github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove private key password-change feature 

- With this, dependence on OpenSSL is also gone. CI build
  tasks are updated accordingly.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/621/head
Selva Nair 2023-03-26 12:09:27 -04:00
parent 7d23e63411
commit 0bea5549f1
20 changed files with 100 additions and 1193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
.github/workflows/msbuild.yml vendored
View File

@ -7,20 +7,19 @@ jobs:
strategy: strategy:
matrix: matrix:
arch: [x86, x64, arm64] arch: [x86, x64, arm64]
ossl: [ossl1.1.1, ossl3]
ovpn3: ovpn3:
- preset: "" - preset: ""
name: "" name: ""
upload_name: "" upload_name: ""
- preset: -ovpn3 - preset: -ovpn3
name: " - ovpn3" name: "- ovpn3"
upload_name: "_ovpn3" upload_name: "_ovpn3"
env: env:
# Indicates the location of the vcpkg as a Git submodule of the project repository. # Indicates the location of the vcpkg as a Git submodule of the project repository.
VCPKG_ROOT: ${{ github.workspace }}/vcpkg VCPKG_ROOT: ${{ github.workspace }}/vcpkg
name: 'msvc - ${{matrix.arch}} - ${{ matrix.ossl }}${{ matrix.ovpn3.name }}' name: 'msvc - ${{matrix.arch}} ${{ matrix.ovpn3.name }}'
runs-on: windows-latest runs-on: windows-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -30,26 +29,25 @@ jobs:
uses: lukka/run-vcpkg@v10 uses: lukka/run-vcpkg@v10
with: with:
vcpkgGitCommitId: "6adca01a3fadca0cc0b80f03ec57c7c3a0be5c02" vcpkgGitCommitId: "6adca01a3fadca0cc0b80f03ec57c7c3a0be5c02"
appendedCacheKey: "${{ matrix.arch }} - ${{ matrix.ossl }}" appendedCacheKey: "${{ matrix.arch }}"
- name: Run CMake consuming CMakePreset.json and vcpkg.json by mean of vcpkg. - name: Run CMake consuming CMakePreset.json and vcpkg.json by mean of vcpkg.
uses: lukka/run-cmake@v10 uses: lukka/run-cmake@v10
with: with:
configurePreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}' configurePreset: '${{ matrix.arch }}-release${{ matrix.ovpn3.preset }}'
buildPreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}' buildPreset: '${{ matrix.arch }}-release${{ matrix.ovpn3.preset }}'
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@v3
with: with:
name: openvpn-gui_${{ matrix.arch }}_${{ matrix.ossl }}${{ matrix.ovpn3.upload_name }} name: openvpn-gui_${{ matrix.arch }}${{ matrix.ovpn3.upload_name }}
path: | path: |
out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}/*.dll out/build/${{ matrix.arch }}-release${{ matrix.ovpn3.preset }}/*.dll
out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}/*.exe out/build/${{ matrix.arch }}-release${{ matrix.ovpn3.preset }}/*.exe
mingw: mingw:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
openssl_version: [1.1.1m, 3.0.1]
target: [mingw64, mingw] target: [mingw64, mingw]
include: include:
- target: mingw64 - target: mingw64
@ -57,7 +55,7 @@ jobs:
- target: mingw - target: mingw
chost: i686-w64-mingw32 chost: i686-w64-mingw32
name: "gcc-mingw - ${{matrix.target}} - ossl${{ matrix.openssl_version }}" name: "gcc-mingw - ${{matrix.target}}"
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
env: env:
@ -80,34 +78,10 @@ jobs:
uses: actions/cache@v2 uses: actions/cache@v2
with: with:
path: '~/mingw/' path: '~/mingw/'
key: mingw-${{ matrix.target }}-${{ matrix.openssl_version }} key: mingw-${{ matrix.target }}
- name: Download mingw dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
wget -c -P download-cache/ "https://www.openssl.org/source/openssl-${{ matrix.openssl_version }}.tar.gz"
tar zxf "download-cache/openssl-${{ matrix.openssl_version }}.tar.gz"
- name: Configure OpenSSL
if: steps.cache.outputs.cache-hit != 'true'
run: ./Configure --cross-compile-prefix=${{ matrix.chost }}- shared ${{ matrix.target }} no-capieng --prefix="${HOME}/mingw/opt" --openssldir="${HOME}/mingw/opt" -static-libgcc
working-directory: "./openssl-${{ matrix.openssl_version }}"
- name: Build OpenSSL
if: steps.cache.outputs.cache-hit != 'true'
run: make
working-directory: "./openssl-${{ matrix.openssl_version }}"
- name: Install OpenSSL
if: steps.cache.outputs.cache-hit != 'true'
run: make install
working-directory: "./openssl-${{ matrix.openssl_version }}"
- name: configure - name: configure
# openssl3 uses lib64 on mingw64 run: PKG_CONFIG_PATH=${HOME}/mingw/opt/${LIB}/pkgconfig ./configure --host=${{ matrix.chost }}
run: |
[[ "${{ matrix.openssl_version }}" == "3.0.1" && "${{ matrix.target }}" == "mingw64" ]] && LIB="lib64" || LIB="lib"
PKG_CONFIG_PATH=${HOME}/mingw/opt/${LIB}/pkgconfig ./configure --host=${{ matrix.chost }} --enable-password-change=yes
working-directory: openvpn-gui working-directory: openvpn-gui
- name: make - name: make

