- Hash() has been removed because it was ambiguous, Md5() and Sha0() are proper replacements.
- HMacMd5() and HMacSha1() now share a common implementation handled by the new Internal_HMac() function.
- NewMd() and MdProcess() now support plain hashing (without the key).
- NewMd(), SetMdKey() and MdProcess() now check the OpenSSL functions' return value and in case of failure a debug message is printed along with the error string, if available.
- SetMdKey()'s return value has been changed from void to bool, so that it's possible to know whether the function succeeded or not.
- MdProcess()' return value has been changed from void to UINT (unsigned int) and the function now returns the number of bytes written by HMAC_Final() or EVP_DigestFinal_ex().
also cleanup a code based on PVS analyzer findings
src/Cedar/Hub.c 5279 warn V547 Expression 'e->UpdatedTime <= oldest_time' is always true.
src/Cedar/Hub.c 5840 warn V581 The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 5828, 5840.
coverity thinks there might be null pointer dereference, make it
happier by removing check (there's a check against NULL in function itself).
condition "a.DataSize <= 1500" is always true
The previous regex expression removed all the 0s present in the input string, meaning that it caused the build to fail in case one of the date/time values was effectively 0.
found by coverity, cppcheck
[src/Cedar/Hub.c:6663]: (style) The function 'CalcTrafficEntryDiff' is never used.
[src/Cedar/Hub.c:3387]: (style) The function 'GetSessionByPtr' is never used.
[src/Cedar/Hub.c:3139]: (style) The function 'SetSessionFirstRedirectHttpUrl' is never used.
[src/Cedar/Hub.c:3912]: (style) The function 'VgsSetEmbTag' is never used.
[src/Cedar/Hub.c:3918]: (style) The function 'VgsSetUserAgentValue' is never used.
Pull request #294 added SHA-256, SHA-384, and SHA-512 support to the protocol, but part of it was removed in faee11ff09, because it caused a buffer over-read crash.
It also broke the MD5 implementation because the switch-case block didn't handle the type anymore.
This pull request fixes all the implementations and improves the IkeHMac() function by using the dedicated hashing functions.
found by coverity, cppcheck
[src/Cedar/Server.c:2899]: (style) Variable 'is_vgs_enabled' is assigned a value that is never used.
[src/Cedar/Server.c:3961]: (style) Variable 'id' is assigned a value that is never used.
[src/Cedar/Server.c:5723]: (style) Variable 'c' is assigned a value that is never used.
[src/Cedar/Server.c:5767]: (style) Variable 'num_connections_per_ip' is assigned a value that is never used.
[src/Cedar/Server.c:7327]: (style) Variable 'num' is assigned a value that is never used.
[src/Cedar/Server.c:8444]: (style) The function 'SiCallEnumHubBegin' is never used.
[src/Cedar/Server.c:8454]: (style) The function 'SiCallEnumHubEnd' is never used.
[src/Cedar/Server.c:9923]: (style) The function 'SiCallTaskAsyncBegin' is never used.
[src/Cedar/Server.c:9949]: (style) The function 'SiCallTaskAsyncEnd' is never used.
[src/Cedar/Server.c:10769]: (style) The function 'SiCheckCurrentRegion' is never used.
[src/Cedar/Server.c:2831]: (style) The function 'SiGetAzureEnable' is never used.
[src/Cedar/Server.c:208]: (style) The function 'SiGetServerNumUserObjects' is never used.
[src/Cedar/Server.c:2435]: (style) The function 'SiInitBridge' is never used.
[src/Cedar/Server.c:2540]: (style) The function 'SiTest' is never used.
[src/Cedar/Server.c:6707]: (style) The function 'StGetServer' is never used.
found by coverity, cppcheck
[src/Cedar/Session.c:1856]: (style) The function 'CompareSession' is never used.
[src/Cedar/Session.c:2384]: (style) The function 'DebugPrintSessionKey' is never used.
[src/Cedar/Session.c:2102]: (style) The function 'GetSessionFromKey32' is never used.
remove unused variable
[src/Cedar/IPsec_IKE.c:4332] -> [src/Cedar/IPsec_IKE.c:4332]: (style) Same expression on both sides of '||'.
[src/Cedar/IPsec_IKE.c:1665]: (style) Variable 'zero' is assigned a value that is never used.
found by coverity, cppcheck
[src/Cedar/Cedar.c:1605]: (style) The function 'EnableDebugLog' is never used.
[src/Cedar/Cedar.c:858]: (style) The function 'GetUnestablishedConnections' is never used.
[src/Cedar/Cedar.c:652]: (style) The function 'InitHiddenPassword' is never used.
