Internal change
PiperOrigin-RevId: 474069267
Change-Id: Ifa44575765a6ac6592ceba7b458c4179391938b9
diff --git a/LICENSE b/LICENSE
index 70f0eae..d7d5077 100644
--- a/LICENSE
+++ b/LICENSE
@@ -2,7 +2,7 @@
OpenVPN (TM) -- An Open Source VPN daemon
-Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
This distribution contains multiple components, some
of which fall under different licenses. By using OpenVPN
diff --git a/Makefile.am b/Makefile.am
index 2709734..28a7ef7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,8 +5,8 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
-# Copyright (C) 2010-2021 David Sommerseth <dazo@eurephia.org>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2010-2022 David Sommerseth <dazo@eurephia.org>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
@@ -50,16 +50,23 @@
config-version.h
endif
-SUBDIRS = include src
+SUBDIRS = build distro include src sample doc tests
dist_doc_DATA = \
- README.openvpn \
+ README \
README.IPv6 \
- LICENSE
+ README.mbedtls \
+ Changes.rst \
+ COPYRIGHT.GPL \
+ COPYING
dist_noinst_DATA = \
- README.openvpn \
- README.IPv6
+ .gitignore \
+ .gitattributes \
+ PORTS \
+ README.IPv6 TODO.IPv6 \
+ README.mbedtls \
+ openvpn.sln
dist_noinst_HEADERS = \
config-msvc.h \
diff --git a/config.h b/config.h
index d25749c..836e0c3 100644
--- a/config.h
+++ b/config.h
@@ -2,7 +2,7 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Configuration settings */
-#define CONFIGURE_DEFINES "enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=no enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no"
+#define CONFIGURE_DEFINES "enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=no enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no"
/* special build string */
/* #undef CONFIGURE_SPECIAL_BUILD */
@@ -65,7 +65,6 @@
#define ENABLE_PF 1
/* Enable PKCS11 */
-/* #undef ENABLE_PKCS11 */
#define ENABLE_PKCS11 1
/* Enable plug-in support */
@@ -198,14 +197,11 @@
/* Define to 1 if you have the `EC_GROUP_order_bits' function. */
#define HAVE_EC_GROUP_ORDER_BITS 1
-/* Define to 1 if you have the `ENGINE_cleanup' function. */
-/* #undef HAVE_ENGINE_CLEANUP */
-
/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
-#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 1
+/* #undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
/* Define to 1 if you have the `ENGINE_register_all_complete' function. */
-#define HAVE_ENGINE_REGISTER_ALL_COMPLETE 1
+/* #undef HAVE_ENGINE_REGISTER_ALL_COMPLETE */
/* Define to 1 if you have the `epoll_create' function. */
#define HAVE_EPOLL_CREATE 1
@@ -216,9 +212,6 @@
/* Define to 1 if you have the <err.h> header file. */
#define HAVE_ERR_H 1
-/* Define to 1 if you have the `EVP_aes_256_gcm' function. */
-#define HAVE_EVP_AES_256_GCM 1
-
/* Define to 1 if you have the `EVP_CIPHER_CTX_reset' function. */
#define HAVE_EVP_CIPHER_CTX_RESET 1
@@ -243,9 +236,6 @@
/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */
#define HAVE_EVP_PKEY_GET0_RSA 1
-/* Define to 1 if you have the `EVP_PKEY_id' function. */
-#define HAVE_EVP_PKEY_ID 1
-
/* Define to 1 if you have the `execve' function. */
#define HAVE_EXECVE 1
@@ -348,6 +338,9 @@
/* Define to 1 if you have the <limits.h> header file. */
#define HAVE_LIMITS_H 1
+/* Define to 1 if you have the <linux/errqueue.h> header file. */
+#define HAVE_LINUX_ERRQUEUE_H 1
+
/* Define to 1 if you have the <linux/if_tun.h> header file. */
#define HAVE_LINUX_IF_TUN_H 1
@@ -543,9 +536,6 @@
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
-/* struct sock_extended_err needed for extended socket error support */
-/* #undef HAVE_SOCK_EXTENDED_ERR */
-
/* Define to 1 if you have the `SSL_CTX_get_default_passwd_cb' function. */
#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
@@ -734,10 +724,10 @@
#define OPENVPN_VERSION_MINOR 5
/* OpenVPN patch level - may be a string or integer */
-#define OPENVPN_VERSION_PATCH ".5"
+#define OPENVPN_VERSION_PATCH ".7"
/* Version in windows resource format */
-#define OPENVPN_VERSION_RESOURCE 2,5,5,0
+#define OPENVPN_VERSION_RESOURCE 2,5,7,0
/* Name of package */
#define PACKAGE "openvpn"
@@ -749,7 +739,7 @@
#define PACKAGE_NAME "OpenVPN"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "OpenVPN 2.5.5"
+#define PACKAGE_STRING "OpenVPN 2.5.7"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "openvpn"
@@ -758,7 +748,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "2.5.5"
+#define PACKAGE_VERSION "2.5.7"
/* Path separator */
#define PATH_SEPARATOR '/'
@@ -773,7 +763,7 @@
#define RETSIGTYPE void
/* Path to route tool */
-#define ROUTE_PATH "/sbin/route"
+#define ROUTE_PATH "/usr/sbin/route"
/* SIGHUP replacement */
/* #undef SIGHUP */
@@ -800,7 +790,7 @@
#define STDC_HEADERS 1
/* Path to systemd-ask-password tool */
-#define SYSTEMD_ASK_PASSWORD_PATH "/bin/systemd-ask-password"
+#define SYSTEMD_ASK_PASSWORD_PATH "/usr/bin/systemd-ask-password"
/* systemd is newer than v216 */
/* #undef SYSTEMD_NEWER_THAN_216 */
@@ -876,7 +866,7 @@
/* #undef USE_VALGRIND */
/* Version number of package */
-#define VERSION "2.5.5"
+#define VERSION "2.5.7"
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
diff --git a/configure.ac b/configure.ac
index afac22c..2f5f6bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@
dnl packet encryption, packet authentication, and
dnl packet compression.
dnl
-dnl Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+dnl Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
dnl
dnl This program is free software; you can redistribute it and/or modify
@@ -281,6 +281,18 @@
[with_crypto_library="openssl"]
)
+AC_ARG_WITH(
+ [openssl-engine],
+ [AS_HELP_STRING([--with-openssl-engine], [enable engine support with OpenSSL. Default enabled for OpenSSL < 3.0, auto,yes,no @<:@default=auto@:>@])],
+ [
+ case "${withval}" in
+ auto|yes|no) ;;
+ *) AC_MSG_ERROR([bad value ${withval} for --with-engine]) ;;
+ esac
+ ],
+ [with_openssl_engine="auto"]
+)
+
AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
if test -n "${PLUGINDIR}"; then
plugindir="${PLUGINDIR}"
@@ -440,7 +452,7 @@
unistd.h signal.h libgen.h stropts.h \
syslog.h pwd.h grp.h \
sys/sockio.h sys/uio.h linux/sockios.h \
- linux/types.h poll.h sys/epoll.h err.h \
+ linux/types.h linux/errqueue.h poll.h sys/epoll.h err.h \
])
SOCKET_INCLUDES="
@@ -502,12 +514,6 @@
[[${SOCKET_INCLUDES}]]
)
AC_CHECK_TYPE(
- [struct sock_extended_err],
- [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
- ,
- [[${SOCKET_INCLUDES}]]
-)
-AC_CHECK_TYPE(
[struct msghdr],
[AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
,
@@ -886,22 +892,44 @@
[AC_MSG_ERROR([openssl check failed])]
)
- have_openssl_engine="yes"
- AC_CHECK_FUNCS(
- [ \
+ if test "${with_openssl_engine}" = "auto"; then
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+ #include <openssl/opensslv.h>
+ ]],
+ [[
+ /* Version encoding: MNNFFPPS - see opensslv.h for details */
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #error Engine supported disabled by default in OpenSSL 3.0+
+ #endif
+ ]]
+ )],
+ [have_openssl_engine="yes"],
+ [have_openssl_engine="no"]
+ )
+ if test "${have_openssl_engine}" = "yes"; then
+ AC_CHECK_FUNCS(
+ [ \
ENGINE_load_builtin_engines \
ENGINE_register_all_complete \
- ENGINE_cleanup \
- ],
- ,
- [have_openssl_engine="no"; break]
- )
- if test "${have_openssl_engine}" = "no"; then
- AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
- [[
- #include <openssl/engine.h>
- ]]
+ ],
+ ,
+ [have_openssl_engine="no"; break]
)
+ fi
+ else
+ have_openssl_engine="${with_openssl_engine}"
+ if test "${have_openssl_engine}" = "yes"; then
+ AC_CHECK_FUNCS(
+ [ \
+ ENGINE_load_builtin_engines \
+ ENGINE_register_all_complete \
+ ],
+ ,
+ [AC_MSG_ERROR([OpenSSL engine support not found])]
+ )
+ fi
fi
if test "${have_openssl_engine}" = "yes"; then
AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
@@ -1422,12 +1450,33 @@
AC_CONFIG_FILES([
version.sh
Makefile
+ build/Makefile
+ build/msvc/Makefile
+ build/msvc/msvc-generate/Makefile
+ distro/Makefile
+ distro/systemd/Makefile
+ doc/Makefile
+ doc/doxygen/Makefile
+ doc/doxygen/openvpn.doxyfile
include/Makefile
+ sample/sample-plugins/Makefile
src/Makefile
src/compat/Makefile
src/openvpn/Makefile
+ src/openvpnmsica/Makefile
+ src/openvpnserv/Makefile
src/plugins/Makefile
+ src/plugins/auth-pam/Makefile
src/plugins/down-root/Makefile
src/tapctl/Makefile
+ tests/Makefile
+ tests/unit_tests/Makefile
+ tests/unit_tests/example_test/Makefile
+ tests/unit_tests/openvpn/Makefile
+ tests/unit_tests/plugins/Makefile
+ tests/unit_tests/plugins/auth-pam/Makefile
+ tests/unit_tests/engine-key/Makefile
+ sample/Makefile
])
+AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])
AC_OUTPUT
diff --git a/include/Makefile.am b/include/Makefile.am
index bd4f21d..3a4870f 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
diff --git a/include/openvpn-msg.h b/include/openvpn-msg.h
index 83344ee..b16577c 100644
--- a/include/openvpn-msg.h
+++ b/include/openvpn-msg.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2013-2021 Heiko Hund <heiko.hund@sophos.com>
+ * Copyright (C) 2013-2022 Heiko Hund <heiko.hund@sophos.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h
index 8f5f92f..533411f 100644
--- a/include/openvpn-plugin.h
+++ b/include/openvpn-plugin.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
index 7ee68bb..6b71208 100644
--- a/include/openvpn-plugin.h.in
+++ b/include/openvpn-plugin.h.in
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/patches/series b/patches/series
index c79e662..f7b5bd2 100644
--- a/patches/series
+++ b/patches/series
@@ -1,4 +1,3 @@
remove_autoconf_vars.patch
add_missing_licenses.patch
fix_long_password.patch
-cleanup_makefiles.patch
diff --git a/src/Makefile.am b/src/Makefile.am