25
BUILD.rst
View File

@ -17,8 +17,8 @@ Run inside MSVC command prompt:
.. code-block:: .. code-block::
c:\Temp\openvpn-gui>cmake -S . --preset x64-release-ossl3 c:\Temp\openvpn-gui>cmake -S . --preset x64-release
c:\Temp\openvpn-gui>cmake --build --preset x64-release-ossl3 c:\Temp\openvpn-gui>cmake --build --preset x64-release
To see all presets, run: To see all presets, run:
@ -26,18 +26,12 @@ To see all presets, run:
C:\Users\lev\Projects\openvpn-gui>cmake -S c:\Users\lev\Projects\openvpn-gui --list-presets C:\Users\lev\Projects\openvpn-gui>cmake -S c:\Users\lev\Projects\openvpn-gui --list-presets
Available configure presets: Available configure presets:
"x64-debug-ossl3" "x64-debug"
"x64-debug-ossl1.1.1" "arm64-debug"
"arm64-debug-ossl3" "x86-debug"
"arm64-debug-ossl1.1.1" "x64-release"
"x86-debug-ossl3" "arm64-release"
"x86-debug-ossl1.1.1" "x86-release"
"x64-release-ossl3"
"x64-release-ossl1.1.1"
"arm64-release-ossl3"
"arm64-release-ossl1.1.1"
"x86-release-ossl3"
"x86-release-ossl1.1.1"
You could also open CMake project from MSVC IDE and build from there. You could also open CMake project from MSVC IDE and build from there.
@ -65,7 +59,6 @@ their dependencies. You can install these packages using the standard
- pkg-config - pkg-config
- make - make
- mingw64-x86_64-gcc-core - mingw64-x86_64-gcc-core
- mingw64-x86_64-openssl
Build Build
@ -113,7 +106,7 @@ Now install the required development packages:
.. code-block:: bash .. code-block:: bash
pacman -S base-devel mingw-w64-x86_64-{toolchain,openssl} pacman -S base-devel mingw-w64-x86_64-{toolchain}
Build Build
----- -----

8
CMakeLists.txt
View File

@ -2,10 +2,6 @@ option(CLI_OVPN3 "Build ${PROJECT_NAME} with OpenVPN3 support" OFF)
cmake_minimum_required(VERSION 3.10) cmake_minimum_required(VERSION 3.10)
if(NOT VCPKG_MANIFEST_DIR)
set(VCPKG_MANIFEST_DIR ${CMAKE_SOURCE_DIR}/vcpkg_manifests/openssl_3)
endif()
project(openvpn-gui C CXX) project(openvpn-gui C CXX)
add_executable(${PROJECT_NAME} WIN32 add_executable(${PROJECT_NAME} WIN32
@ -19,7 +15,6 @@ add_executable(${PROJECT_NAME} WIN32
openvpn.c openvpn.c
openvpn_config.c openvpn_config.c
options.c options.c
passphrase.c
proxy.c proxy.c
registry.c registry.c
save_pass.c save_pass.c
@ -32,8 +27,6 @@ add_executable(${PROJECT_NAME} WIN32
config_parser.c config_parser.c
res/openvpn-gui-res.rc) res/openvpn-gui-res.rc)
find_package(OpenSSL REQUIRED)
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -DDEBUG") set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -DDEBUG")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf /Qspectre") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf /Qspectre")
@ -46,7 +39,6 @@ if(NOT (${CMAKE_C_COMPILER_ARCHITECTURE_ID} STREQUAL "ARM64"))
endif() endif()
target_link_libraries(${PROJECT_NAME} PRIVATE target_link_libraries(${PROJECT_NAME} PRIVATE
OpenSSL::SSL
Wtsapi32.lib Wtsapi32.lib
Netapi32.lib Netapi32.lib
ws2_32.lib ws2_32.lib

