327 commits

Author	SHA1	Message	Date
Steffan Karger	607e2fcb9c	tls-crypt-v2: Avoid interpreting opcode as part of WKc ... The buffer we pass to tls_crypt_v2_extract_client_key contains the entire received control channel packet. We should skip the opcode before trying to read WKC. This logic error is a second bug behind the XlabAI finding, next too the too-strict ASSERT in tls_crypt_unwrap. Also remove a too strict ASSERT in tls_crypt_unwrap. We already check a few lines later for a too short packet and return a proper error ("packet too short"). XlabAI found a way of triggering this ASSERT that requires a tls-crypt-v2 client key that has a specific property (a specific byte need to have a specific value, about 1/256 probability). If an attacker can get hold of such a tls-crypt-v2 client key or observe a handshake using such a key, the attacker can trigger the ASSERT, crashing the server. Setups that do not use tls-crypt-v2 are not affected. Independently, Cisco Talos reported a way to trigger this ASSERT with any tls-crypt-v2 key but this requires the attacker to be also in possession of the private key part of the tls-crypt-v2 client key or to inject packet into a live session of a client session. CVE: 2026-35058 Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) Reported-By: Guannan Wang (wgnbuaa@gmail.com Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) Reported-By: Guancheng Li (lgcpku@gmail.com) Reported-By: Emma Reuter of Cisco ASIG (TALOS-2026-2381) Signed-off-by: Steffan Karger <steffan@karger.me> Signed-off-by: Arne Schwabe <arne@rfc2549.org> Change-Id: I623733c0476c98f436d19009ee8990693c1579b5 Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/111 Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 18270324a5fd43122ca1b8c29b224c5dd5905429)	2026-04-21 08:19:42 +02:00
Selva Nair	e722fde4aa	Add unit tests for 'auth-user-pass username-only' ... Input from stdin is tested. Change-Id: I1c18b3cf4a454444a61941d88a702a140b0ac23d Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1602 Message-Id: <20260414055805.16974-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36605.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 25c5c42ac2)	2026-04-15 11:48:32 +02:00
Arne Schwabe	490364ce09	Add unit test for printing various details of certificates ... These unit tests will ensure that refactoring of these methods does not change the output. Change-Id: Iacbd8195cdedc7226bddc686ca8dccf9f25f8842 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1598 Message-Id: <20260331173403.3082-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36389.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 27d1b9a0da)	2026-04-04 16:09:55 +02:00
Arne Schwabe	4d16f2a604	Rename key* to privkey* in cert_data.h ... The name key2 conflicts with our struct key2 and prevents these test keys from being used in test_ssl.c Change-Id: Id8680e6555a66024417d6eb9322d4fde79922453 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1597 Message-Id: <20260401102247.21915-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36401.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 579046470f)	2026-04-04 16:02:30 +02:00
Haixiao Yan	66989b384d	tests: skip test execution when cross-compiling ... The auth-pam unit test Makefile.am unconditionally assigns the TESTS variable, causing test execution to fail during cross-compilation because the target binaries are not executable on the build host. Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Acked-By: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20260326062016.3856597-1-haixiao.yan.cn@windriver.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36288.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 690aace41a)	2026-03-30 13:05:38 +02:00
Arne Schwabe	0bb9a25021	Remove unnecessary OpenSSL init and cleanup commands in unit tests ... After the removal of OpenSSL 1.0.2 support these instructions are no longer needed and the main OpenVPN program also no longer calls them in init_ssl_lib or free_ssl_lib. Also remove them from the unit tests. This also solves a deprecation warning on EVP_cleanup when compiling with aws-lc Change-Id: I228f6fd9ff18256f09d4348df1fc48853f8e7306 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1568 Message-Id: <20260316121148.25189-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36153.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 369c751078)	2026-03-16 14:47:34 +01:00
Frank Lichtenheld	c0e792112a	buffer: Add checked_snprintf function and use it in the code ... This reintroduces a function that converts the result of snprintf to a boolean since the check is always the same but annoyingly verbose. And it gets worse when you add -Wsign-compare. So in preparation of introducing -Wsign-compare wrap this check in the function. This somewhat reverts the removal of openvpn_snprintf. But note that that was originally introduced to work around the broken snprintf of Windows. So this is not exactly the same. For this reason I also classified this as a buffer function and not a compat function. Change-Id: Ia3477b8ee7a637c15aad7f285144280595cda5d5 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1489 Message-Id: <20260304110455.15859-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35872.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 1ec71fe0c0)	2026-03-04 14:14:55 +01:00