index f89325e..40bcda2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,11 +5,11 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
-SUBDIRS = compat openvpn plugins
+SUBDIRS = compat openvpn openvpnmsica openvpnserv plugins tapctl
diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am
index c985679..522797e 100644
--- a/src/compat/Makefile.am
+++ b/src/compat/Makefile.am
@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
diff --git a/src/compat/PropertySheet.props b/src/compat/PropertySheet.props
index 4f94b97..57f6995 100644
--- a/src/compat/PropertySheet.props
+++ b/src/compat/PropertySheet.props
@@ -1,14 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ImportGroup Label="PropertySheets" />
- <PropertyGroup Label="UserMacros">
- <SOURCEBASE>$(SolutionDir)</SOURCEBASE>
- <OPENVPN_DEPROOT>$(SOURCEBASE)\..\openvpn-build\msvc\image$(PlatformArchitecture)</OPENVPN_DEPROOT>
- <OPENSSL_HOME>$(OPENVPN_DEPROOT)</OPENSSL_HOME>
- <TAP_WINDOWS_HOME>$(OPENVPN_DEPROOT)</TAP_WINDOWS_HOME>
- <LZO_HOME>$(OPENVPN_DEPROOT)</LZO_HOME>
- <PKCS11H_HOME>$(OPENVPN_DEPROOT)</PKCS11H_HOME>
- </PropertyGroup>
+ <PropertyGroup Label="UserMacros" />
<PropertyGroup>
<OutDir>$(SolutionDir)$(Platform)-Output\$(Configuration)\</OutDir>
<_PropertySheetDisplayName>compat</_PropertySheetDisplayName>
@@ -17,38 +10,19 @@
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<PreprocessorDefinitions>WIN32;$(CPPFLAGS);%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>$(SOURCEBASE);$(SOURCEBASE)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
+ <ResourceCompile />
<ResourceCompile>
- <AdditionalIncludeDirectories>$(SOURCEBASE);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SOLUTIONDIR)</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemGroup>
- <BuildMacro Include="SOURCEBASE">
- <Value>$(SOURCEBASE)</Value>
- <EnvironmentVariable>true</EnvironmentVariable>
- </BuildMacro>
- <BuildMacro Include="OPENVPN_DEPROOT">
- <Value>$(OPENVPN_DEPROOT)</Value>
- <EnvironmentVariable>true</EnvironmentVariable>
- </BuildMacro>
- <BuildMacro Include="OPENSSL_HOME">
- <Value>$(OPENSSL_HOME)</Value>
- <EnvironmentVariable>true</EnvironmentVariable>
- </BuildMacro>
- <BuildMacro Include="TAP_WINDOWS_HOME">
- <Value>$(TAP_WINDOWS_HOME)</Value>
- <EnvironmentVariable>true</EnvironmentVariable>
- </BuildMacro>
- <BuildMacro Include="LZO_HOME">
- <Value>$(LZO_HOME)</Value>
- <EnvironmentVariable>true</EnvironmentVariable>
- </BuildMacro>
- <BuildMacro Include="PKCS11H_HOME">
- <Value>$(PKCS11H_HOME)</Value>
+ <BuildMacro Include="SOLUTIONDIR">
+ <Value>$(SOLUTIONDIR)</Value>
<EnvironmentVariable>true</EnvironmentVariable>
</BuildMacro>
</ItemGroup>
diff --git a/src/compat/compat-gettimeofday.c b/src/compat/compat-gettimeofday.c
index 8ce586b..30ed162 100644
--- a/src/compat/compat-gettimeofday.c
+++ b/src/compat/compat-gettimeofday.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/compat/compat-strsep.c b/src/compat/compat-strsep.c
index 7a6e6b3..760573a 100644
--- a/src/compat/compat-strsep.c
+++ b/src/compat/compat-strsep.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2019-2021 Arne Schwabe <arne@rfc2549.org>
+ * Copyright (C) 2019-2022 Arne Schwabe <arne@rfc2549.org>
* Copyright (C) 1992-2019 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index f76eb18..2c52200 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -5,11 +5,11 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
-include $(top_srcdir)/ltrc.inc
+include $(top_srcdir)/build/ltrc.inc
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index 2c61e66..f1542a4 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/argv.h b/src/openvpn/argv.h
index 1b02714..138f6bd 100644
--- a/src/openvpn/argv.h
+++ b/src/openvpn/argv.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c
index 0ea6d18..37af660 100644
--- a/src/openvpn/auth_token.c
+++ b/src/openvpn/auth_token.c
@@ -87,6 +87,7 @@
default:
/* Silence compiler warning, all four possible combinations are covered */
+ state = NULL;
ASSERT(0);
}
}
@@ -260,7 +261,7 @@
ASSERT(buf_write(&token, ×tamp, sizeof(timestamp)));
ASSERT(buf_write(&token, hmac_output, sizeof(hmac_output)));
- char *b64output;
+ char *b64output = NULL;
openvpn_base64_encode(BPTR(&token), BLEN(&token), &b64output);
struct buffer session_token = alloc_buf_gc(
diff --git a/src/openvpn/auth_token.h b/src/openvpn/auth_token.h
index 73a00dd..0fa4dba 100644
--- a/src/openvpn/auth_token.h
+++ b/src/openvpn/auth_token.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/basic.h b/src/openvpn/basic.h
index 6372e62..f33ce87 100644
--- a/src/openvpn/basic.h
+++ b/src/openvpn/basic.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/block_dns.c b/src/openvpn/block_dns.c
index b2af457..88e933f 100644
--- a/src/openvpn/block_dns.c
+++ b/src/openvpn/block_dns.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* 2015-2016 <iam@valdikss.org.ru>
* 2016 Selva Nair <selva.nair@gmail.com>
*
diff --git a/src/openvpn/block_dns.h b/src/openvpn/block_dns.h
index 78e5e5d..b937a92 100644
--- a/src/openvpn/block_dns.h
+++ b/src/openvpn/block_dns.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2021 Selva Nair <selva.nair@gmail.com>
+ * Copyright (C) 2016-2022 Selva Nair <selva.nair@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 54e758a..e422ab7 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 1a795d2..94d63b7 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/circ_list.h b/src/openvpn/circ_list.h
index d9fd2e2..225dfae 100644
--- a/src/openvpn/circ_list.h
+++ b/src/openvpn/circ_list.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c
index 2dd55f5..1f27223 100644
--- a/src/openvpn/clinat.c
+++ b/src/openvpn/clinat.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h
index a7725f1..0135c5e 100644
--- a/src/openvpn/clinat.h
+++ b/src/openvpn/clinat.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index e1a2cde..f36df3e 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 3cb427e..620c1f4 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -5,8 +5,8 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2013-2021 Gert Doering <gert@greenie.muc.de>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2013-2022 Gert Doering <gert@greenie.muc.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/comp-lz4.h b/src/openvpn/comp-lz4.h
index f02d46f..827253d 100644
--- a/src/openvpn/comp-lz4.h
+++ b/src/openvpn/comp-lz4.h
@@ -5,8 +5,8 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2013-2021 Gert Doering <gert@greenie.muc.de>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2013-2022 Gert Doering <gert@greenie.muc.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c
index 72b1511..fbc920b 100644
--- a/src/openvpn/comp.c
+++ b/src/openvpn/comp.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h
index dfd70bb..94f3fa7 100644
--- a/src/openvpn/comp.h
+++ b/src/openvpn/comp.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/compstub.c b/src/openvpn/compstub.c
index a65e8ea..8adf508 100644
--- a/src/openvpn/compstub.c
+++ b/src/openvpn/compstub.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/console.c b/src/openvpn/console.c
index 9bf9ef1..6ee179f 100644
--- a/src/openvpn/console.c
+++ b/src/openvpn/console.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com>
- * Copyright (C) 2016-2021 David Sommerseth <davids@openvpn.net>
+ * Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/console.h b/src/openvpn/console.h
index 2994c23..97d5ae8 100644
--- a/src/openvpn/console.h
+++ b/src/openvpn/console.h
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com>
- * Copyright (C) 2016-2021 David Sommerseth <davids@openvpn.net>
+ * Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index 3a977ee..b00594e 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com>
- * Copyright (C) 2016-2021 David Sommerseth <davids@openvpn.net>
+ * Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 6945cc0..6e2e235 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 93c33c1..ffb4469 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index b5e3bd9..a9bb38e 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -78,6 +78,21 @@
*/
void crypto_init_lib_engine(const char *engine_name);
+
+/**
+ * Load the given (OpenSSL) providers
+ * @param provider name of providers to load
+ * @return reference to the loaded provider
+ */
+provider_t *crypto_load_provider(const char *provider);
+
+/**
+ * Unloads the given (OpenSSL) provider
+ * @param provname name of the provider to unload
+ * @param provider pointer to the provider to unload
+ */
+void crypto_unload_provider(const char *provname, provider_t *provider);
+
#ifdef DMALLOC
/*
* OpenSSL memory debugging. If dmalloc debugging is enabled, tell
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 8f0a283..0008152 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -69,6 +69,19 @@
"available");
}
+provider_t *crypto_load_provider(const char *provider)
+{
+ if (provider)
+ {
+ msg(M_WARN, "Note: mbed TLS provider functionality is not available");
+ }
+ return NULL;
+}
+
+void crypto_unload_provider(const char *provname, provider_t *provider)
+{
+}
+
/*
*
* Functions related to the core crypto library
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index 019de01..14614a1 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -48,6 +48,9 @@
/** Generic HMAC %context. */
typedef mbedtls_md_context_t hmac_ctx_t;
+/* Use a dummy type for the provider */
+typedef void provider_t;
+
/** Maximum length of an IV */
#define OPENVPN_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index ef52092..7a05a35 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -51,6 +51,10 @@
#include <openssl/rand.h>
#include <openssl/ssl.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
+
#if defined(_WIN32) && defined(OPENSSL_NO_EC)
#error Windows build with OPENSSL_NO_EC: disabling EC key is not supported.
