misc.c is a mess of incoherent functions, and is therefore included by
virtually all our source files. That makes testing harder than it should
be. As a first step of cleaning up misc.c, move adjust_power_of_2() to
integer.h, which is a more suitable place for a function like this.
This allows us to remove the duplicate implementation from test_argv.c.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20170621211043.6490-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14940.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The COPYRIGHT.GPL file was slightly out-of-sync with the last GPLv2
license from Free Software Foundation, Inc.
The changes are primarily a new address, which required touching almost
all the project files.
Except of that, it is just minor adjustments to formatting, removal of
form-feed characters and referencing "GNU Lesser General Public License"
instead of "GNU Library General Public License".
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170329093648.10156-1-davids@openvpn.net>
URL: https://www.mail-archive.com/search?l=mid&q=20170329093648.10156-1-davids@openvpn.net
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Instead of failing the test with an unclear error, print that the a
required crypto primitive is not supported and skip the test.
This is for example the case when using the system-supplied openssl on
SLES11, which does not support AES-256-CTR.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1494859483-16466-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14657.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Previously, if a mode was selected where packet ids are not allowed to roll
over, but renegotiation does not succeed for some reason (e.g. no password
entered in time, certificate expired or a malicious peer that refuses the
renegotiaion on purpose) we would continue to use the old keys. Until the
packet ID would roll over and we would ASSERT() out.
Given that this can be triggered on purpose by an authenticated peer, this
is a fix for an authenticated remote DoS vulnerability. An attack is
rather inefficient though; a peer would need to get us to send 2^32
packets (min-size packet is IP+UDP+OPCODE+PID+TAG (no payload), results in
(20+8+1+4+16)*2^32 bytes, or approx. 196 GB).
This is a fix for finding 5.2 from the OSTIF / Quarkslab audit.
CVE: 2017-7479
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494358209-4568-3-git-send-email-steffan.karger@fox-it.com>
URL: http://www.mail-archive.com/search?l=mid&q=1494358209-4568-3-git-send-email-steffan.karger@fox-it.com
Signed-off-by: David Sommerseth <davids@openvpn.net>
Because there is no packet_id in those builds... This fixes 'make check'
for --disable-crypto builds, caught by travis.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494014848-20099-1-git-send-email-steffan.karger@fox-it.com>
URL: http://www.mail-archive.com/search?l=mid&q=1494014848-20099-1-git-send-email-steffan.karger@fox-it.com
Signed-off-by: David Sommerseth <davids@openvpn.net>
The functions packet_id_alloc_outgoing() and packet_id_write() were
always called in tandem. Instead of forcing the caller to allocate a
packet_id_net to do so, merge the two functions. This simplifies the API
and reduces the chance on mistakes in the future.
This patch adds unit tests to verify the behaviour of packet_id_write().
Verifying that we assert out correctly required the change to mock_msg.c.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494006291-3522-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14541.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
We already track a lot of files over the whole directory structure
in the main .gitignore file. But a few additional ones had been
added into some of the subdirectories.
This unifies all these files into a master file for the whole project,
making it easier to know where to look at and edit if changes needs
to be done.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170120210457.3383-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13916.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
- Also make tests that require --wrap option to be
conditional on this support
[ DS: Removed AC_DEFINE([HAVE_LD_WRAP_SUPPORT],...) at commit time
as we now see no real use for such a #define in config.h ]
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1484772172-19758-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13897.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
When the pulled options change, OpenVPN will attempt to reopen the tun
device. That might fail if the process has already dropper privileges,
and is not needed unless the tun MTU is changed. This patch therefore
ignores the cipher value for the digest if a fixed tun-mtu is used.
Additionally, this patch changes the md_ctx_update() call to include the
trailing zero byte of each option, to make sure that parsing "foo,bar"
results in a different hash than "foobar". (Sorry for not catching that
during the review...)
The unit tests are a bit lame, but it secretly serves as a way to lower
the bar for adding more buffer.c unit tests.
Trac: #761
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481838366-32335-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13579.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This is the first commit of the big reformatting task. This
is performed by running the ./dev-tools/reformat-all.sh script.
This is based upon the v3 reformat-all.sh/uncrustify.conf version
which is now applied to git master.
Signed-off-by: David Sommerseth <davids@openvpn.net>
These help verify the tls-crypt functionality - they already caught a
bug during development. We should however probably also add some
t_client tests once this feature is in.
To test --tls-crypt with as few dependencies as possible, this adds a
mock implementation of msg() (or actually x_msg()). For debugging
purposes, the mock implementation can be made to really log by calling
mock_set_debug_level(), but defaults to (almost) no logging.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1478636302-9678-6-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12973.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Fixes builds that use MBEDTLS_CFLAGS and friends to tell the build where
the header files and libraries are. Also alphabetically orders some of
the listed files in relates Makefile.am files.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479152603-5103-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13050.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Move functionality to parse command strings into argv_parse_cmd().
That is a preparation for the upcoming refactoring of argv_printf().
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1477672963-5724-5-git-send-email-heiko.hund@sophos.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12816.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
misc.c is too crowded with different things to perform any
sane unit testing due to its dependencies. So, in order to re-write
the #ifdef'ed tests for the argv_* family of functions into unit
tests I moved them into a dedicated file.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1477672963-5724-2-git-send-email-heiko.hund@sophos.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12811.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Commit 40cb4cfc5d added infrastructure to write unit tests using
cmocka. This was implemented using a git submodule to fetch an
up-to-date cmocka test framework.
The issue which appeared was that 'make check' stopped working if
the cmocka submodule was not initialized and updated. As we do not
want this to be a hard depenency, this patch makes running these
unit tests conditional. If cmocka has not been initialized, skip
them or if it has been initialized all unit tests will be run.
[v2 - Also check if cmake is available, as cmocka depends on that
to be built ]
Signed-off-by: David Sommerseth <dazo@privateinternetaccess.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1464703645-26640-1-git-send-email-openvpn@sf.lists.topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11758
No functional changes.
Utility functions of auth-pam are split into a dedicated file. This allows
the test programs to easily test these functions without adding
dependencies.
Add a minimal test for searchandreplace as a proof of concept.
[ Modified during commit: Enhanced documentation of functions in utils.h
to comply with doxygen standards ]
Signed-off-by: Jens Neuhalfen <jens@neuhalfen.name>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20160525175756.56186-3-openvpn-devel@neuhalfen.name>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11724
Signed-off-by: David Sommerseth <dazo@privateinternetaccess.com>
cmocka [1,2] is a testing framework for C. Adding unit test
capabilities to the openvpn repository will greatly ease the
task of writing correct code.
cmocka source code is added as git submodule in ./vendor. A
submodule approach has been chosen over a classical library
dependency because libcmocka is not available, or only
available in very old versions (e.g. on Ubuntu).
cmocka is build during 'make check' and installed in vendor/dist/.
[1] https://cmocka.org/
[2] https://lwn.net/Articles/558106/
Signed-off-by: Jens Neuhalfen <jens@neuhalfen.name>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20160525175756.56186-2-openvpn-devel@neuhalfen.name>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11725
Signed-off-by: David Sommerseth <dazo@privateinternetaccess.com>