Antonio Quartulli	acbe874c71	options: drop useless init_gc param for init_options() ... The init_option() function is always invoked with the second param "init_gc" set to "true". This makes the parameter useless and it can therefore be removed while always taking the "true" branch in the related logic. This way we can also drop the options->gc_owned member as it would also be always set to true. Change-Id: I633d8cbf75ab4da85e16df44684aef60523811c5 Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1536 Message-Id: <20260217135605.154129-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35695.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 92937c267b)	2026-02-28 10:55:38 +01:00
Frank Lichtenheld	5836ccdff4	Review Changes.rst for 2.7.0 release ... Fixes various issues, either errors or things that got outdated during development. Change-Id: Idd079f42fac1189c08c6cf42ea84fa8c0383e1a8 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1515 Message-Id: <20260210162038.7915-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35574.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-02-10 18:40:20 +01:00
Frank Lichtenheld	83f9c55efb	test_openvpnserv: Make sure to include config.h ... Otherwise the check for cmocka version doesn't work. Includes the update to vcpkg in GHA since that exposed the problem. chore(deps): update vcpkg digest to 6d332a0 Change-Id: I3b246bcc36ba35c2ed9630dc18e97aff436eaa0b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1488 Message-Id: <20260126145558.31460-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35437.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-26 16:32:26 +01:00
Max Fillinger	494fb71804	Add support for Mbed TLS 4 ... This commit adds support for Mbed TLS 4. This version comes with some drastic changes. The crypto library has been completely redesigned, so the contents of crypto_mbedtls.c are moved to crypto_mbedtls_legacy.c and crypto_mbedtls.c handles the crypto for version 4. Mbed TLS 4 also removed the feature for looking up a crypto algorithm by name, so we need to translate algorithm names to Mbed TLS numbers in OpenVPN. The tables are not yet complete. For symmetric algorithms, I have added AES and Chacha-Poly which should be enough for most use cases. Change-Id: Ib251d546d993b96ed3bd8cb9111bcc627cdb0fae Signed-off-by: Max Fillinger <maximilian.fillinger@sentyron.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1441 Message-Id: <20260123164746.7333-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35401.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-24 18:49:44 +01:00
Frank Lichtenheld	b10ee38ccd	openvpnserv: Add a first unit test ... This adds the required build infrastructure and adds tests for two functions related to GetItfDnsDomains(). Change-Id: I33583e51e1143c53fbe0aef16546fa3f602b17c0 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1459 Message-Id: <20260119215058.27888-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35345.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-24 18:23:05 +01:00
Arne Schwabe	e0e0720ac3	Correctly handle sender jumping exactly epoch_data_keys_future_count ... When the sender jumps forwards exactly epoch_data_keys_future_count in its epoch key use the housekeeping logic does not handle this correctly and triggers an ASSERT. Change the code to correctly implement the special case when the new epoch key of the sender is the highest valid key epoch in the current window of valid epoch keys for receiving data. Change-Id: Ib581c02a29b974184256a9f4ad0ce15ba5f9db3b Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-By: Max Fillinger <maximilian.fillinger@sentyron.com> Reported-By: Pavel Kohout of Aisle Research <pavel.kohout@aisle.com> Github: closes OpenVPN/openvpn-private-issues#103 CVE: 2025-15497	2026-01-15 11:10:56 +01:00
Frank Lichtenheld	20f8127bcd	Fix building test_tls_crypt with cmocka 2.0 ... This was missed in commit 6db186e0b1 since we only built with cmocka 2.0 on macOS and that doesn't build test_tls_crypt. Now that we build with cmocka 2.0 also on Debian Sid we noticed the additional issues. Change-Id: Ibc964c13724316ca96276ba6b7d34dbbfcf52064 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1460 Message-Id: <20260108154248.21706-1-gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-08 16:50:36 +01:00
Frank Lichtenheld	f94a3ad2ba	Update Copyright statements to 2026 ... Change-Id: I1728fcb75284ba106e5c37ef53f6e568b64fb647 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1456 Message-Id: <20260108074915.9417-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59280815/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-08 10:59:57 +01:00
Arne Schwabe	927b45dde7	Allow test-crypto to work without the --secret argument ... The --test-crypto still requires the --secret argument. Since --secret will be removed in OpenVPN 2.8 but we want to keep test-crypt, remove the dependency of test-crypto on --static. Instead we will just generate a random key for this selftest method. This also removes the extra logic that is a leftover from the early multi-thread implementation attempt. Change-Id: I72947bd4f0213fd118327f740daeb1d86ae166de Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1435 Message-Id: <20251219135110.166468-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35157.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-12-22 13:09:24 +01:00