#endif
@@ -145,6 +149,34 @@
#endif
}
+provider_t *
+crypto_load_provider(const char *provider)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ /* Load providers into the default (NULL) library context */
+ OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, provider);
+ if (!prov)
+ {
+ crypto_msg(M_FATAL, "failed to load provider '%s'", provider);
+ }
+ return prov;
+#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ msg(M_WARN, "Note: OpenSSL provider functionality is not available");
+ return NULL;
+#endif
+}
+
+void
+crypto_unload_provider(const char *provname, provider_t *provider)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (!OSSL_PROVIDER_unload(provider))
+ {
+ crypto_msg(M_FATAL, "failed to unload provider '%s'", provname);
+ }
+#endif
+}
+
/*
*
* Functions related to the core crypto library
@@ -308,7 +340,11 @@
|| cipher_kt_mode_aead(cipher)
))
{
- cipher_list[num_ciphers++] = cipher;
+ /* Check explicit availibility (for OpenSSL 3.0) */
+ if (cipher_kt_get(cipher_kt_name(cipher)))
+ {
+ cipher_list[num_ciphers++] = cipher;
+ }
}
if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
{
@@ -341,6 +377,13 @@
}
void
+print_digest(EVP_MD *digest, void *unused)
+{
+ printf("%s %d bit digest size\n", md_kt_name(digest),
+ EVP_MD_size(digest) * 8);
+}
+
+void
show_available_digests(void)
{
int nid;
@@ -353,16 +396,21 @@
"the --auth option.\n\n");
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_MD_do_all_provided(NULL, print_digest, NULL);
+#else
for (nid = 0; nid < 10000; ++nid)
{
const EVP_MD *digest = EVP_get_digestbynid(nid);
if (digest)
{
- printf("%s %d bit digest size\n",
- OBJ_nid2sn(nid), EVP_MD_size(digest) * 8);
+ /* We cast the const away so we can keep the function prototype
+ * compatible with EVP_MD_do_all_provided */
+ print_digest((EVP_MD *)digest, NULL);
}
}
printf("\n");
+#endif
}
void
@@ -593,6 +641,19 @@
ciphername = translate_cipher_name_from_openvpn(ciphername);
cipher = EVP_get_cipherbyname(ciphername);
+ /* This is a workaround for OpenSSL 3.0 to infer if the cipher is valid
+ * without doing all the refactoring that OpenVPN 2.6 has. This will
+ * not support custom algorithm from providers but at least ignore
+ * algorithms that are not available without providers (legacy) */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_CIPHER *tmpcipher = EVP_CIPHER_fetch(NULL, ciphername, NULL);
+ if (!tmpcipher)
+ {
+ cipher = NULL;
+ }
+ EVP_CIPHER_free(tmpcipher);
+#endif
+
if (NULL == cipher)
{
crypto_msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
@@ -893,6 +954,20 @@
const EVP_MD *md = NULL;
ASSERT(digest);
md = EVP_get_digestbyname(digest);
+
+ /* This is a workaround for OpenSSL 3.0 to infer if the digest is valid
+ * without doing all the refactoring that OpenVPN 2.6 has. This will
+ * not support custom algorithm from providers but at least ignore
+ * algorithms that are not available without providers (legacy) */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_MD *tmpmd = EVP_MD_fetch(NULL, digest, NULL);
+ if (!tmpmd)
+ {
+ md = NULL;
+ }
+ EVP_MD_free(tmpmd);
+#endif
+
if (!md)
{
crypto_msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
@@ -907,6 +982,28 @@
return md;
}
+/* Since we used the OpenSSL <=1.1 names as part of our OCC message, they
+ * are now unfortunately part of our wire protocol.
+ *
+ * OpenSSL 3.0 will still accept the "old" names so we do not need to use
+ * this translation table for forward lookup, only for returning the name
+ * with md_kt_name() */
+const cipher_name_pair digest_name_translation_table[] = {
+ { "BLAKE2s256", "BLAKE2S-256"},
+ { "BLAKE2b512", "BLAKE2B-512"},
+ { "RIPEMD160", "RIPEMD-160" },
+ { "SHA224", "SHA2-224"},
+ { "SHA256", "SHA2-256"},
+ { "SHA384", "SHA2-384"},
+ { "SHA512", "SHA2-512"},
+ { "SHA512-224", "SHA2-512/224"},
+ { "SHA512-256", "SHA2-512/256"},
+ { "SHAKE128", "SHAKE-128"},
+ { "SHAKE256", "SHAKE-256"},
+};
+const size_t digest_name_translation_table_count =
+ sizeof(digest_name_translation_table) / sizeof(*digest_name_translation_table);
+
const char *
md_kt_name(const EVP_MD *kt)
{
@@ -914,7 +1011,20 @@
{
return "[null-digest]";
}
- return EVP_MD_name(kt);
+
+ const char *name = EVP_MD_name(kt);
+
+ /* Search for a digest name translation */
+ for (size_t i = 0; i < digest_name_translation_table_count; i++)
+ {
+ const cipher_name_pair *pair = &digest_name_translation_table[i];
+ if (!strcmp(name, pair->lib_name))
+ {
+ name = pair->openvpn_name;
+ }
+ }
+
+ return name;
}
unsigned char
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index 59a31aa..9bb58ad 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -33,6 +33,10 @@
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
+
/** Generic cipher key type %context. */
typedef EVP_CIPHER cipher_kt_t;
@@ -49,6 +53,13 @@
/** Generic HMAC %context. */
typedef HMAC_CTX hmac_ctx_t;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+/* Use a dummy type for the provider */
+typedef void provider_t;
+#else
+typedef OSSL_PROVIDER provider_t;
+#endif
+
/** Maximum length of an IV */
#define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index 47fe733..b127425 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/dhcp.h b/src/openvpn/dhcp.h
index b2fe8a5..65fecf7 100644
--- a/src/openvpn/dhcp.h
+++ b/src/openvpn/dhcp.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/env_set.c b/src/openvpn/env_set.c
index a410388..12d8364 100644
--- a/src/openvpn/env_set.c
+++ b/src/openvpn/env_set.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com>
- * Copyright (C) 2016-2021 David Sommerseth <davids@openvpn.net>
+ * Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/env_set.h b/src/openvpn/env_set.h
index f73dea6..81e3998 100644
--- a/src/openvpn/env_set.h
+++ b/src/openvpn/env_set.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
index 4131cf0..13cd9ef 100644
--- a/src/openvpn/errlevel.h
+++ b/src/openvpn/errlevel.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index 10be3e0..7fbda84 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -220,6 +220,18 @@
va_end(arglist);
}
+static const char*
+openvpn_strerror(int err, bool crt_error, struct gc_arena *gc)
+{
+#ifdef _WIN32
+ if (!crt_error)
+ {
+ return strerror_win32(err, gc);
+ }
+#endif
+ return strerror(err);
+}
+
void
x_msg_va(const unsigned int flags, const char *format, va_list arglist)
{
@@ -244,7 +256,8 @@
}
#endif
- e = openvpn_errno();
+ bool crt_error = false;
+ e = openvpn_errno_maybe_crt(&crt_error);
/*
* Apply muting filter.
@@ -268,7 +281,7 @@
if ((flags & M_ERRNO) && e)
{
openvpn_snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)",
- m1, strerror(e), e);
+ m1, openvpn_strerror(e, crt_error, &gc), e);
SWAP;
}
@@ -649,7 +662,6 @@
struct link_socket *sock,
struct tuntap *tt)
{
- const int my_errno = openvpn_errno();
const char *extended_msg = NULL;
msg(x_cs_verbose_level, "%s %s returned %d",
@@ -672,26 +684,32 @@
sock->info.mtu_changed = true;
}
}
-#elif defined(_WIN32)
+#endif /* EXTENDED_SOCKET_ERROR_CAPABILITY */
+
+#ifdef _WIN32
/* get possible driver error from TAP-Windows driver */
if (tuntap_defined(tt))
{
extended_msg = tap_win_getinfo(tt, &gc);
}
#endif
- if (!ignore_sys_error(my_errno))
+
+ bool crt_error = false;
+ int my_errno = openvpn_errno_maybe_crt(&crt_error);
+
+ if (!ignore_sys_error(my_errno, crt_error))
{
if (extended_msg)
{
msg(x_cs_info_level, "%s %s [%s]: %s (code=%d)", description,
sock ? proto2ascii(sock->info.proto, sock->info.af, true) : "",
- extended_msg, strerror(my_errno), my_errno);
+ extended_msg, openvpn_strerror(my_errno, crt_error, &gc), my_errno);
}
else
{
msg(x_cs_info_level, "%s %s: %s (code=%d)", description,
sock ? proto2ascii(sock->info.proto, sock->info.af, true) : "",
- strerror(my_errno), my_errno);
+ openvpn_strerror(my_errno, crt_error, &gc), my_errno);
}
if (x_cs_err_delay_ms)
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index bd15282..fc878a5 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -71,13 +71,10 @@
/* String and Error functions */
#ifdef _WIN32
-#define openvpn_errno() GetLastError()
-#define openvpn_strerror(e, gc) strerror_win32(e, gc)
+#define openvpn_errno() GetLastError()
const char *strerror_win32(DWORD errnum, struct gc_arena *gc);
-
#else
-#define openvpn_errno() errno
-#define openvpn_strerror(x, gc) strerror(x)
+#define openvpn_errno() errno
#endif
/*
@@ -363,20 +360,22 @@
* which can be safely ignored.