219
CMakePresets.json
View File

@ -14,20 +14,6 @@
}, },
"vendor": { "microsoft.com/VisualStudioSettings/CMake/1.0": { "hostOS": [ "Windows" ] } } "vendor": { "microsoft.com/VisualStudioSettings/CMake/1.0": { "hostOS": [ "Windows" ] } }
}, },
{
"name": "ossl3",
"hidden": true,
"cacheVariables": {
"VCPKG_MANIFEST_DIR": "${sourceDir}/vcpkg_manifests/openssl_3"
}
},
{
"name": "ossl1.1.1",
"hidden": true,
"cacheVariables": {
"VCPKG_MANIFEST_DIR": "${sourceDir}/vcpkg_manifests/openssl_1.1.1"
}
},
{ {
"name": "x64", "name": "x64",
"hidden": true, "hidden": true,
@ -71,222 +57,113 @@
} }
}, },
{ {
"name": "x64-debug-ossl3", "name": "x64-debug",
"inherits": [ "base", "ossl3", "x64", "debug" ] "inherits": [ "base", "x64", "debug" ]
}, },
{ {
"name": "x64-debug-ossl1.1.1", "name": "arm64-debug",
"inherits": [ "base", "ossl1.1.1", "x64", "debug" ] "inherits": [ "base", "arm64", "debug" ]
}, },
{ {
"name": "arm64-debug-ossl3", "name": "x86-debug",
"inherits": [ "base", "ossl3", "arm64", "debug" ] "inherits": [ "base", "x86", "debug" ]
}, },
{ {
"name": "arm64-debug-ossl1.1.1", "name": "x64-release",
"inherits": [ "base", "ossl1.1.1", "arm64", "debug" ] "inherits": [ "base", "x64", "release" ]
}, },
{ {
"name": "x86-debug-ossl3", "name": "arm64-release",
"inherits": [ "base", "ossl3", "x86", "debug" ] "inherits": [ "base", "arm64", "release" ]
}, },
{ {
"name": "x86-debug-ossl1.1.1", "name": "x86-release",
"inherits": [ "base", "ossl1.1.1", "x86", "debug" ] "inherits": [ "base", "x86", "release" ]
}, },
{ {
"name": "x64-release-ossl3", "name": "x64-debug-ovpn3",
"inherits": [ "base", "ossl3", "x64", "release" ] "inherits": [ "x64-debug", "ovpn3" ]
}, },
{ {
"name": "x64-release-ossl1.1.1", "name": "arm64-debug-ovpn3",
"inherits": [ "base", "ossl1.1.1", "x64", "release" ] "inherits": [ "arm64-debug", "ovpn3" ]
}, },
{ {
"name": "arm64-release-ossl3", "name": "x86-debug-ovpn3",
"inherits": [ "base", "ossl3", "arm64", "release" ] "inherits": [ "x86-debug", "ovpn3" ]
}, },
{ {
"name": "arm64-release-ossl1.1.1", "name": "x64-release-ovpn3",
"inherits": [ "base", "ossl1.1.1", "arm64", "release" ] "inherits": [ "x64-release", "ovpn3" ]
}, },
{ {
"name": "x86-release-ossl3", "name": "arm64-release-ovpn3",
"inherits": [ "base", "ossl3", "x86", "release" ] "inherits": [ "arm64-release", "ovpn3" ]
}, },
{ {
"name": "x86-release-ossl1.1.1", "name": "x86-release-ovpn3",
"inherits": [ "base", "ossl1.1.1", "x86", "release" ] "inherits": [ "x86-release", "ovpn3" ]
},
{
"name": "x64-debug-ossl3-ovpn3",
"inherits": [ "x64-debug-ossl3", "ovpn3" ]
},
{
"name": "x64-debug-ossl1.1.1-ovpn3",
"inherits": [ "x64-debug-ossl1.1.1", "ovpn3" ]
},
{
"name": "arm64-debug-ossl3-ovpn3",
"inherits": [ "arm64-debug-ossl3", "ovpn3" ]
},
{
"name": "arm64-debug-ossl1.1.1-ovpn3",
"inherits": [ "arm64-debug-ossl1.1.1", "ovpn3" ]
},
{
"name": "x86-debug-ossl3-ovpn3",
"inherits": [ "x86-debug-ossl3", "ovpn3" ]
},
{
"name": "x86-debug-ossl1.1.1-ovpn3",
"inherits": [ "x86-debug-ossl1.1.1", "ovpn3" ]
},
{
"name": "x64-release-ossl3-ovpn3",
"inherits": [ "x64-release-ossl3", "ovpn3" ]
},
{
"name": "x64-release-ossl1.1.1-ovpn3",
"inherits": [ "x64-release-ossl1.1.1", "ovpn3" ]
},
{
"name": "arm64-release-ossl3-ovpn3",
"inherits": [ "arm64-release-ossl3", "ovpn3" ]
},
{
"name": "arm64-release-ossl1.1.1-ovpn3",
"inherits": [ "arm64-release-ossl1.1.1", "ovpn3" ]
},
{
"name": "x86-release-ossl3-ovpn3",
"inherits": [ "x86-release-ossl3", "ovpn3" ]
},
{
"name": "x86-release-ossl1.1.1-ovpn3",
"inherits": [ "x86-release-ossl1.1.1", "ovpn3" ]
} }
], ],
"buildPresets": [ "buildPresets": [
{ {