Frank Lichtenheld	6db186e0b1	tests/unit_tests: Port to cmocka 2.0.0 API ... But add compat layer so that we can still build against older versions of cmocka. Mostly this is trivial but the custom check function changed its prototype, so that requires some more work. Change-Id: Ifb6594700db71d219643a29c581099c778bcbbc6 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1449 Message-Id: <20251218104042.5961-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35144.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-12-18 12:21:28 +01:00
Frank Lichtenheld	75cc34eccc	mbuf: Add unit tests ... While fixing the conversion warning I was somewhat confused how this works, so added UTs to verify I understood it. v2: - disable assert test for MS VS - add define for memory-intensive UTs and only enable it by default for CMake builds, so we do not break a lot of builds out there due to memory allocation failures Change-Id: Icab68a5fd1b6288955f0073179f1ddde1468d951 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1432 Message-Id: <20251212120352.17402-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35050.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-12-12 13:52:02 +01:00
Moritz Fain	309c2332c3	PUSH_UPDATE: fix option reset logic in continuation messages ... Previously, the logic for resetting push options (like 'route') was based on `update_options_found` which was local to `apply_push_options`. This meant that if a PUSH_UPDATE was split across multiple continuation messages, the state was lost, causing routes to be reset multiple times (once per message chunk) rather than once per update sequence. This patch moves the state tracking to `struct options` as `push_update_options_found`, allowing it to persist across the entire PUSH_UPDATE sequence. This fixes an issue where large route lists sent via PUSH_UPDATE would result in only the last chunk's routes being applied, or previous routes being continuously deleted and re-added. Added unit test `test_incoming_push_continuation_route_accumulation` to verify the fix. Github: OpenVPN/openvpn#925 Signed-off-by: Moritz Fain <moritz-openvpn@fain.io> Acked-by: Marco Baffo <marco@mandelbit.com> Message-Id: <CAM8w-qEE6vHj=yUOpTFbM7DqPKzUV0NupvEG4rUefY=kNB2DxQ@mail.gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34814.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-12-10 12:34:16 +01:00
Arne Schwabe	18c483dd60	Fix memcmp check for the hmac verification in the 3way handshake being inverted ... This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection. While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot. Github: OpenVPN/openvpn-private-issues#56 CVE: 2025-13086 Reported-By: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Reported-By: stefan@srlabs.de Change-Id: I9cbe2bf535575b47ddd7f34e985c5c1c6953a6fc Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <max@max-fillinger.net>	2025-11-17 10:08:36 +01:00
Heiko Hund	5888adc6fa	msvc: fix struct initialization for v19 compilers ... Newer version of MSVC do not show the error anymore, but I do get, e.g.: test_crypto.c(538,23): error C2059: syntax error: '}' with version 19.38.33133 installed on a test system. Change-Id: I13e34119303e056fdb51ff9925f4944171c824f2 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1366 Message-Id: <20251111172504.7683-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34327.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-12 10:54:36 +01:00
Antonio Quartulli	c5e9950987	unit_tests: prefer proper cmocka assert helpers ... We have agreed to never use the plain assert() anywhere in the code. Unit tests are almost there as they always use cmocka provided assert helpers, except for two cases. Convert those two to cmocka assert calls too. While at it also ensure that the proper bool helpers are used rather than checking _int_equal against true/false. Drop assert.h in cryptoapi.c as well as it's not needed anymore. GitHub: Closes OpenVPN/openvpn#894 Change-Id: I61e4968f2e83d12d4d3fc3ccba92a06eb5ed5866 Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1345 Message-Id: <20251104081653.3368-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34179.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-04 09:18:56 +01:00
Antonio Quartulli	21b943734f	test_networking: use appropriate assert helpers ... In all unit tests we rely on CMocka's provided assert helpers. However, test_networking.c was still on the default assert() call, which we try to avoid in favour of more appropriate helpers. Substitute them all with assert_*() from CMocka. Change-Id: Ie153b3d5bf19200f225cd09131de8583645110be Reported-by: Marc Heuse <marc@srlabs.de> Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1342 Message-Id: <20251103145842.22969-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34155.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-03 16:31:59 +01:00