*/
static inline bool
-ignore_sys_error(const int err)
+ignore_sys_error(const int err, bool crt_error)
{
- /* I/O operation pending */
#ifdef _WIN32
- if (err == WSAEWOULDBLOCK || err == WSAEINVAL)
+ if (!crt_error && ((err == WSAEWOULDBLOCK || err == WSAEINVAL)))
{
return true;
}
#else
- if (err == EAGAIN)
+ crt_error = true;
+#endif
+
+ /* I/O operation pending */
+ if (crt_error && (err == EAGAIN))
{
return true;
}
-#endif
#if 0 /* if enabled, suppress ENOBUFS errors */
#ifdef ENOBUFS
@@ -398,6 +397,26 @@
return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err;
}
+static inline int
+openvpn_errno_maybe_crt(bool *crt_error)
+{
+ int err = 0;
+ *crt_error = false;
+#ifdef _WIN32
+ err = GetLastError();
+ if (err == ERROR_SUCCESS)
+ {
+ /* error is likely C runtime */
+ *crt_error = true;
+ err = errno;
+ }
+#else
+ *crt_error = true;
+ err = errno;
+#endif
+ return err;
+}
+
#include "errlevel.h"
#endif /* ifndef ERROR_H */
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index fcddeb1..40bb36e 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/event.h b/src/openvpn/event.h
index 5b6647f..9eff847 100644
--- a/src/openvpn/event.h
+++ b/src/openvpn/event.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/fdmisc.c b/src/openvpn/fdmisc.c
index 729bdb3..0b3fa5d 100644
--- a/src/openvpn/fdmisc.c
+++ b/src/openvpn/fdmisc.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/fdmisc.h b/src/openvpn/fdmisc.h
index 86957f0..d55150c 100644
--- a/src/openvpn/fdmisc.h
+++ b/src/openvpn/fdmisc.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 042ba9e..de80dcf 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -1676,7 +1676,14 @@
}
/* for unreachable network and "connecting" state switch to the next host */
- if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi
+
+ bool unreachable = error_code ==
+#ifdef _WIN32
+ WSAENETUNREACH;
+#else
+ ENETUNREACH;
+#endif
+ if (size < 0 && unreachable && c->c2.tls_multi
&& !tls_initial_packet_received(c->c2.tls_multi) && c->options.mode == MODE_POINT_TO_POINT)
{
msg(M_INFO, "Network unreachable, restarting");
diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
index 5585366..5d937ee 100644
--- a/src/openvpn/forward.h
+++ b/src/openvpn/forward.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c
index 4f8bd0f..b70e610 100644
--- a/src/openvpn/fragment.c
+++ b/src/openvpn/fragment.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h
index 6815446..0d330bc 100644
--- a/src/openvpn/fragment.h
+++ b/src/openvpn/fragment.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index 23ce3f0..9c9dfbd 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/gremlin.h b/src/openvpn/gremlin.h
index 52f65ac..b75ae7e 100644
--- a/src/openvpn/gremlin.h
+++ b/src/openvpn/gremlin.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
index ebb5142..ff49286 100644
--- a/src/openvpn/helper.c
+++ b/src/openvpn/helper.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/helper.h b/src/openvpn/helper.h
index 084bf38..0f0d0f1 100644
--- a/src/openvpn/helper.h
+++ b/src/openvpn/helper.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index 26b0ed1..3c518b0 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/httpdigest.h b/src/openvpn/httpdigest.h
index 75c465b..b3909a6 100644
--- a/src/openvpn/httpdigest.h
+++ b/src/openvpn/httpdigest.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 27c6cac..da4d60a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/init.h b/src/openvpn/init.h
index 52581f8..0c5a2e9 100644
--- a/src/openvpn/init.h
+++ b/src/openvpn/init.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h
index 0761475..88c3711 100644
--- a/src/openvpn/integer.h
+++ b/src/openvpn/integer.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index d06b6e5..2f0fc42 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/interval.h b/src/openvpn/interval.h
index 3ba197c..f58bfac 100644
--- a/src/openvpn/interval.h
+++ b/src/openvpn/interval.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/list.c b/src/openvpn/list.c
index c453726..7e4e808 100644
--- a/src/openvpn/list.c
+++ b/src/openvpn/list.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/list.h b/src/openvpn/list.h
index 0435414..e66f605 100644
--- a/src/openvpn/list.h
+++ b/src/openvpn/list.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c
index 3ddbebb..ee67718 100644
--- a/src/openvpn/lladdr.c
+++ b/src/openvpn/lladdr.c
@@ -13,6 +13,7 @@
#include "misc.h"
#include "run_command.h"
#include "lladdr.h"
+#include "proto.h"
int
set_lladdr(openvpn_net_ctx_t *ctx, const char *ifname, const char *lladdr,
@@ -26,7 +27,7 @@
}
#if defined(TARGET_LINUX)
- uint8_t addr[ETH_ALEN];
+ uint8_t addr[OPENVPN_ETH_ALEN];
sscanf(lladdr, MAC_FMT, MAC_SCAN_ARG(addr));
r = (net_addr_ll_set(ctx, ifname, addr) == 0);
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index 0188814..da28ecb 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/lzo.h b/src/openvpn/lzo.h
index d19d602..d0430d2 100644
--- a/src/openvpn/lzo.h
+++ b/src/openvpn/lzo.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index c831f8a..1511fd8 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -1029,8 +1029,8 @@
}
else
{
- msg(M_CLIENT, "SUCCESS: client-pending-auth command failed."
- " Extra paramter might be too long");
+ msg(M_CLIENT, "ERROR: client-pending-auth command failed."
+ " Extra parameter might be too long");
}
}
else
@@ -2082,9 +2082,10 @@
static bool
man_io_error(struct management *man, const char *prefix)
{
- const int err = openvpn_errno();
+ bool crt_error = false;
+ int err = openvpn_errno_maybe_crt(&crt_error);
- if (!ignore_sys_error(err))
+ if (!ignore_sys_error(err, crt_error))
{
struct gc_arena gc = gc_new();
msg(D_MANAGEMENT, "MANAGEMENT: TCP %s error: %s", prefix,
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 3c9028f..86e727f 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index 1032f23..4c62fcf 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mbuf.h b/src/openvpn/mbuf.h
index ea2bfe3..cd9b339 100644
--- a/src/openvpn/mbuf.h
+++ b/src/openvpn/mbuf.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/memdbg.h b/src/openvpn/memdbg.h
index 69aac00..e7dd789 100644
--- a/src/openvpn/memdbg.h
+++ b/src/openvpn/memdbg.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 046d937..dceccd2 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2014-2015 David Sommerseth <davids@redhat.com>
- * Copyright (C) 2016-2021 David Sommerseth <davids@openvpn.net>
+ * Copyright (C) 2016-2022 David Sommerseth <davids@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index ef94ca1..570e473 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index 4e76fb0..851047d 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h
index 8f7e092..3210ac2 100644
--- a/src/openvpn/mroute.h
+++ b/src/openvpn/mroute.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index aa5b68c..94ae52b 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mss.h b/src/openvpn/mss.h
index 41254e2..fa29bf1 100644
--- a/src/openvpn/mss.h
+++ b/src/openvpn/mss.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mstats.c b/src/openvpn/mstats.c
index 1051e80..dd252d2 100644
--- a/src/openvpn/mstats.c
+++ b/src/openvpn/mstats.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mstats.h b/src/openvpn/mstats.h
index 0f710db..a66700d 100644
--- a/src/openvpn/mstats.h
+++ b/src/openvpn/mstats.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 2b40ae8..bb62ebc 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mtcp.h b/src/openvpn/mtcp.h
index 716939a..4f3fb26 100644
--- a/src/openvpn/mtcp.h
+++ b/src/openvpn/mtcp.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 3200a37..5e2f3a6 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index d0df0ef..b24ef51 100644
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index d5459f8..d9c6efb 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h
index 2e071c2..ea89b2c 100644
--- a/src/openvpn/mudp.h
+++ b/src/openvpn/mudp.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 66f5ada..752cfd8 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
index 721b24f..2da6353 100644
--- a/src/openvpn/multi.h
+++ b/src/openvpn/multi.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h
index d43979f..4e7610e 100644
--- a/src/openvpn/networking.h
+++ b/src/openvpn/networking.h
@@ -1,7 +1,7 @@
/*
* Generic interface to platform specific networking code
*
- * Copyright (C) 2016-2021 Antonio Quartulli <a@unstable.cc>
+ * Copyright (C) 2016-2022 Antonio Quartulli <a@unstable.cc>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c
index 67b8894..db0f550 100644
--- a/src/openvpn/networking_iproute2.c
+++ b/src/openvpn/networking_iproute2.c
@@ -1,7 +1,7 @@
/*
* Networking API implementation for iproute2
*
- * Copyright (C) 2018-2021 Antonio Quartulli <a@unstable.cc>