[src/Cedar/Cedar.c:633]: (style) The function 'IsHiddenPasswordChanged' is never used.
[src/Cedar/Cedar.c:393]: (style) The function 'IsInNoSsl' is never used.
[src/Cedar/Cedar.c:1785]: (style) The function 'IsLaterBuild' is never used.
found by coverity, cppcheck
[src/Cedar/Client.c:9094]: (style) Unused variable: i
[src/Cedar/Client.c:500] -> [src/Cedar/Client.c:503]: (style) Variable 'ret' is reassigned a value before the old one has been used.
found by coverity, cppcheck
[src/Cedar/Client.c:10486]: (style) The function 'CiFreeInnerVPNServer' is never used.
[src/Cedar/Client.c:10877]: (style) The function 'CiGetNumActiveSessions' is never used.
[src/Cedar/Client.c:2042]: (style) The function 'CiHasAccountSensitiveInformationFile' is never used.
[src/Cedar/Client.c:10469]: (style) The function 'CiNewInnerVPNServer' is never used.
[src/Cedar/Client.c:1128]: (style) The function 'CncGetSessionId' is never used.
[src/Cedar/Client.c:767]: (style) The function 'CncPasswordDlgHaltThread' is never used.
[src/Cedar/Client.c:10681]: (style) The function 'CompareInternetSetting' is never used.
[src/Cedar/Client.c:11060]: (style) The function 'CtGetClient' is never used.
[src/Cedar/Client.c:5128]: (style) The function 'InRpcClientNotify' is never used.
[src/Cedar/Client.c:4340]: (style) The function 'InRpcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:5140]: (style) The function 'OutRpcClientNotify' is never used.
[src/Cedar/Client.c:5657]: (style) Condition 'reg_port!=0' is always false
[src/Cedar/Client.c:683]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Client.c:725]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Client.c:1013]: (style) Variable 'param' is assigned a value that is never used.
found by coverity, cppcheck
[src/Cedar/BridgeUnix.c:270] -> [src/Cedar/BridgeUnix.c:279]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:560] -> [src/Cedar/BridgeUnix.c:569]: (style) Variable 't' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:1528] -> [src/Cedar/BridgeUnix.c:1537]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:1278]: (style) Unused variable: c
[src/Cedar/BridgeUnix.c:1090]: (style) The function 'DlipAttachRequest' is never used.
found by coverity, cppcheck
[src/Cedar/Command.c:9378]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:9999]: (style) The function 'CmdEvalNetworkAndSubnetMask6' is never used.
found by coverity, cppcheck
[src/Cedar/EtherLog.c:327]: (style) The function 'EcAddLicenseKey' is never used.
[src/Cedar/EtherLog.c:385]: (style) The function 'ElCheckLicense' is never used.
found by cppcheck and coverity
[src/Cedar/Command.c:523] -> [src/Cedar/Command.c:532]: (style) Variable 'ok' is reassigned a value before the old one has been used.
[src/Cedar/Command.c:776]: (style) Variable 'tick2' is assigned a value that is never used.
[src/Cedar/Command.c:2244]: (style) Variable 'halt_timeout' is assigned a value that is never used.
[src/Cedar/Command.c:2246]: (style) Variable 'check_clock_seed' is assigned a value that is never used.
[src/Cedar/Command.c:2247]: (style) Variable 'halting' is assigned a value that is never used.
[src/Cedar/Command.c:6904]: (style) Unused variable: tmp
[src/Cedar/Command.c:12217]: (style) Variable 'packet_log' is assigned a value that is never used.
[src/Cedar/Command.c:20825]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20883]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20927]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:10022]: (style) The function 'CmdEvalIpAndMask46' is never used.
[src/Cedar/Command.c:10109]: (style) The function 'CmdEvalNetworkAndSubnetMask46' is never used.
[src/Cedar/Command.c:23025]: (style) The function 'CmdPrintRow' is never used.
[src/Cedar/Command.c:167]: (style) The function 'InRpcTtResult' is never used.
[src/Cedar/Command.c:148]: (style) The function 'OutRpcTtResult' is never used.
The workaround was required for the "net30" topology because:
"There is a problem in your selection of --ifconfig endpoints [local=192.168.30.10, remote=192.168.30.1]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info."
See https://community.openvpn.net/openvpn/wiki/Topology for detailed info.
also, remove unused functions:
[src/Cedar/EtherLog.c:1377]: (style) The function 'ElFree' is never used.
[src/Cedar/EtherLog.c:1370]: (style) The function 'ElInit' is never used.