"name": "x64-release-ossl3", "name": "x64-release",
"configurePreset": "x64-release-ossl3", "configurePreset": "x64-release",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x64-release-ossl1.1.1", "name": "x86-release",
"configurePreset": "x64-release-ossl1.1.1", "configurePreset": "x86-release",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x86-release-ossl3", "name": "arm64-release",
"configurePreset": "x86-release-ossl3", "configurePreset": "arm64-release",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x86-release-ossl1.1.1", "name": "x64-debug",
"configurePreset": "x86-release-ossl1.1.1", "configurePreset": "x64-debug",
"configuration": "Release"
},
{
"name": "arm64-release-ossl3",
"configurePreset": "arm64-release-ossl3",
"configuration": "Release"
},
{
"name": "arm64-release-ossl1.1.1",
"configurePreset": "arm64-release-ossl1.1.1",
"configuration": "Release"
},
{
"name": "x64-debug-ossl3",
"configurePreset": "x64-debug-ossl3",
"configuration": "Debug" "configuration": "Debug"
}, },
{ {
"name": "x64-debug-ossl1.1.1", "name": "x86-debug",
"configurePreset": "x64-debug-ossl1.1.1", "configurePreset": "x86-debug",
"configuration": "Debug" "configuration": "Debug"
}, },
{ {
"name": "x86-debug-ossl3", "name": "arm64-debug",
"configurePreset": "x86-debug-ossl3", "configurePreset": "arm64-debug",
"configuration": "Debug" "configuration": "Debug"
}, },
{ {
"name": "x86-debug-ossl1.1.1", "name": "x64-release-ovpn3",
"configurePreset": "x86-debug-ossl1.1.1", "configurePreset": "x64-release-ovpn3",
"configuration": "Debug"
},
{
"name": "arm64-debug-ossl3",
"configurePreset": "arm64-debug-ossl3",
"configuration": "Debug"
},
{
"name": "arm64-debug-ossl1.1.1",
"configurePreset": "arm64-debug-ossl1.1.1",
"configuration": "Debug"
},
{
"name": "x64-release-ossl3-ovpn3",
"configurePreset": "x64-release-ossl3-ovpn3",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x64-release-ossl1.1.1-ovpn3", "name": "x86-release-ovpn3",
"configurePreset": "x64-release-ossl1.1.1-ovpn3", "configurePreset": "x86-release-ovpn3",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x86-release-ossl3-ovpn3", "name": "arm64-release-ovpn3",
"configurePreset": "x86-release-ossl3-ovpn3", "configurePreset": "arm64-release-ovpn3",
"configuration": "Release" "configuration": "Release"
}, },
{ {
"name": "x86-release-ossl1.1.1-ovpn3", "name": "x64-debug-ovpn3",
"configurePreset": "x86-release-ossl1.1.1-ovpn3", "configurePreset": "x64-debug-ovpn3",
"configuration": "Release"
},
{
"name": "arm64-release-ossl3-ovpn3",
"configurePreset": "arm64-release-ossl3-ovpn3",
"configuration": "Release"
},
{
"name": "arm64-release-ossl1.1.1-ovpn3",
"configurePreset": "arm64-release-ossl1.1.1-ovpn3",
"configuration": "Release"
},
{
"name": "x64-debug-ossl3-ovpn3",
"configurePreset": "x64-debug-ossl3-ovpn3",
"configuration": "Debug" "configuration": "Debug"
}, },
{ {
"name": "x64-debug-ossl1.1.1-ovpn3", "name": "x86-debug-ovpn3",
"configurePreset": "x64-debug-ossl1.1.1-ovpn3", "configurePreset": "x86-debug-ovpn3",
"configuration": "Debug" "configuration": "Debug"
}, },
{ {
"name": "x86-debug-ossl3-ovpn3", "name": "arm64-debug-ovpn3",
"configurePreset": "x86-debug-ossl3-ovpn3", "configurePreset": "arm64-debug-ovpn3",
"configuration": "Debug"
},
{
"name": "x86-debug-ossl1.1.1-ovpn3",
"configurePreset": "x86-debug-ossl1.1.1-ovpn3",
"configuration": "Debug"
},
{
"name": "arm64-debug-ossl3-ovpn3",
"configurePreset": "arm64-debug-ossl3-ovpn3",
"configuration": "Debug"
},
{
"name": "arm64-debug-ossl1.1.1-ovpn3",
"configurePreset": "arm64-debug-ossl1.1.1-ovpn3",
"configuration": "Debug" "configuration": "Debug"
} }
] ]