Marco Baffo	6b0208e962	PUSH_UPDATE server: invalid read bug-fix and unit-tests improvements ... The number of messages calculated before the call to message_splitter(), used in the memory allocation in the buffer array, could in certain cases be less than one than the actual number of messages, thus causing an override of the sentinel buffer in message_splitter() and therefore an invalid read in send_single_push_update(). The case in question would be, for example, a sequence of three options "A,B,C" with the size of B equal to safe_cap - 1 and the sum of the sizes of A and C less than safe_cap - 2. The buffer array was therefore replaced with a list of buffers to completely avoid calculating the number of messages before it was actually computed. The test case in question has been added to the unit tests. The unit tests have been improved using cmocka macros. Change-Id: Idba419681fe3ccc4e6e2f6ce7592332dcff62cd9 Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1316 Message-Id: <20251030195244.2659-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34073.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-31 10:51:47 +01:00
Antonio Quartulli	b9b5470521	sitnl: set FD_CLOEXEC on socket to prevent abuse ... Since OpenVPN spawns various child processes, it is important that sockets are closed after calling exec. The sitnl socket didn't have the right flag set, resulting in it surviving in, for example, connect/disconnect scripts and giving the latter a chance to abuse the socket. Ensure this doesn't happen by setting FD_CLOEXEC on this socket right after creation. Reported-by: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1314 Message-Id: <20251028162843.18189-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33952.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-28 17:31:35 +01:00
Frank Lichtenheld	160e994d72	push_util: Make send_push_update static ... Not necessary to make it non-static just for UTs. Change-Id: I348abec1e2f32301a0368d5f541e67bddf358bbc Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1282 Message-Id: <20251017203830.23807-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59248152/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-17 22:46:35 +02:00
Marco Baffo	5e4c9a69ea	PUSH_UPDATE server: remove old IP(s) from vhash after sending a message containing ifconfig(-ipv6) ... When sending a PUSH_UPDATE containing an ifconfig(-ipv6) option, we must add the new IP to the multi_context vhash (hash table of the clients indexed by virtual IPs). Now in addition to adding new client IPs, old IPs are also removed from vhash, allowing for a more complete update. Change-Id: I07a8ddd9026eef64b6f5abde98702a9801616a5f Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1253 Message-Id: <20251017201916.21697-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33412.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-17 22:24:11 +02:00
Frank Lichtenheld	c4f7b418c2	win32: Change some APIs to use DWORD instead of size_t ... This is what the Win32 APIs use. Since we put static integers into this (e.g. sizeof()) this doesn't result in new conversion warnings at the caller sites. Change-Id: Ia836e3c05a868a7e8419c2bb2f547d968260783c Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1269 Message-Id: <20251013162221.2156-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59246222/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-13 18:30:07 +02:00
Frank Lichtenheld	d78ebd4b8c	test_dhcp: Start a dhcp helper functions UT ... Use extra define to allow testing code only used on Windows but not actually dependent on Windows. Change-Id: I08e50030b1b692d351509f541e5c0b03b5170615 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1267 Message-Id: <20251013154758.21695-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59246199/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-13 17:58:49 +02:00
Frank Lichtenheld	e7fdde7cb8	test_user_pass: Check fatal errors for empty username/password ... Required a fix to mock_msg to make tests of M_FATAL possible at all. This also tests some cases which arguably should throw a fatal error but do not. v2: - Suppress LeakSanitizer errors for fatal error tests. Due to aborting the function, the memory will not be cleaned up, but that is expected. v3: - Disable assert tests with MSVC. Does not seem to catch the error correctly. - Rebase on top of parallel-tests series to get AM_TESTS_ENVIRONMENT. v8: - Update srcdir handling according to master. v10: - Update mock_msg.c fatal handling to be compatible with NO_CMOCKA. Change-Id: Icabc8acf75638c86c8c395e9ffecba7a7226cd97 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/474 Message-Id: <20251010211154.2780-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59245149/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-11 11:51:27 +02:00
Marco Baffo	855094893e	PUSH_UPDATE server: check IV_PROTO before sending the message to the client ... Before sending the PUSH_UPDATE message to the client, we must verify that the client has actually sent IV_PROTO_PUSH_UPDATE to the server, declaring that it supports push-updates. Also fixed a gc_arena memory leak in one of the error paths and asserted mi->context.c2.tls_multi . Change-Id: I7c28da72be11c7efbed3068fbfc65f2959227bec Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1255 Message-Id: <20251009182855.18712-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59244566/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-10 16:34:51 +02:00
Selva Nair	f9bfd1c405	Fix PIN cache time in test_pkcs11.c ... Github: closes OpenVPN/openvpn#861 Change-Id: Ic6fd6ba676b4741da7811ffc7c9688d4673465f8 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1263 Message-Id: <20251010063934.18197-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33306.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-10 09:15:56 +02:00
