotiation
and rollover to the new key.
This client-side implementation extends data limit
protection to the entire session, even when the server
doesn't implement data limits.
This capability is advertised to servers via the a
peer info setting:
IV_BS64DL=1
meaning "Block-Size 64-bit Data Limit". The "1" indicates
the implementation version.
The implementation currently has some limitations:
* Keys are renegotiated at a maximum rate of once per
5 seconds to reduce the likelihood of loss of
synchronization between peers.
* The maximum renegotiation rate may be further extended
if the peer delays rollover from the old to new key
after renegotiation.
Added N_KEY_LIMIT_RENEG stats counter to count the number
of data-limit-triggered renegotiations.
Added new stats counter KEY_STATE_ERROR which roughly
corresponds to the OpenVPN 2.x error "TLS Error:
local/remote TLS keys are out of sync".
Prevously, the TLS ack/retransmit timeout was hardcoded to
2 seconds. Now we lower the default to 1 second and make
it variable using the (pushable) "tls-timeout" directive.
Additionally, the tls-timeout directive can be specified
in milliseconds instead of seconds by using the
"tls-timeout-ms" form of the directive.
Made the "become primary" time duration configurable via
the (pushable) "become-primary" directive which accepts
a number-of-seconds parameter. become-primary indicates
the time delay between renegotiation and rollover to the
new key for encryption/transmission. become-primary
defaults to the handshake-window which in turn defaults
to 60 seconds.
Incremented core version to 3.0.20.
INFO,<payload>
Payload can be any UTF-8 printable string under 64 KB
(multiple lines are okay).
INFO notifications can be sent from server to client
in real-time, on any active client connection.
The client will attach the payload to an INFO event and
forward it to the controlling app via the event callback:
virtual void event(const Event&) = 0;
receive path to reassemble messages fragmented by the
SSL layer up to a max message size of 64 KB.
Ramifications:
* Peer info data and pushed options can be significantly
larger (i.e. approaching 64 KB).
* Less need for the options continuation feature.
Limitations:
* While this patch doesn't change the underlying OpenVPN
protocol, it can result in messages being sent that are
fragmented by the receiving SSL implementation into
multiple buffers. Implementations that lack reassembly
capabilities (such as OpenVPN 2.x at this point in time)
would see each buffer fragment as a separate message.
* This patch running on the server will break negotiation
with pre-peer-info clients. Basically this means it will
interoperate with any OpenVPN 3 version or OpenVPN 2.x
version that includes the June 2010 commit "Implemented a
key/value auth channel from client to server.
Version 2.1.1i".
(instead of 2):
(a) ordinary events such as CONNECTING, CONNECTED,
(b) nonfatal errors such as TRANSPORT_ERROR that will
automatically trigger a reconnect, and
(c) fatal errors such as AUTH_FAILED, that will be followed
by a DISCONNECT
In ClientAPI::Event, added a new "fatal" boolean to indicate
when errors are fatal.
Added a new non-fatal event TUN_ERROR that triggers a
reconnect when errors are indicated in tunio.hpp.
ClientAPI::Config::ipv6 string:
IPv6 preference
no -- disable IPv6, so tunnel will be IPv4-only
yes -- request combined IPv4/IPv6 tunnel
default (or empty string) -- leave decision to server
bool ClientAPI::Config::autologinSessions and default
to false. Previously, the logic was hardcoded to true.
Autologin Sessions can be enabled in the cli.cpp wrapper
using the -a flag.
ClientAPI::Config::gremlinConfig string.
The gremlin option allows extra packet latency
or unreliability to be added to the tunnel.
The format of the option is a comma-separated list
of numerical parameters:
send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob
Parameter description:
send_delay_ms : delay packets by n milliseconds before
transmission (UDP/TCP).
recv_delay_ms : delay received packets by n milliseconds
before processing them (UDP/TCP).
send_drop_prob : drop sent packets with probability 1/n
(UDP only).
recv_drop_prob : drop received packets with probability
1/n (UDP only).
Set any parameter to 0 to disable.
Gremlin parameters currently work with UDP and TCP
transport as documented above, but not for proxy transport.
Client must be built with the OPENVPN_GREMLIN flag to compile
gremlin functionality.
Command-line client can set the gremlin config
string using --gremlin or -G, for example:
--gremlin=250,250,64,64
When using the above parameters, an extra 500 milliseconds
will be added to round-trip latency, and 1/64 sent or
received packets will be dropped.
class with ovpn3 core:
// If enabled, don't direct ovpn3 core logging to
// ClientAPI::OpenVPNClient::log() virtual method.
// Instead, logging will go to LogBaseSimple::log().
// In this case, make sure to define:
// LogBaseSimple log;
// at the top of your main() function to receive
// log messages from all threads.
// Also, note that the OPENVPN_LOG_GLOBAL setting
// MUST be consistent across all compilation units.
#if 0
#define OPENVPN_LOG_GLOBAL // use global rather than thread-local log object pointer
#include <openvpn/log/logbasesimple.hpp>
#endif
interface management code into TunMac::Setup()
(tunsetup.hpp).
Added TunBuilderSetup::Config, Base, and Factory for use
as a unix-portable abstraction layer for tun interface
management code.
Added Stop object pointer to Mac OS X tun config
(TunMac::ClientConfig), so that tun management code can
detect stop commands if it's blocking outside of outer
asio::io_context.
data to the OpenVPN handshake (peer-info is a client -> server
key/value list that is part of the OpenVPN protocol). To
add peer-info key/value pairs, use ClientAPI::Config::peerInfo.
Incremented core OPENVPN_VERSION to "3.0.6".
allowing backtracks of up to 2048 (previous limit was 64).
In addition, we now maintain the packet ID window as a bit
array (previously a byte array was used).
This feature is needed by Android because it lacks a native
VPN API method for excluding routes.
If redirect-gateway is enabled and exclude routes are present,
such as:
route 54.215.128.71 255.255.255.255 net_gateway
the client will emulate the excluded route(s) by adding routes
that encompass the entire IPv4/v6 address space EXCEPT for the
excluded route. These routes will be used for redirect-gateway
instead of the standard 0.0.0.0/0 and ::0/0.
1. work with latest proto.hpp API changes.
2. NOERR -- if defined, turn off simulated errors
3. FORCE_AES_CBC -- set force_aes_cbc_ciphersuites SSL flag
4. if VERBOSE, enable SSL debugging output
This is to prevent an attacker from using knowledge about the hash
table bucket hashing function to maliciously attempt to create
unbalanced hash buckets, which in turn could lead to DoS.
test/ovpncli/README.txt -- C++11 is the default mode, so
remove info about how to enable it.
test/ssl/README.txt -- include note about building proto
with Profile-Guided Optimization on Linux.
* Performance degradation from recent commit was occurring
in PRNG.
* Allow RNG to be used in place of PRNG. For PolarSSL
at least, this change completely reverses the
polymorphic ProtoContext performance degradation
and turns it into a net performance gain.
* Added bool prng to RNG constructors to allow
the implementation to optimize for PRNG
(only PolarSSL currently supports this).
Documented different use-cases for RNG vs. PRNG
in ProtoContext:
RNG -- Random number generator.
Use-cases demand highest cryptographic strength
such as key generation.
PRNG -- Pseudo-random number generator.
Use-cases demand cryptographic strength
combined with high performance. Used for
IV and ProtoSessionID generation.
three-level factory model:
CryptoDCFactory -- builds CryptoDCContext objects for a given
cipher/digest
CryptoDCContext -- builds CryptoDCBase objects for a given key ID
CryptoDCBase -- encrypt/decrypt data channel