4
Makefile.am
View File

@ -44,7 +44,7 @@ dist_doc_DATA = \
COPYING \ COPYING \
README.rst README.rst
AM_CPPFLAGS = $(OPENSSL_CRYPTO_CFLAGS) -D_UNICODE $(JSON_CFLAGS) AM_CPPFLAGS = -D_UNICODE $(JSON_CFLAGS)
AM_CFLAGS = -municode AM_CFLAGS = -municode
openvpn_gui_RESOURCES = \ openvpn_gui_RESOURCES = \
@ -94,7 +94,6 @@ openvpn_gui_SOURCES = \
viewlog.c viewlog.h \ viewlog.c viewlog.h \
service.c service.h \ service.c service.h \
options.c options.h \ options.c options.h \
passphrase.c passphrase.h \
proxy.c proxy.h \ proxy.c proxy.h \
registry.c registry.h \ registry.c registry.h \
scripts.c scripts.h \ scripts.c scripts.h \
@ -115,7 +114,6 @@ openvpn_gui_SOURCES = \
openvpn_gui_LDFLAGS = -mwindows openvpn_gui_LDFLAGS = -mwindows
openvpn_gui_LDADD = \ openvpn_gui_LDADD = \
openvpn-gui-res.o \ openvpn-gui-res.o \
$(OPENSSL_CRYPTO_LIBS) \
-lws2_32 \ -lws2_32 \
-lcomctl32 \ -lcomctl32 \
-lwinhttp \ -lwinhttp \

24
configure.ac
View File

@ -43,13 +43,6 @@ AC_ARG_ENABLE(
[enable_distonly="no"] [enable_distonly="no"]
) )
AC_ARG_ENABLE(
[password-change],
[AS_HELP_STRING([--disable-password-change], [disable password change support @<:@default=yes@:>@])],
,
[enable_password_change="yes"]
)
AC_ARG_ENABLE( AC_ARG_ENABLE(
[ovpn3], [ovpn3],
[AS_HELP_STRING([--enable-ovpn3], [enable openvpn3 agent and client @<:@default=no@:>@])], [AS_HELP_STRING([--enable-ovpn3], [enable openvpn3 agent and client @<:@default=no@:>@])],
@ -84,23 +77,6 @@ AC_PROG_INSTALL
AC_PROG_LN_S AC_PROG_LN_S
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
if test "${enable_password_change}" = "yes"; then
PKG_PROG_PKG_CONFIG
PKG_CHECK_MODULES(
[OPENSSL_CRYPTO],
[libcrypto >= 0.9.6],
,
[AC_CHECK_LIB(
[crypto],
[RSA_new],
[OPENSSL_CRYPTO_LIBS="-lcrypto"],
[test "${enable_distonly}" = "no" && AC_MSG_ERROR([Cannot find OpenSSL library])]
)]
)
else
AC_DEFINE([DISABLE_CHANGE_PASSWORD],[1],[disable password change])
fi
test "${GCC}" = "yes" && CFLAGS="${CFLAGS} -pedantic -Wall -Wextra" test "${GCC}" = "yes" && CFLAGS="${CFLAGS} -pedantic -Wall -Wextra"
AC_CONFIG_FILES([Makefile plap/Makefile]) AC_CONFIG_FILES([Makefile plap/Makefile])

16
main.c
View File

@ -41,7 +41,6 @@
#include "service.h" #include "service.h"
#include "main.h" #include "main.h"
#include "options.h" #include "options.h"
#include "passphrase.h"
#include "proxy.h" #include "proxy.h"
#include "registry.h" #include "registry.h"
#include "openvpn-gui-res.h" #include "openvpn-gui-res.h"
@ -52,10 +51,6 @@
#include "echo.h" #include "echo.h"
#include "as.h" #include "as.h"
#ifndef DISABLE_CHANGE_PASSWORD
#include <openssl/crypto.h>
#endif
#define OVPN_EXITCODE_ERROR 1 #define OVPN_EXITCODE_ERROR 1
#define OVPN_EXITCODE_TIMEOUT 2 #define OVPN_EXITCODE_TIMEOUT 2
#define OVPN_EXITCODE_NOTREADY 3 #define OVPN_EXITCODE_NOTREADY 3
@ -291,12 +286,6 @@ int WINAPI _tWinMain (HINSTANCE hThisInstance,
GetProxyRegistrySettings(); GetProxyRegistrySettings();
#ifndef DISABLE_CHANGE_PASSWORD
/* Initialize OpenSSL */
set_openssl_env_vars();
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif /* DISABLE_CHANGE_PASSWORD */
/* The Window structure */ /* The Window structure */
wincl.hInstance = hThisInstance; wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName; wincl.lpszClassName = szClassName;
@ -672,11 +661,6 @@ LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM
else if (LOWORD(wParam) == IDM_CLEARPASSMENU) { else if (LOWORD(wParam) == IDM_CLEARPASSMENU) {
ResetSavePasswords(c); ResetSavePasswords(c);
} }
#ifndef DISABLE_CHANGE_PASSWORD
else if (LOWORD(wParam) == IDM_PASSPHRASEMENU) {
ShowChangePassphraseDialog(c);
}
#endif
break; break;
case WM_CLOSE: case WM_CLOSE:

3
main.h
View File

@ -31,9 +31,6 @@
//#define DEBUG //#define DEBUG
#define DEBUG_FILE L"C:\\windows\\temp\\openvpngui_debug.txt" #define DEBUG_FILE L"C:\\windows\\temp\\openvpngui_debug.txt"
/* Define this to disable Change Password support */
//#define DISABLE_CHANGE_PASSWORD
/* Registry key for User Settings */ /* Registry key for User Settings */
#define GUI_REGKEY_HKCU _T("Software\\OpenVPN-GUI") #define GUI_REGKEY_HKCU _T("Software\\OpenVPN-GUI")