Frank Lichtenheld	8f3e3de7d7	test_options_parse: Remove --wrap ... After removing --wrap from some other tests in a previous commit I got confused here myself. --wrap is really only needed when you have the original function linked in. Somehow I thought the call ordering and mocking logic needed this. But this is wrong, so no need to use --wrap here since we currently do not link any of those functions. Change-Id: I60df1e61ed89be52e9d032b5b49133a784f9811e Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1258 Message-Id: <20251008161357.5679-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59244071/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 18:18:07 +02:00
Frank Lichtenheld	5b8e0563f9	test_options_parse: Do not use uintmax_t instead of LargestIntegralType ... At least on OpenBSD it seems that uintmax_t maps to unsigned long long always, but LargestIntegralType is unsigned long. So if we have a version of cmocka.h that defines LargestIntegralType then respect that. Change-Id: I59a49696acd665d43b21e5c23f24b86c15989cd6 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1256 Message-Id: <20251008133338.23652-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243971/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 15:38:43 +02:00
Frank Lichtenheld	775488b81c	test_options_parse: Add test for read_config_string ... The <inlineopt> test discovered the issue fixed by commit "buffer: Fix buf_parse eating input". Change-Id: Icb91d9c560b6f78f16571ac3052cc566d94afe99 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1247 Message-Id: <20251008100222.4610-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243809/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 12:46:10 +02:00
Frank Lichtenheld	f5a2e2319b	buffer: Fix buf_parse eating input ... When parsing a "line" that is longer than the available line buffer, then buf_parse was eating up to 2 characters. It advanced past them but they were not part of the output. This can lead to unexpected results if buf_parse is used in a while loop on unrestricted input, like e.g. when reading configs (see in_src_get() used for check_inline_file_via_buf()). Change-Id: I3724660bf0f8336ee58c172acfb7c4f38e457393 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1246 Message-Id: <20251008103001.7696-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243829/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 12:36:18 +02:00
Frank Lichtenheld	80981cf338	test_options_parse: Start new UT for options_parse.c ... For now contains one test case for parse_line. Change-Id: I95032d2539d994abf69fc17319ed1a429c3bb948 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1244 Message-Id: <20251008101014.5691-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243816/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 12:16:47 +02:00
Marco Baffo	373178b32d	PUSH_UPDATE: disabling PUSH_UPDATE server and client if DCO is enabled ... The PUSH_UPDATE currently doesn't work with DCO. For example, in server, if a new ifconfig is sent, the DCO doesn't receive the new peer address and the connection drops. Similarly in the client when a PUSH_UPDATE is received, the tun is closed and reopened but the DCO doesn't receive the peer info. Change-Id: Ibe78949435bb2f26ad68301e2710321bf37c9486 Signed-off-by: Marco Baffo <marco@mandelbit.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1245 Message-Id: <20251008083046.27209-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243711/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-08 10:55:29 +02:00
Frank Lichtenheld	d2428900ef	unit_tests: Remove useless wrapping for argv/buffer tests ... If not using mock() or check_expected(), and not linking the original function, then there is no need for wrapping support. Change-Id: I937105abeb5e8f796bf6bbe8432972adb60b3e2a Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1243 Message-Id: <20251007185217.19381-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243508/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-07 22:16:11 +02:00
Frank Lichtenheld	0e3dd1ccba	Review CMocka assertion usage ... Replace some assert_true calls with more specific assertions. This should improve reporting in case of problems and also just makes the code nicer. Change-Id: Ia2f374476c87855bba6c0f9d3e2f28a5fe62a152 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1141 Message-Id: <20251006204118.26237-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59243096/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-06 22:50:51 +02:00
Frank Lichtenheld	9db98baf65	Make unit tests -Wconversion clean ... Only trivial problems left after the other patches have been merged. Change-Id: Iab9e780d9649d7581e5f6aa4b23e72bbed5e145b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1205 Message-Id: <20250924124154.15963-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59238128/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-24 15:11:57 +02:00