+ * Copyright (C) 2018-2022 Antonio Quartulli <a@unstable.cc>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -105,7 +105,7 @@
iproute_path, MAC_PRINT_ARG(addr), iface);
argv_msg(M_INFO, &argv);
- if (!openvpn_execve_check(&argv, ctx->es, M_WARN,
+ if (!openvpn_execve_check(&argv, ctx->es, 0,
"Linux ip link set addr failed"))
{
ret = -1;
diff --git a/src/openvpn/networking_iproute2.h b/src/openvpn/networking_iproute2.h
index 8a1ab3a..5f0c2ce 100644
--- a/src/openvpn/networking_iproute2.h
+++ b/src/openvpn/networking_iproute2.h
@@ -1,7 +1,7 @@
/*
* Generic interface to platform specific networking code
*
- * Copyright (C) 2016-2021 Antonio Quartulli <a@unstable.cc>
+ * Copyright (C) 2016-2022 Antonio Quartulli <a@unstable.cc>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c
index 8610e1d..515a30d 100644
--- a/src/openvpn/networking_sitnl.c
+++ b/src/openvpn/networking_sitnl.c
@@ -1,7 +1,7 @@
/*
* Simplified Interface To NetLink
*
- * Copyright (C) 2016-2021 Antonio Quartulli <a@unstable.cc>
+ * Copyright (C) 2016-2022 Antonio Quartulli <a@unstable.cc>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -32,6 +32,7 @@
#include "buffer.h"
#include "misc.h"
#include "networking.h"
+#include "proto.h"
#include <errno.h>
#include <string.h>
@@ -748,7 +749,7 @@
req.i.ifi_family = AF_PACKET;
req.i.ifi_index = ifindex;
- SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, ETH_ALEN);
+ SITNL_ADDATTR(&req.n, sizeof(req), IFLA_ADDRESS, addr, OPENVPN_ETH_ALEN);
msg(M_INFO, "%s: lladdr " MAC_FMT " for %s", __func__, MAC_PRINT_ARG(addr),
iface);
diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h
index f040020..afd320c 100644
--- a/src/openvpn/networking_sitnl.h
+++ b/src/openvpn/networking_sitnl.h
@@ -1,7 +1,7 @@
/*
* Generic interface to platform specific networking code
*
- * Copyright (C) 2016-2021 Antonio Quartulli <a@unstable.cc>
+ * Copyright (C) 2016-2022 Antonio Quartulli <a@unstable.cc>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 3a2bcab..9051059 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h
index 067a658..f768348 100644
--- a/src/openvpn/occ.h
+++ b/src/openvpn/occ.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 3819d4c..0fc51d5 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
index 0ac9614..1cd8f1b 100644
--- a/src/openvpn/openvpn.c
+++ b/src/openvpn/openvpn.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -105,6 +105,33 @@
#undef PROCESS_SIGNAL_P2P
+void init_early(struct context *c)
+{
+ net_ctx_init(c, &c->net_ctx);
+
+ /* init verbosity and mute levels */
+ init_verb_mute(c, IVM_LEVEL_1);
+
+ /* Initialise OpenSSL provider, this needs to be initialised this
+ * early since option post-processing and also openssl info
+ * printing depends on it */
+ for (int j=1; j < MAX_PARMS && c->options.providers.names[j]; j++)
+ {
+ c->options.providers.providers[j] =
+ crypto_load_provider(c->options.providers.names[j]);
+ }
+}
+
+static void uninit_early(struct context *c)
+{
+ net_ctx_free(&c->net_ctx);
+ for (int j=1; j < MAX_PARMS && c->options.providers.providers[j]; j++)
+ {
+ crypto_unload_provider(c->options.providers.names[j],
+ c->options.providers.providers[j]);
+ }
+ net_ctx_free(&c->net_ctx);
+}
/**************************************************************************/
/**
@@ -193,10 +220,9 @@
open_plugins(&c, true, OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE);
#endif
- net_ctx_init(&c, &c.net_ctx);
-
- /* init verbosity and mute levels */
- init_verb_mute(&c, IVM_LEVEL_1);
+ /* Early initialisation that need to happen before option
+ * post processing and other early startup but after parsing */
+ init_early(&c);
/* set dev options */
init_options_dev(&c.options);
@@ -308,7 +334,7 @@
env_set_destroy(c.es);
uninit_options(&c.options);
gc_reset(&c.gc);
- net_ctx_free(&c.net_ctx);
+ uninit_early(&c);
}
while (c.sig->signal_received == SIGHUP);
}
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index ce0cd98..db08fdd 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -307,7 +307,7 @@
/* --inactive */
struct event_timeout inactivity_interval;
- int inactivity_bytes;
+ int64_t inactivity_bytes;
/* the option strings must match across peers */
char *options_string_local;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f3d4e24..4a900a2 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -5,8 +5,8 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2008-2021 David Sommerseth <dazo@eurephia.org>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2008-2022 David Sommerseth <dazo@eurephia.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -125,9 +125,11 @@
"--remote-random-hostname : Add a random string to remote DNS name.\n"
"--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"
"--proto p : Use protocol p for communicating with peer.\n"
- " p = udp (default), tcp-server, or tcp-client\n"
+ " p = udp (default), tcp-server, tcp-client\n"
+ " udp4, tcp4-server, tcp4-client\n"
+ " udp6, tcp6-server, tcp6-client\n"
"--proto-force p : only consider protocol p in list of connection profiles.\n"
- " p = udp6, tcp6-server, or tcp6-client (ipv6)\n"
+ " p = udp or tcp\n"
"--connect-retry n [m] : For client, number of seconds to wait between\n"
" connection retries (default=%d). On repeated retries\n"
" the wait time is exponentially increased to a maximum of m\n"
@@ -600,6 +602,7 @@
" : Use --show-tls to see a list of supported TLS ciphers (suites).\n"
"--tls-cert-profile p : Set the allowed certificate crypto algorithm profile\n"
" (default=legacy).\n"
+ "--providers l : A list l of OpenSSL providers to load.\n"
"--tls-timeout n : Packet retransmit timeout on TLS control channel\n"
" if no ACK from remote within n seconds (default=%d).\n"
"--reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd.\n"
@@ -960,6 +963,7 @@
"'%s'")
#define SHOW_INT(var) SHOW_PARM(var, o->var, "%d")
#define SHOW_UINT(var) SHOW_PARM(var, o->var, "%u")
+#define SHOW_INT64(var) SHOW_PARM(var, o->var, "%" PRIi64)
#define SHOW_UNSIGNED(var) SHOW_PARM(var, o->var, "0x%08x")
#define SHOW_BOOL(var) SHOW_PARM(var, (o->var ? "ENABLED" : "DISABLED"), "%s");
@@ -1576,6 +1580,7 @@
SHOW_INT(keepalive_ping);
SHOW_INT(keepalive_timeout);
SHOW_INT(inactivity_timeout);
+ SHOW_INT64(inactivity_minimum_bytes);
SHOW_INT(ping_send_timeout);
SHOW_INT(ping_rec_timeout);
SHOW_INT(ping_rec_timeout_action);
@@ -2282,6 +2287,8 @@
*/
if (options->mode == MODE_SERVER)
{
+#define USAGE_VALID_SERVER_PROTOS "--mode server currently only supports " \
+ "--proto values of udp, tcp-server, tcp4-server, or tcp6-server"
#ifdef TARGET_ANDROID
msg(M_FATAL, "--mode server not supported on Android");
#endif
@@ -2299,15 +2306,14 @@
}
if (!(proto_is_udp(ce->proto) || ce->proto == PROTO_TCP_SERVER))
{
- msg(M_USAGE, "--mode server currently only supports "
- "--proto udp or --proto tcp-server or proto tcp6-server");
+ msg(M_USAGE, USAGE_VALID_SERVER_PROTOS);
}
#if PORT_SHARE
if ((options->port_share_host || options->port_share_port)
&& (ce->proto != PROTO_TCP_SERVER))
{
msg(M_USAGE, "--port-share only works in TCP server mode "
- "(--proto tcp-server or tcp6-server)");
+ "(--proto values of tcp-server, tcp4-server, or tcp6-server)");
}
#endif
if (!options->tls_server)
@@ -2355,9 +2361,7 @@
}
if (!(proto_is_dgram(ce->proto) || ce->proto == PROTO_TCP_SERVER))
{
- msg(M_USAGE,
- "--mode server currently only supports --proto udp or --proto "
- "tcp-server or --proto tcp6-server");
+ msg(M_USAGE, USAGE_VALID_SERVER_PROTOS);
}
if (!proto_is_udp(ce->proto) && (options->cf_max || options->cf_per))
{
@@ -4388,7 +4392,7 @@
show_windows_version( M_INFO|M_NOPREFIX );
#endif
msg(M_INFO|M_NOPREFIX, "Originally developed by James Yonan");
- msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>");
+ msg(M_INFO|M_NOPREFIX, "Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>");
#ifndef ENABLE_SMALL
#ifdef CONFIGURE_DEFINES
msg(M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES);
@@ -6247,7 +6251,16 @@
options->inactivity_timeout = positive_atoi(p[1]);
if (p[2])
{
- options->inactivity_minimum_bytes = positive_atoi(p[2]);
+ int64_t val = atoll(p[2]);
+ options->inactivity_minimum_bytes = (val < 0) ? 0 : val;
+ if ( options->inactivity_minimum_bytes > INT_MAX )
+ {
+ msg(M_WARN, "WARNING: '--inactive' with a 'bytes' value"
+ " >2 Gbyte was silently ignored in older versions. If "
+ " your VPN exits unexpectedly with 'Inactivity timeout'"
+ " in %d seconds, revisit this value.",
+ options->inactivity_timeout );
+ }
}
}
else if (streq(p[0], "proto") && p[1] && !p[2])
@@ -8122,6 +8135,13 @@
options->keysize = keysize;
}
#endif
+ else if (streq(p[0], "providers") && p[1])
+ {
+ for (size_t j = 1; j < MAX_PARMS && p[j] != NULL;j++)
+ {
+ options->providers.names[j] = p[j];
+ }
+ }
#ifdef ENABLE_PREDICTION_RESISTANCE
else if (streq(p[0], "use-prediction-resistance") && !p[1])
{