51
misc.c
View File

@ -752,31 +752,6 @@ ImportConfigFile(const TCHAR* source, bool prompt_user)
RecreatePopupMenus(); RecreatePopupMenus();
} }
void
set_openssl_env_vars()
{
struct {
WCHAR *name;
WCHAR *value;
} ossl_env[] = {
{L"OPENSSL_CONF", L"ssl\\openssl.cnf"},
{L"OPENSSL_ENGINES", L"ssl\\engines"},
{L"OPENSSL_MODULES", L"ssl\\modules"}
};
for (size_t i = 0; i < _countof(ossl_env); i++)
{
size_t size = 0;
_wgetenv_s(&size, NULL, 0, ossl_env[i].name);
if (size == 0)
{
WCHAR val[MAX_PATH] = {0};
_sntprintf_0(val, L"%ls%ls", o.install_path, ossl_env[i].value);
_wputenv_s(ossl_env[i].name, val);
}
}
}
/* /*
* Find a free port to bind and return it in addr.sin_port * Find a free port to bind and return it in addr.sin_port
*/ */
@ -1082,3 +1057,29 @@ OVPNMsgWait(DWORD timeout, HWND hdlg)
} }
return true; return true;
} }
/*
* Create a random password from the printable ASCII range
*/
bool
GetRandomPassword(char *buf, size_t len)
{
HCRYPTPROV cp;
BOOL retval = FALSE;
unsigned i;
if (!CryptAcquireContext(&cp, NULL, NULL, PROV_DSS, CRYPT_VERIFYCONTEXT))
return FALSE;
if (!CryptGenRandom(cp, len, (PBYTE) buf))
goto out;
/* Make sure all values are between 0x21 '!' and 0x7e '~' */
for (i = 0; i < len; ++i)
buf[i] = (buf[i] & 0x5d) + 0x21;
retval = TRUE;
out:
CryptReleaseContext(cp, 0);
return retval;
}

7
misc.h
View File

@ -81,11 +81,6 @@ void ImportConfigFile(const TCHAR* path, bool prompt_user);
BOOL BOOL
GetDlgItemTextUtf8(HWND hDlg, int id, LPSTR* str, int* len); GetDlgItemTextUtf8(HWND hDlg, int id, LPSTR* str, int* len);
/*
* Set env vars used by OpenSSL to sane values.
*/
void set_openssl_env_vars(void);
/* Return escaped copy of a string */ /* Return escaped copy of a string */
char *escape_string(const char *str); char *escape_string(const char *str);
@ -159,4 +154,6 @@ DWORD RunAsAdmin(const WCHAR *cmd, const WCHAR *params);
*/ */
bool OVPNMsgWait(DWORD timeout, HWND hdlg); bool OVPNMsgWait(DWORD timeout, HWND hdlg);
bool GetRandomPassword(char *buf, size_t len);
#endif #endif

1
openvpn.c
View File

@ -53,7 +53,6 @@
#include "scripts.h" #include "scripts.h"
#include "viewlog.h" #include "viewlog.h"
#include "proxy.h" #include "proxy.h"
#include "passphrase.h"
#include "localization.h" #include "localization.h"
#include "misc.h" #include "misc.h"
#include "access.h" #include "access.h"

5
openvpn_config.c
View File

@ -33,7 +33,6 @@
#include "localization.h" #include "localization.h"
#include "save_pass.h" #include "save_pass.h"
#include "misc.h" #include "misc.h"
#include "passphrase.h"
typedef enum typedef enum
{ {
@ -120,10 +119,6 @@ AddConfigFileToList(int group, const TCHAR *filename, const TCHAR *config_dir)
c->manage.skaddr.sin_addr.s_addr = inet_addr("127.0.0.1"); c->manage.skaddr.sin_addr.s_addr = inet_addr("127.0.0.1");
c->manage.skaddr.sin_port = htons(o.mgmt_port_offset + c->id); c->manage.skaddr.sin_port = htons(o.mgmt_port_offset + c->id);
#ifndef DISABLE_CHANGE_PASSWORD
if (CheckKeyFileWriteAccess (c))
c->flags |= FLAG_ALLOW_CHANGE_PASSPHRASE;
#endif
if (wcsstr(config_dir, o.config_auto_dir)) if (wcsstr(config_dir, o.config_auto_dir))
{ {
c->flags |= FLAG_DAEMON_PERSISTENT; c->flags |= FLAG_DAEMON_PERSISTENT;