Frank Lichtenheld	3ac840942b	Enable -Wconversion -Wno-sign-conversion by default ... Grand-father all known locations of existing errors, so that -Werror builds still pass and we do not spam build logs. Still, this should give us a much better roadmap to work on these issues one by one while still enabling the warnings for a lot of code-paths. In general I did go for least amount of pragmas, so usually there is only one override per file, covering ALL of the failures in that file. While this protects a lot of code that doesn't need it, it also cut down the amount of pragmas by a lot. This does cover gcc builds including mingw and clang builds. Does not cover MSVC. Once the amount of issues has been suitable reduced more warnings could be enabled. Change-Id: Iad5b00c35a1f1993b1fa99e8b945ab17b230ef59 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1168 Message-Id: <20250924122755.14391-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33181.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-24 14:36:10 +02:00
Frank Lichtenheld	45eb7e1807	Enable a subset of -Wextra ... - Includes fixes for - -Wimplicit-fallthrough=2 (=3 is default but requires replacing all fallthrough comments) - -Wmissing-field-initializers - -Wold-style-declaration - All other warnings that would need fixes are disabled for now. Change-Id: I9ce664d073a4e6a6d433e9e6f986a5086dae8aa1 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1202 Message-Id: <20250923140854.21766-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59237558/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-23 16:11:45 +02:00
Gert Doering	2bb658c826	Fix t_net.sh / networking_testdriver after 'broadcast' change ... Commit 0df0edc49c re-introduced explicit setting of broadcast addresses for Linux IPv4 interfaces. t_net.sh verifies that the built-in netlink code (sitnl) achieves the same result as "equivalent" iproute2 statements - and we missed adjusting of these iproute2 statements (printed by networking_testdriver). Done. Change-Id: I5fea6ca1ccadb434b5c4f4b49881524a079a9d15 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1203 Message-Id: <20250922080305.18477-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59236810/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-22 10:42:27 +02:00
Frank Lichtenheld	a69aac41c4	list: Make types of hash elements consistent ... Really no use in having the indices and limits in int. Change-Id: I3334465738fb1fbf508dfd719b6a238b500cc0ae Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1119 Message-Id: <20250919173838.28092-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33108.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-20 23:33:00 +02:00
Max Fillinger	efb58abbcc	Rename Fox Crypto to Sentyron in copyright notices ... Fox Crypto has been renamed to Sentyron on September 4th 2025. See https://sentyron.com/press-release-foxcrypto-sentyron/ for the announcement. Change-Id: Ic9912627b707bf4edd4fe4bfc37b8a639feaba08 Signed-off-by: MaxF <max@max-fillinger.net> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1047 Message-Id: <20250919164440.23251-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33102.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-19 19:25:27 +02:00
Frank Lichtenheld	cc8cd31174	Introduce msglvl_t to unify msglevel type handling ... msglevel was definitely unsigned as the first argument to msg(), but many parts of the code had it as signed. So this produced a LOT of warnings when enabling -Wsign-conversion. Introduce a msglvl_t typedef and switch all users to it. This includes any values that are stored in the msglevel field, including debug level and mute level. There is one exception in struct status_output where -1 is a valid value in the API. Only positive values are translated into standard message levels. Change-Id: Id492cb774c6d022d06bb3cf5fec2a4bdd410e619 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1110 Message-Id: <20250917170428.3310-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33028.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-19 16:14:16 +02:00
Arne Schwabe	456da311da	Switch test_ssl certificate from RSA 2048 to secp384r1 ... This allow the unit test to also run in environments that have seclevel (SSL_CTX_set_security_level) set to 3. Closes: OpenVPN/openvpn#830 Change-Id: I327ecc9a85dd906517c28e71fe500883bfa028a4 Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> URL: https://gerrit.openvpn.net/c/openvpn/+/1172 Message-Id: <20250908181852.5054-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32838.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-14 15:32:59 +02:00
Frank Lichtenheld	10c42c7407	options: Factor out usages of strtoll and atoll ... This covers the cases where we actually want to allow numbers > 2^31 Change-Id: I454126b3f8fa9d14501f6c4b1ed9ce7b2904be61 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: MaxF <max@max-fillinger.net> URL: https://gerrit.openvpn.net/c/openvpn/+/1154 Message-Id: <20250911201505.25582-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32858.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-14 14:25:02 +02:00
Gert Doering	340b5b2d26	remove newline characters at the end of msg() calls ... Unlike debugging with printf(), or msg() calls do not need or want a '\n' at the end of the string. Remove those that were overlooked. Change-Id: I889b53ed72efaec546a6609491fae9715726ea00 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20250912131609.43444-1-frank@lichtenheld.com> URL: https://sourceforge.net/p/openvpn/mailman/message/59232448/ URL: https://gerrit.openvpn.net/c/openvpn/+/1180 Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-12 18:08:24 +02:00