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index dea9642..3722090 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -176,6 +176,14 @@
struct remote_entry *array[CONNECTION_LIST_SIZE];
};
+struct provider_list
+{
+ /* Names of the providers */
+ const char *names[MAX_PARMS];
+ /* Pointers to the loaded providers to unload them */
+ provider_t *providers[MAX_PARMS];
+};
+
enum vlan_acceptable_frames
{
VLAN_ONLY_TAGGED,
@@ -281,7 +289,7 @@
int keepalive_timeout;
int inactivity_timeout; /* --inactive */
- int inactivity_minimum_bytes;
+ int64_t inactivity_minimum_bytes;
int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
@@ -519,6 +527,7 @@
const char *prng_hash;
int prng_nonce_secret_len;
const char *engine;
+ struct provider_list providers;
bool replay;
bool mute_replay_warnings;
int replay_window;
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index f31d882..bf12c40 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index f847296..00d6992 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index baa7054..b73363e 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index 8f70596..bb61328 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/perf.c b/src/openvpn/perf.c
index 2ad5825..3835d44 100644
--- a/src/openvpn/perf.c
+++ b/src/openvpn/perf.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/perf.h b/src/openvpn/perf.h
index 27c645f..41dff70 100644
--- a/src/openvpn/perf.h
+++ b/src/openvpn/perf.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c
index 3645631..152342f 100644
--- a/src/openvpn/pf.c
+++ b/src/openvpn/pf.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h
index 609c842..f0e6ae2 100644
--- a/src/openvpn/pf.h
+++ b/src/openvpn/pf.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c
index 67bbca1..4ef6bda 100644
--- a/src/openvpn/ping.c
+++ b/src/openvpn/ping.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h
index 7518404..3c8b748 100644
--- a/src/openvpn/ping.h
+++ b/src/openvpn/ping.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 367d67d..7029be5 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pkcs11.h b/src/openvpn/pkcs11.h
index ec52470..554bc29 100644
--- a/src/openvpn/pkcs11.h
+++ b/src/openvpn/pkcs11.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pkcs11_backend.h b/src/openvpn/pkcs11_backend.h
index eebfc55..c46b66e 100644
--- a/src/openvpn/pkcs11_backend.h
+++ b/src/openvpn/pkcs11_backend.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c
index 3cfcacc..dbc45fb 100644
--- a/src/openvpn/pkcs11_mbedtls.c
+++ b/src/openvpn/pkcs11_mbedtls.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index f5d3add..2e0cb22 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c
index 964d578..4921f03 100644
--- a/src/openvpn/platform.c
+++ b/src/openvpn/platform.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -471,7 +471,7 @@
}
else
{
- if (openvpn_errno() == EACCES)
+ if (errno == EACCES)
{
msg( M_WARN | M_ERRNO, "Could not access file '%s'", filename);
}
diff --git a/src/openvpn/platform.h b/src/openvpn/platform.h
index 1b9340c..de1d339 100644
--- a/src/openvpn/platform.h
+++ b/src/openvpn/platform.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
index 73c25ff..ed5d7c0 100644
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -806,7 +806,7 @@
const int n = plugin_n(pl);
bool success = false;
bool error = false;
- bool deferred = false;
+ bool deferred_auth_done = false;
setenv_del(es, "script_type");
envp = make_env_array(es, false, &gc);
@@ -829,7 +829,34 @@
break;
case OPENVPN_PLUGIN_FUNC_DEFERRED:
- deferred = true;
+ if ((type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ && deferred_auth_done)
+ {
+ /*
+ * Do not allow deferred auth if a deferred auth has
+ * already been started. This should allow a single
+ * deferred auth call to happen, with one or more
+ * auth calls with an instant authentication result.
+ *
+ * The plug-in API is not designed for multiple
+ * deferred authentications to happen, as the
+ * auth_control_file file will be shared across all
+ * the plug-ins.
+ *
+ * Since this is considered a critical configuration
+ * error, we bail out and exit the OpenVPN process.
+ */
+ error = true;
+ msg(M_FATAL,
+ "Exiting due to multiple authentication plug-ins "
+ "performing deferred authentication. Only one "
+ "authentication plug-in doing deferred auth is "
+ "allowed. Ignoring the result and stopping now, "
+ "the current authentication result is not to be "
+ "trusted.");
+ break;
+ }
+ deferred_auth_done = true;
break;
default:
@@ -853,7 +880,7 @@
{
return OPENVPN_PLUGIN_FUNC_ERROR;
}
- else if (deferred)
+ else if (deferred_auth_done)
{
return OPENVPN_PLUGIN_FUNC_DEFERRED;
}
diff --git a/src/openvpn/plugin.h b/src/openvpn/plugin.h
index 98b3078..c6fa206 100644
--- a/src/openvpn/plugin.h
+++ b/src/openvpn/plugin.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index b3f0bcd..03fdedb 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h
index e8db68e..39fc1b0 100644
--- a/src/openvpn/pool.h
+++ b/src/openvpn/pool.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c
index cff0ef0..88abd19 100644
--- a/src/openvpn/proto.c
+++ b/src/openvpn/proto.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index f73e50c..542ae2c 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 8822998..d0aaa03 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h
index 7668dc9..9d71938 100644
--- a/src/openvpn/proxy.h
+++ b/src/openvpn/proxy.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index a611761..e79cb0d 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ps.h b/src/openvpn/ps.h
index 2192034..434c13c 100644
--- a/src/openvpn/ps.h
+++ b/src/openvpn/ps.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index bc94c32..fab1d5f 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/push.h b/src/openvpn/push.h
index fa323f4..6919627 100644
--- a/src/openvpn/push.h
+++ b/src/openvpn/push.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/pushlist.h b/src/openvpn/pushlist.h
index a7b5998..5caca38 100644
--- a/src/openvpn/pushlist.h
+++ b/src/openvpn/pushlist.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c
index d0a8d78..24db7c7 100644
--- a/src/openvpn/reliable.c
+++ b/src/openvpn/reliable.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h
index 2daab6e..d551314 100644
--- a/src/openvpn/reliable.h
+++ b/src/openvpn/reliable.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ring_buffer.h b/src/openvpn/ring_buffer.h
index 9661ceb..089076b 100644
--- a/src/openvpn/ring_buffer.h
+++ b/src/openvpn/ring_buffer.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* 2019 Lev Stipakov <lev@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 5cfbb28..4fd4955 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 64d57a5..ce19d5b 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/run_command.c b/src/openvpn/run_command.c
index bdb0afb..30d7bf1 100644
--- a/src/openvpn/run_command.c
+++ b/src/openvpn/run_command.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/run_command.h b/src/openvpn/run_command.h
index 5061f75..edc0843 100644
--- a/src/openvpn/run_command.h
+++ b/src/openvpn/run_command.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/schedule.c b/src/openvpn/schedule.c
index d3044d3..0027d19 100644
--- a/src/openvpn/schedule.c
+++ b/src/openvpn/schedule.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/schedule.h b/src/openvpn/schedule.h
index d911f1e..52c5288 100644
--- a/src/openvpn/schedule.h
+++ b/src/openvpn/schedule.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/session_id.c b/src/openvpn/session_id.c
index 495db4f..5c6b932 100644
--- a/src/openvpn/session_id.c
+++ b/src/openvpn/session_id.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/session_id.h b/src/openvpn/session_id.h
index f0c4c9e..e207245 100644
--- a/src/openvpn/session_id.h
+++ b/src/openvpn/session_id.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/shaper.c b/src/openvpn/shaper.c
index f97b045..3150193 100644
--- a/src/openvpn/shaper.c
+++ b/src/openvpn/shaper.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/shaper.h b/src/openvpn/shaper.h
index f565055..74f771d 100644
--- a/src/openvpn/shaper.h
+++ b/src/openvpn/shaper.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index 25af9de..2db60ab 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h
index 3ce57ab..091f16b 100644
--- a/src/openvpn/sig.h
+++ b/src/openvpn/sig.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/sitnl.h b/src/openvpn/sitnl.h
deleted file mode 100644
index a127d73..0000000
--- a/src/openvpn/sitnl.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Simplified Interface To NetLink
- *
- * Copyright (C) 2016-2021 Antonio Quartulli <a@unstable.cc>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#ifndef SITNL_H_
-#define SITNL_H_
-
-#ifdef TARGET_LINUX
-
-#include <stdbool.h>
-#include <netinet/in.h>
-
-/**
- * Bring interface up or down.