809
passphrase.c
View File

@ -1,809 +0,0 @@
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
* 2010 Heiko Hund <heikoh@users.sf.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef DISABLE_CHANGE_PASSWORD
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#if defined(_MSC_VER) && !defined(_M_ARM64)
#include <openssl/applink.c>
#endif
#endif
#include <windows.h>
#include <wincrypt.h>
#include "main.h"
#include "options.h"
#include "passphrase.h"
#include "openvpn.h"
#include "openvpn-gui-res.h"
#include "chartable.h"
#include "localization.h"
#include "misc.h"
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
static OSSL_PROVIDER *legacy = NULL;
#endif
extern options_t o;
/*
* Create a random password from the printable ASCII range
*/
BOOL
GetRandomPassword(char *buf, size_t len)
{
HCRYPTPROV cp;
BOOL retval = FALSE;
unsigned i;
if (!CryptAcquireContext(&cp, NULL, NULL, PROV_DSS, CRYPT_VERIFYCONTEXT))
return FALSE;
if (!CryptGenRandom(cp, len, (PBYTE) buf))
goto out;
/* Make sure all values are between 0x21 '!' and 0x7e '~' */
for (i = 0; i < len; ++i)
buf[i] = (buf[i] & 0x5d) + 0x21;
retval = TRUE;
out:
CryptReleaseContext(cp, 0);
return retval;
}
#ifndef DISABLE_CHANGE_PASSWORD
const int KEYFILE_FORMAT_PKCS12 = 1;
const int KEYFILE_FORMAT_PEM = 2;
const int MIN_PASSWORD_LEN = 8;
/* Load legacy provider if not fips and not already
* loaded and return true if explicitly loaded.
*/
bool
load_legacy(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (EVP_default_properties_is_fips_enabled(NULL)
|| OSSL_PROVIDER_available(NULL, "legacy"))
{
return false;
}
legacy = OSSL_PROVIDER_load(NULL, "legacy");
if (!legacy)
{
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"failed to load legacy provider ");
}
return (legacy != NULL);
#else
return false;
#endif /* OPENSSL 3.0+ */
}
void
unload_legacy(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (legacy)
{
OSSL_PROVIDER_unload(legacy);
}
#endif /* OPENSSL 3.0+ */
}
/*
* Return TRUE if new passwords match
*/
static int
ConfirmNewPassword(HWND hwndDlg)
{
TCHAR newpsw[50];
TCHAR newpsw2[50];
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW, newpsw, _countof(newpsw) - 1);
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW2, newpsw2, _countof(newpsw2) - 1);
if (_tcsncmp(newpsw, newpsw2, _countof(newpsw)) == 0)
return true;
else
return false;
}
/*
* Return lengh of the new password
*/
static int
NewPasswordLengh(HWND hwndDlg)
{
TCHAR newpsw[50];
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW, newpsw, _countof(newpsw) - 1);
return (_tcslen(newpsw));
}
static int
ConvertUnicode2Ascii(WCHAR str_unicode[], char str_ascii[], unsigned int str_ascii_size)
{
unsigned int i;
unsigned int j;
int illegal_chars = false;
for (i=0; (i < wcslen(str_unicode)) && (i < (str_ascii_size - 1)); i++)
{
for (j=0; j <= 256; j++)
{
if (j == 256)
{
illegal_chars = true;
j = 0x2e;
break;
}
if (str_unicode[i] == unicode_to_ascii[j]) break;
}
str_ascii[i] = (char) j;
}
str_ascii[i] = '\0';
if (illegal_chars)
return(false);
else
return(true);
}
/*
* ChangePasswordPEM() returns:
* -1 Wrong password
* 0 Changing password failed for unknown reason
* 1 Password changed successfully
*/
static int
ChangePasswordPEM(HWND hwndDlg)
{
TCHAR keyfile[MAX_PATH];
char oldpsw[50];
char newpsw[50];
WCHAR oldpsw_unicode[50];
WCHAR newpsw_unicode[50];
FILE *fp;
EVP_PKEY *privkey;
/* Get filename, old_psw and new_psw from Dialog */
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_CUR, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1);
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1);
/* Convert Unicode to ASCII (CP850) */
ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw));
if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw)))
{
ShowLocalizedMsg(IDS_ERR_INVALID_CHARS_IN_PSW);
return(-1);
}
privkey = EVP_PKEY_new();
/* Open old keyfile for reading */
if (! (fp = _tfopen (keyfile, _T("r"))))
{
/* can't open key file */
ShowLocalizedMsg(IDS_ERR_OPEN_PRIVATE_KEY_FILE, keyfile);
return(0);
}
/* Import old key */
for (int trial = 0; trial < 2; trial++)
{
if ((privkey = PEM_read_PrivateKey (fp, NULL, NULL, oldpsw)))
{
break; /* key imported */
}