[src/Cedar/Logging.c:679]: (style) The function 'HubLog' is never used.
[src/Cedar/Logging.c:888]: (style) The function 'IPCLog' is never used.
[src/Cedar/Logging.c:295]: (style) The function 'PrintEraseFileList' is never used.
[src/Cedar/Logging.c:1025]: (style) The function 'SecLog' is never used.
[src/Cedar/Logging.c:622]: (style) The function 'ServerLog' is never used.
[src/Cedar/Logging.c:2273]: (style) The function 'SetLogDirName' is never used.
[src/Cedar/Logging.c:2293]: (style) The function 'SetLogPrefix' is never used.
[src/Cedar/Logging.c:997]: (style) The function 'WriteMultiLineLog' is never used.
[src/Cedar/Logging.c:918]: (style) The function 'WriteSecurityLog' is never used.
[src/Cedar/Logging.c:1018] -> [src/Cedar/Logging.c:1006]:
(warning) Either the condition 'src_session!=NULL' is redundant or there is possible null
pointer dereference: src_session.
[src/Cedar/Interop_OpenVPN.c:2711]: (style) Variable 'now' is assigned a value that is never used.
[src/Cedar/Interop_OpenVPN.c:1053]: (style) The function 'OvsAddEntry' is never used.
[src/Cedar/Interop_OpenVPN.c:2610]: (style) The function 'OvsGetCompatibleL3IPNext' is never used.
[src/Cedar/Interop_OpenVPN.c:1047]: (style) The function 'OvsNewList' is never used.
[src/Cedar/Interop_OpenVPN.c:128]: (style) The function 'OvsSetNoOpenVpnTcp' is never used.
[src/Cedar/Interop_OpenVPN.c:140]: (style) The function 'OvsSetNoOpenVpnUdp' is never used.
OpenVPN sends the cipher name in uppercase, even if it's not standard, thus we have to convert it to lowercase for EVP_get_cipherbyname().
We also have to send the cipher name as it was received from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
"WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'"
It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters: a6fd48ba36/src/openvpn/options.c (L3819-L3831)
See https://github.com/openssl/openssl/issues/6921 for EVP_get_cipherbyname().
/builds/SoftEther/SoftEtherVPN/src/Cedar/Console.c: In function 'PasswordPrompt':
/builds/SoftEther/SoftEtherVPN/src/Cedar/Console.c:2051:8: warning: implicit declaration of function 'getch'; did you mean 'getc'? [-Wimplicit-function-declaration]
c = getch();
^~~~~
getc
In file included from /builds/SoftEther/SoftEtherVPN/src/Cedar/Bridge.c:130:0:
/builds/SoftEther/SoftEtherVPN/src/Cedar/BridgeUnix.c: In function 'CloseEth':
/builds/SoftEther/SoftEtherVPN/src/Cedar/BridgeUnix.c:1568:3: warning: implicit declaration of function 'FreeTap'; did you mean 'FreeCaps'? [-Wimplicit-function-declaration]
FreeTap(e->Tap);
^~~~~~~
FreeCaps
[src/Cedar/WinUi.c:7240]: (style) The function 'CbInsertStr' is never used.
[src/Cedar/WinUi.c:9271]: (style) The function 'CheckTextLen' is never used.
[src/Cedar/WinUi.c:9252]: (style) The function 'CheckTextSize' is never used.
[src/Cedar/WinUi.c:8936]: (style) The function 'DialogCreateEx' is never used.
[src/Cedar/WinUi.c:2155]: (style) The function 'EndFreeInfoDlg' is never used.
[src/Cedar/WinUi.c:2171]: (style) The function 'ExecuteHamcoreExe' is never used.
[src/Cedar/WinUi.c:9885]: (style) The function 'FormatTextA' is never used.
[src/Cedar/WinUi.c:9323]: (style) The function 'GetFontSize' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'GetMonitorSize' is never used.
[src/Cedar/WinUi.c:9759]: (style) The function 'GetWindowClientRect' is never used.
[src/Cedar/WinUi.c:1134]: (style) The function 'GetWizardPageIndex' is never used.
[src/Cedar/WinUi.c:3964]: (style) The function 'IpClear' is never used.
[src/Cedar/WinUi.c:6851]: (style) The function 'LbAddStr' is never used.
[src/Cedar/WinUi.c:6824]: (style) The function 'LbFindStr' is never used.
[src/Cedar/WinUi.c:7064]: (style) The function 'LbGetSelect' is never used.
[src/Cedar/WinUi.c:6812]: (style) The function 'LbGetStr' is never used.