- *
- * @param iface the interface to modify
- * @param up true if the interface has to be brought up, false otherwise
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_iface_up(const char *iface, bool up);
-
-/**
- * Set the MTU for an interface
- *
- * @param iface the interface to modify
- * @param mtru the new MTU
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_iface_mtu_set(const char *iface, uint32_t mtu);
-
-/**
- * Add an IPv4 address to an interface
- *
- * @param iface the interface where the address has to be added
- * @param addr the address to add
- * @param prefixlen the prefix length of the network associated with the address
- * @param broadcast the broadcast address to configure on the interface
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_addr_v4_add(const char *iface, const in_addr_t *addr, int prefixlen,
- const in_addr_t *broadcast);
-
-/**
- * Add an IPv6 address to an interface
- *
- * @param iface the interface where the address has to be added
- * @param addr the address to add
- * @param prefixlen the prefix length of the network associated with the address
- *
- * @return 0 on success, a negative error code otherwise
- */
-
-int sitnl_addr_v6_add(const char *iface, const struct in6_addr *addr,
- int prefixlen);
-
-/**
- * Remove an IPv4 from an interface
- *
- * @param iface the interface to remove the address from
- * @param prefixlen the prefix length of the network associated with the address
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_addr_v4_del(const char *iface, const in_addr_t *addr, int prefixlen);
-
-/**
- * Remove an IPv6 from an interface
- *
- * @param iface the interface to remove the address from
- * @param prefixlen the prefix length of the network associated with the address
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_addr_v6_del(const char *iface, const struct in6_addr *addr,
- int prefixlen);
-
-/**
- * Add a point-to-point IPv4 address to an interface
- *
- * @param iface the interface where the address has to be added
- * @param local the address to add
- * @param remote the associated p-t-p remote address
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_addr_ptp_v4_add(const char *iface, const in_addr_t *local,
- const in_addr_t *remote);
-
-/**
- * Remove a point-to-point IPv4 address from an interface
- *
- * @param iface the interface to remove the address from
- * @param local the address to remove
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_addr_ptp_v4_del(const char *iface, const in_addr_t *local);
-
-
-/**
- * Add a route for an IPv4 address/network
- *
- * @param dst the destination of the route
- * @param prefixlen the length of the prefix of the destination
- * @param gw the gateway for this route
- * @param iface the interface for this route (can be NULL)
- * @param table the table to add this route to (if 0, will be added to the
- * main table)
- * @param metric the metric associated with the route
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v4_add(const in_addr_t *dst, int prefixlen,
- const in_addr_t *gw, const char *iface, uint32_t table,
- int metric);
-
-/**
- * Add a route for an IPv6 address/network
- *
- * @param dst the destination of the route
- * @param prefixlen the length of the prefix of the destination
- * @param gw the gateway for this route
- * @param iface the interface for this route (can be NULL)
- * @param table the table to add this route to (if 0, will be added to the
- * main table)
- * @param metric the metric associated with the route
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v6_add(const struct in6_addr *dst, int prefixlen,
- const struct in6_addr *gw, const char *iface,
- uint32_t table, int metric);
-
-/**
- * Delete a route for an IPv4 address/network
- *
- * @param dst the destination of the route
- * @param prefixlen the length of the prefix of the destination
- * @param gw the gateway for this route
- * @param iface the interface for this route (can be NULL)
- * @param table the table to add this route to (if 0, will be added to the
- * main table)
- * @param metric the metric associated with the route
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v4_del(const in_addr_t *dst, int prefixlen,
- const in_addr_t *gw, const char *iface, uint32_t table,
- int metric);
-
-/**
- * Delete a route for an IPv4 address/network
- *
- * @param dst the destination of the route
- * @param prefixlen the length of the prefix of the destination
- * @param gw the gateway for this route
- * @param iface the interface for this route (can be NULL)
- * @param table the table to add this route to (if 0, will be added to the
- * main table)
- * @param metric the metric associated with the route
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v6_del(const struct in6_addr *dst, int prefixlen,
- const struct in6_addr *gw, const char *iface,
- uint32_t table, int metric);
-
-/**
- * Retrieve the gateway and outgoing interface for the specified IPv4
- * address/network
- *
- * @param dst The destination to lookup
- * @param prefixlen The length of the prefix of the destination
- * @param best_gw Location where the retrieved GW has to be stored
- * @param best_iface Location where the retrieved interface has to be stored
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v4_best_gw(const in_addr_t *dst, int prefixlen,
- in_addr_t *best_gw, char *best_iface);
-
-/**
- * Retrieve the gateway and outgoing interface for the specified IPv6
- * address/network
- *
- * @param dst The destination to lookup
- * @param prefixlen The length of the prefix of the destination
- * @param best_gw Location where the retrieved GW has to be stored
- * @param best_iface Location where the retrieved interface has to be stored
- *
- * @return 0 on success, a negative error code otherwise
- */
-int sitnl_route_v6_best_gw(const struct in6_addr *dst, int prefixlen,
- struct in6_addr *best_gw, char *best_iface);
-
-#endif /* TARGET_LINUX */
-
-#endif /* SITNL_H_ */
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index cd41893..28fabe7 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index c02c848..2ad6155 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 71f82b2..fe6dc91 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h
index 9bda2e8..88cf952 100644
--- a/src/openvpn/socks.h
+++ b/src/openvpn/socks.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index d66299f..841a649 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
- * Copyright (C) 2008-2021 David Sommerseth <dazo@eurephia.org>
+ * Copyright (C) 2008-2022 David Sommerseth <dazo@eurephia.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index ebc1bf6..4fe8004 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 9d25321..96b8bc9 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 74faf68..f485528 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 0fe70e4..be0e57f 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
* Copyright (C) 2006-2010, Brainspark B.V.
*
@@ -330,7 +330,8 @@
void
tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
{
- if (!profile || 0 == strcmp(profile, "legacy"))
+ if (!profile || 0 == strcmp(profile, "legacy")
+ || 0 == strcmp(profile, "insecure"))
{
ctx->cert_profile = openvpn_x509_crt_profile_legacy;
}
diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
index c7eaec8..15170f4 100644
--- a/src/openvpn/ssl_mbedtls.h
+++ b/src/openvpn/ssl_mbedtls.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index aabfc6d..b94c786 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -5,9 +5,9 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
- * Copyright (C) 2008-2021 David Sommerseth <dazo@eurephia.org>
+ * Copyright (C) 2008-2022 David Sommerseth <dazo@eurephia.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h
index 3fa68e2..ce330ee 100644
--- a/src/openvpn/ssl_ncp.h
+++ b/src/openvpn/ssl_ncp.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 27fb66a..e0360f7 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
@@ -551,6 +551,10 @@
{
SSL_CTX_set_security_level(ctx->ctx, 1);
}
+ else if (0 == strcmp(profile, "insecure"))
+ {
+ SSL_CTX_set_security_level(ctx->ctx, 0);
+ }
else if (0 == strcmp(profile, "preferred"))
{
SSL_CTX_set_security_level(ctx->ctx, 2);
@@ -821,6 +825,8 @@
ca = NULL;
if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))
{
+ crypto_msg(M_WARN, "Decoding PKCS12 failed. Probably wrong password "
+ "or unsupported/legacy encryption");
#ifdef ENABLE_MANAGEMENT
if (management && (ERR_GET_REASON(ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))
{
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index 46338c2..5f4d499 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 0ccd43d..7f977c0 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index ffba6a9..623b965 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h
index ca04261..be85796 100644
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index c767178..9f59211 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify_mbedtls.h b/src/openvpn/ssl_verify_mbedtls.h
index 6f2de99..9d31a65 100644
--- a/src/openvpn/ssl_verify_mbedtls.h
+++ b/src/openvpn/ssl_verify_mbedtls.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index aadc517..93de088 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/ssl_verify_openssl.h b/src/openvpn/ssl_verify_openssl.h
index 70a9d50..ca78a40 100644
--- a/src/openvpn/ssl_verify_openssl.h
+++ b/src/openvpn/ssl_verify_openssl.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/status.c b/src/openvpn/status.c
index 8476b4d..0541ec2 100644
--- a/src/openvpn/status.c
+++ b/src/openvpn/status.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/status.h b/src/openvpn/status.h
index da1775d..fc3a97d 100644
--- a/src/openvpn/status.h
+++ b/src/openvpn/status.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 24ee27c..8c2216f 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -417,7 +417,7 @@
/*
* Do we have the capability to report extended socket errors?
*/
-#if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H) && defined(HAVE_SOCK_EXTENDED_ERR) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(IP_RECVERR) && defined(MSG_ERRQUEUE) && defined(SOL_IP) && defined(HAVE_IOVEC)
+#if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H)
#define EXTENDED_SOCKET_ERROR_CAPABILITY 1
#else
#define EXTENDED_SOCKET_ERROR_CAPABILITY 0
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index db8fdec..ca79b09 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index ff0919d..ae98966 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -461,7 +461,7 @@
*/
if (status < 0)
{
- return openvpn_errno() == ERROR_FILE_NOT_FOUND;
+ return GetLastError() == ERROR_FILE_NOT_FOUND;
}
return false;
}
@@ -474,7 +474,7 @@
*/
if (status < 0)
{
- return openvpn_errno() == ERROR_OPERATION_ABORTED;
+ return GetLastError() == ERROR_OPERATION_ABORTED;
}
return false;
}
diff --git a/src/openvpn/vcpkg.json b/src/openvpn/vcpkg.json
new file mode 100644
index 0000000..6537fdd
--- /dev/null
+++ b/src/openvpn/vcpkg.json
@@ -0,0 +1,19 @@
+{
+ "$schema": "https://raw.githubusercontent.com/microsoft/vcpkg/master/scripts/vcpkg.schema.json",
+ "name": "openvpn",
+ "version": "2.5",
+ "dependencies": [
+ "openssl",
+ "tap-windows6",
+ "lzo",
+ "lz4",
+ "pkcs11-helper"
+ ],
+ "builtin-baseline": "4b766c1cd17205e1b768c4fadfd5f867c1d0510e",
+ "overrides": [
+ {
+ "name": "openssl",
+ "version-string": "1.1.1n"
+ }
+ ]
+}
diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c
index 573a990..661be4a 100644
--- a/src/openvpn/vlan.c
+++ b/src/openvpn/vlan.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2010 Fabian Knittel <fabian.knittel@lettink.de>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/vlan.h b/src/openvpn/vlan.h
index d4b93c4..89dc7d4 100644
--- a/src/openvpn/vlan.h
+++ b/src/openvpn/vlan.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2010 Fabian Knittel <fabian.knittel@lettink.de>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 920a3b3..e91e742 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
index 5c3bcc3..3dd8b7e 100644
--- a/src/openvpn/win32.h
+++ b/src/openvpn/win32.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/Makefile.am b/src/openvpnmsica/Makefile.am
index 68cf808..a1a04af 100644
--- a/src/openvpnmsica/Makefile.am
+++ b/src/openvpnmsica/Makefile.am
@@ -1,8 +1,8 @@
#
# openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
-# Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
@@ -18,7 +18,7 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-include $(top_srcdir)/ltrc.inc
+include $(top_srcdir)/build/ltrc.inc
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c
index 7315543..d544011 100644
--- a/src/openvpnmsica/dllmain.c
+++ b/src/openvpnmsica/dllmain.c
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/msica_arg.c b/src/openvpnmsica/msica_arg.c
index cde0577..ed1f4d7 100644
--- a/src/openvpnmsica/msica_arg.c
+++ b/src/openvpnmsica/msica_arg.c
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/msica_arg.h b/src/openvpnmsica/msica_arg.h
index 4bf3c09..7444f44 100644
--- a/src/openvpnmsica/msica_arg.h
+++ b/src/openvpnmsica/msica_arg.h
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/msiex.c b/src/openvpnmsica/msiex.c
index 54b2b97..a3e797e 100644
--- a/src/openvpnmsica/msiex.c
+++ b/src/openvpnmsica/msiex.c
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/msiex.h b/src/openvpnmsica/msiex.h
index cae4298..a944ff0 100644
--- a/src/openvpnmsica/msiex.h
+++ b/src/openvpnmsica/msiex.h
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/openvpnmsica.c b/src/openvpnmsica/openvpnmsica.c
index 98111fb..f44515d 100644
--- a/src/openvpnmsica/openvpnmsica.c
+++ b/src/openvpnmsica/openvpnmsica.c
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/openvpnmsica.h b/src/openvpnmsica/openvpnmsica.h
index bfc40ea..8c53de4 100644
--- a/src/openvpnmsica/openvpnmsica.h
+++ b/src/openvpnmsica/openvpnmsica.h
@@ -2,7 +2,7 @@
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
* https://community.openvpn.net/openvpn/wiki/OpenVPNMSICA
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnmsica/openvpnmsica.props b/src/openvpnmsica/openvpnmsica.props
index 074635d..1091c9f 100644
--- a/src/openvpnmsica/openvpnmsica.props
+++ b/src/openvpnmsica/openvpnmsica.props
@@ -7,7 +7,6 @@
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
- <AdditionalIncludeDirectories>..\compat;$(TAP_WINDOWS_HOME)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_WIN32_WINNT=_WIN32_WINNT_VISTA;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj
index e0712ae..46a686a 100644
--- a/src/openvpnmsica/openvpnmsica.vcxproj
+++ b/src/openvpnmsica/openvpnmsica.vcxproj
@@ -135,6 +135,54 @@
<PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<VcpkgEnabled>true</VcpkgEnabled>
</PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <Link>
+ <CETCompat>true</CETCompat>
+ </Link>
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Link>
+ <CETCompat>true</CETCompat>
+ </Link>
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <SDLCheck>true</SDLCheck>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ </ClCompile>
+ </ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\tapctl\error.c" />
<ClCompile Include="..\tapctl\tap.c" />
diff --git a/src/openvpnmsica/openvpnmsica_resources.rc b/src/openvpnmsica/openvpnmsica_resources.rc
index 323f0e7..2b383d2 100644
--- a/src/openvpnmsica/openvpnmsica_resources.rc
+++ b/src/openvpnmsica/openvpnmsica_resources.rc
@@ -1,7 +1,7 @@
/*
* openvpnmsica -- Custom Action DLL to provide OpenVPN-specific support to MSI packages
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/Makefile.am b/src/openvpnserv/Makefile.am
index b067fb9..f72d724 100644
--- a/src/openvpnserv/Makefile.am
+++ b/src/openvpnserv/Makefile.am
@@ -5,7 +5,7 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
diff --git a/src/openvpnserv/automatic.c b/src/openvpnserv/automatic.c
index 3f2ca34..7800bfd 100644
--- a/src/openvpnserv/automatic.c
+++ b/src/openvpnserv/automatic.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c
index f7b061c..28cf07c 100644
--- a/src/openvpnserv/common.c
+++ b/src/openvpnserv/common.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2011-2021 Heiko Hund <heiko.hund@sophos.com>
+ * Copyright (C) 2011-2022 Heiko Hund <heiko.hund@sophos.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index de36e85..3b120ae 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2012-2021 Heiko Hund <heiko.hund@sophos.com>
+ * Copyright (C) 2012-2022 Heiko Hund <heiko.hund@sophos.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj
index b92393d..6311529 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -124,7 +124,9 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
@@ -135,7 +137,9 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
@@ -146,7 +150,9 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
@@ -157,29 +163,37 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
<AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<SubSystem>Console</SubSystem>
+ <CETCompat>true</CETCompat>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
<AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<SubSystem>Console</SubSystem>
+ <CETCompat>true</CETCompat>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<ClCompile>
<AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
</ClCompile>
<ResourceCompile />
<Link>
diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h
index 500f390..84ac309 100644
--- a/src/openvpnserv/service.h
+++ b/src/openvpnserv/service.h
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2013-2021 Heiko Hund <heiko.hund@sophos.com>
+ * Copyright (C) 2013-2022 Heiko Hund <heiko.hund@sophos.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c
index 93f92e3..e987d53 100644
--- a/src/openvpnserv/validate.c
+++ b/src/openvpnserv/validate.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2021 Selva Nair <selva.nair@gmail.com>
+ * Copyright (C) 2016-2022 Selva Nair <selva.nair@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/openvpnserv/validate.h b/src/openvpnserv/validate.h
index 710e136..735485b 100644
--- a/src/openvpnserv/validate.h
+++ b/src/openvpnserv/validate.h
@@ -6,7 +6,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2016-2021 Selva Nair <selva.nair@gmail.com>
+ * Copyright (C) 2016-2022 Selva Nair <selva.nair@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 70f0f36..4c72bf0 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -5,11 +5,11 @@
# packet encryption, packet authentication, and
# packet compression.
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
#
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in
-SUBDIRS = down-root
+SUBDIRS = auth-pam down-root
diff --git a/src/plugins/down-root/down-root.c b/src/plugins/down-root/down-root.c
index 555b4d5..499b033 100644
--- a/src/plugins/down-root/down-root.c
+++ b/src/plugins/down-root/down-root.c
@@ -5,7 +5,7 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
* Copyright (C) 2013 David Sommerseth <davids@redhat.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/src/tapctl/Makefile.am b/src/tapctl/Makefile.am
index 79ce998..305181b 100644
--- a/src/tapctl/Makefile.am
+++ b/src/tapctl/Makefile.am
@@ -1,8 +1,8 @@
#
# tapctl -- Utility to manipulate TUN/TAP interfaces on Windows
#
-# Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
-# Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+# Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+# Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
@@ -18,7 +18,7 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-include $(top_srcdir)/ltrc.inc
+include $(top_srcdir)/build/ltrc.inc
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
diff --git a/src/tapctl/basic.h b/src/tapctl/basic.h
index 3de237d..9a56356 100644
--- a/src/tapctl/basic.h
+++ b/src/tapctl/basic.h
@@ -2,8 +2,8 @@
* basic -- Basic macros
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/tapctl/error.c b/src/tapctl/error.c
index 16662ec..7fcab1b 100644
--- a/src/tapctl/error.c
+++ b/src/tapctl/error.c
@@ -2,8 +2,8 @@
* error -- OpenVPN compatible error reporting API
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/tapctl/error.h b/src/tapctl/error.h
index fa6e3ff..bbcb941 100644
--- a/src/tapctl/error.h
+++ b/src/tapctl/error.h
@@ -2,8 +2,8 @@
* error -- OpenVPN compatible error reporting API
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/tapctl/main.c b/src/tapctl/main.c
index 73ec40b..ab3758a 100644
--- a/src/tapctl/main.c
+++ b/src/tapctl/main.c
@@ -2,8 +2,8 @@
* tapctl -- Utility to manipulate TUN/TAP adapters on Windows
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c
index dd4a10a..c9795bc 100644
--- a/src/tapctl/tap.c
+++ b/src/tapctl/tap.c
@@ -2,7 +2,7 @@
* tapctl -- Utility to manipulate TUN/TAP adapters on Windows
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2018-2020 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -73,14 +73,15 @@
return NULL;
}
- size_t len = _countof(libpath) - wcslen(libpath) - 1;
- if (len < wcslen(libname) + 1)
+ /* +1 for the path seperator '\' */
+ const size_t path_length = wcslen(libpath) + 1 + wcslen(libname);
+ if (path_length >= _countof(libpath))
{
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return NULL;
}
- wcsncat(libpath, L"\\", len);
- wcsncat(libpath, libname, len-1);
+ wcscat_s(libpath, _countof(libpath), L"\\");
+ wcscat_s(libpath, _countof(libpath), libname);
*m = LoadLibraryW(libpath);
if (*m == NULL)
diff --git a/src/tapctl/tap.h b/src/tapctl/tap.h
index 847040c..670903b 100644
--- a/src/tapctl/tap.h
+++ b/src/tapctl/tap.h
@@ -2,7 +2,7 @@
* tapctl -- Utility to manipulate TUN/TAP adapters on Windows
* https://community.openvpn.net/openvpn/wiki/Tapctl
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
index 0f2d43e..8259f87 100644
--- a/src/tapctl/tapctl.vcxproj
+++ b/src/tapctl/tapctl.vcxproj
@@ -135,12 +135,54 @@
<PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<VcpkgEnabled>true</VcpkgEnabled>
</PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <CETCompat>true</CETCompat>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <Link>
+ <CETCompat>true</CETCompat>
+ </Link>
+ <ClCompile>
+ <SDLCheck>true</SDLCheck>
+ <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ </ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="error.c" />
<ClCompile Include="tap.c" />
diff --git a/src/tapctl/tapctl_resources.rc b/src/tapctl/tapctl_resources.rc
index a195396..d98bd8e 100644
--- a/src/tapctl/tapctl_resources.rc
+++ b/src/tapctl/tapctl_resources.rc
@@ -1,7 +1,7 @@
/*
* tapctl -- Utility to manipulate TUN/TAP adapters on Windows
*
- * Copyright (C) 2018-2021 Simon Rozman <simon@rozman.si>
+ * Copyright (C) 2018-2022 Simon Rozman <simon@rozman.si>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
diff --git a/version.m4 b/version.m4
index a94177e..58b21e7 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.5])
+define([PRODUCT_VERSION_PATCH], [.7])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,5,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,7,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