[src/Cedar/WinUi.c:6900]: (style) The function 'LbInsertStr' is never used.
[src/Cedar/WinUi.c:7012]: (style) The function 'LbSetHeight' is never used.
[src/Cedar/WinUi.c:3652]: (style) The function 'LedDrawRect' is never used.
[src/Cedar/WinUi.c:6000]: (style) The function 'LvGetMaskedNum' is never used.
[src/Cedar/WinUi.c:6037]: (style) The function 'LvSearchStr_' is never used.
[src/Cedar/WinUi.c:5703]: (style) The function 'LvSetItemImage' is never used.
[src/Cedar/WinUi.c:5831]: (style) The function 'LvShow' is never used.
[src/Cedar/WinUi.c:10155]: (style) The function 'NoTop' is never used.
[src/Cedar/WinUi.c:10047]: (style) The function 'NoticeSettingChange' is never used.
[src/Cedar/WinUi.c:7854]: (style) The function 'PkcsUtil' is never used.
[src/Cedar/WinUi.c:8968]: (style) The function 'SetBitmap' is never used.
[src/Cedar/WinUi.c:4539]: (style) The function 'SetMenuItemEnable' is never used.
[src/Cedar/WinUi.c:9918]: (style) The function 'SetTextEx' is never used.
[src/Cedar/WinUi.c:9940]: (style) The function 'SetTextExA' is never used.
[src/Cedar/WinUi.c:11272]: (style) The function 'SetWinUiTitle' is never used.
[src/Cedar/WinUi.c:2132]: (style) The function 'StartFreeInfoDlg' is never used.
[src/Cedar/WinUi.c:3920]: (style) The function 'UiTest' is never used.
[src/Cedar/WinUi.c:1558]: (style) The function 'WinConnectEx2' is never used.
[src/Cedar/WinUi.c:10803]: (style) The function 'WinUiDebug' is never used.
[src/Cedar/WinUi.c:6908]: (style) The function 'CbInsertStr9xA' is never used.
[src/Cedar/WinUi.c:2096]: (style) The function 'FreeInfoThread' is never used.
[src/Cedar/WinUi.c:9644]: (style) The function 'GetTextSize' is never used.
[src/Cedar/WinUi.c:2833]: (style) The function 'GetWindowAndControlSizeResizeScale' is never used.
[src/Cedar/WinUi.c:2001]: (style) The function 'IsRegistedToDontShowFreeEditionDialog' is never used.
[src/Cedar/WinUi.c:6606]: (style) The function 'LbAddStrA' is never used.
[src/Cedar/WinUi.c:6739]: (style) The function 'LbGetSelectIndex' is never used.
[src/Cedar/WinUi.c:6627]: (style) The function 'LbInsertStrA' is never used.
[src/Cedar/WinUi.c:7593]: (style) The function 'PkcsUtilProc' is never used.
[src/Cedar/WinUi.c:6598]: (style) The function 'LbSelect' is never used.
[src/Cedar/WinUi.c:7421]: (style) The function 'PkcsUtilErase' is never used.
[src/Cedar/WinUi.c:7349]: (style) The function 'PkcsUtilWrite' is never used.
[src/Cedar/WinUi.c:2059]: (style) The function 'ShowFreeInfoDialog' is never used.
[src/Cedar/WinUi.c:2013]: (style) The function 'FreeInfoDialogProc' is never used.
[src/Cedar/WinUi.c:6558]: (style) The function 'LbFindData' is never used.
[src/Cedar/WinUi.c:6534]: (style) The function 'LbSelectIndex' is never used.
[src/Cedar/WinUi.c:6488]: (style) The function 'LbGetData' is never used.
[src/Cedar/WinUi.c:6464]: (style) The function 'LbNum' is never used.
[src/Cedar/WinUi.c:2001]: (style) The function 'RegistToDontShowFreeEditionDialog' is never used.
With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
On startup client creates TUN interface in UP state and kept it UP even
if connection to the server was lost. Creating interface in DOWN state,
turning it UP on successful (re-)connection to server and DOWN on either
disconnect or connection loss would enable DHCP client (say dhclient5)
to detect necessity for lease renewal.
Added a client configuration parameter to create TUN interface in DOWN
state and commands to enable, disable, and query the configuration
parameter.
Enabling the parameter causes client to put all unused TUN interfaces
DOWN, create new TUN interfaces in DOWN state, and turn TUN interfaces
corresponding to active sessions DOWN on connection loss or
disconnecting from server.
Disabling the parameter forces client to turn all TUN interfaces UP and
create new TUN interfaces in UP state.
Default value is 'Disable'.