/* try again with legacy provider loaded */
else if (trial == 0 && load_legacy())
{
PrintDebug(L"Private key decrypt failed. Try again with legacy provider");
rewind(fp);
continue;
}
if (ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM)
{
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"OpenSSL error: unsupported algorithm");
}
unload_legacy();
/* wrong password? */
ShowLocalizedMsg(IDS_ERR_OLD_PWD_INCORRECT);
fclose(fp);
return(-1);
}
unload_legacy();
fclose(fp);
/* Open keyfile for writing */
if (! (fp = _tfopen (keyfile, _T("w"))))
{
/* can't open file rw */
ShowLocalizedMsg(IDS_ERR_OPEN_WRITE_KEY, keyfile);
EVP_PKEY_free(privkey);
return(0);
}
/* Write new key to file */
if (strlen(newpsw) == 0)
{
/* No passphrase */
if ( !(PEM_write_PrivateKey(fp, privkey, \
NULL, NULL, /* Use NO encryption */
0, 0, NULL)))
{
/* error writing new key */
ShowLocalizedMsg(IDS_ERR_WRITE_NEW_KEY, keyfile);
EVP_PKEY_free(privkey);
fclose(fp);
return(0);
}
}
else
{
/* Use passphrase */
if ( !(PEM_write_PKCS8PrivateKey(fp, privkey,
EVP_aes_256_cbc(),
newpsw, (int) strlen(newpsw), 0, NULL)))
{
/* can't write new key */
ShowLocalizedMsg(IDS_ERR_WRITE_NEW_KEY, keyfile);
EVP_PKEY_free(privkey);
fclose(fp);
return(0);
}
}
EVP_PKEY_free(privkey);
fclose(fp);
/* signal success to user */
ShowLocalizedMsg(IDS_NFO_PWD_CHANGED);
return(1);
}
/*
* ChangePasswordPKCS12() returns:
* -1 Wrong password
* 0 Changing password failed for unknown reason
* 1 Password changed successfully
*/
static int
ChangePasswordPKCS12(HWND hwndDlg)
{
TCHAR keyfile[MAX_PATH];
char oldpsw[50];
char newpsw[50];
WCHAR oldpsw_unicode[50];
WCHAR newpsw_unicode[50];
FILE *fp;
EVP_PKEY *privkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
char *alias;
/* Get filename, old_psw and new_psw from Dialog */
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_CUR, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1);
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1);
/* Convert Unicode to ASCII (CP850) */
ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw));
if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw)))
{
ShowLocalizedMsg(IDS_ERR_INVALID_CHARS_IN_PSW);
return(-1);
}
/* Load the PKCS #12 file */
if (!(fp = _tfopen(keyfile, _T("rb"))))
{
/* error opening file */
ShowLocalizedMsg(IDS_ERR_OPEN_PRIVATE_KEY_FILE, keyfile);
return(0);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose (fp);
if (!p12)
{
/* error reading PKCS #12 */
ShowLocalizedMsg(IDS_ERR_READ_PKCS12, keyfile);
return(0);
}
/* Parse the PKCS #12 file */
for (int trial = 0; trial < 2; trial++)
{
if (PKCS12_parse(p12, oldpsw, &privkey, &cert, &ca))
{
break;
}
/* try again with legacy provider loaded */
else if (trial == 0 && load_legacy())
{
continue;
}
if (ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM)
{
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"OpenSSL error: unsupported algorithm");
}
unload_legacy();
/* old password incorrect ? */
ShowLocalizedMsg(IDS_ERR_OLD_PWD_INCORRECT);
PKCS12_free(p12);
return(-1);
}
unload_legacy();
/* Free old PKCS12 object */
PKCS12_free(p12);
/* Get FriendlyName of old cert */
alias = (char*) X509_alias_get0(cert, NULL);
/* Create new PKCS12 object */
p12 = PKCS12_create(newpsw, alias, privkey, cert, ca, 0,0,0,0,0);
if (!p12)
{
/* create failed */
ShowLocalizedMsg(IDS_ERR_CREATE_PKCS12);
return(0);
}
/* Free old key, cert and ca */
EVP_PKEY_free(privkey);
X509_free(cert);
sk_X509_pop_free(ca, X509_free);
/* Open keyfile for writing */
if (!(fp = _tfopen(keyfile, _T("wb"))))
{
ShowLocalizedMsg(IDS_ERR_OPEN_WRITE_KEY, keyfile);
PKCS12_free(p12);
return(0);
}
/* Write new key to file */
i2d_PKCS12_fp(fp, p12);
PKCS12_free(p12);
fclose(fp);
/* signal success to user */
ShowLocalizedMsg(IDS_NFO_PWD_CHANGED);
return(1);
}
INT_PTR CALLBACK
ChangePassphraseDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, UNUSED LPARAM lParam)
{
HICON hIcon;
TCHAR keyfile[MAX_PATH];
int keyfile_format;
BOOL Translated;
switch (msg) {
case WM_INITDIALOG:
hIcon = LoadLocalizedIcon(ID_ICO_APP);
if (hIcon) {
SendMessage(hwndDlg, WM_SETICON, (WPARAM) (ICON_SMALL), (LPARAM) (hIcon));
SendMessage(hwndDlg, WM_SETICON, (WPARAM) (ICON_BIG), (LPARAM) (hIcon));
}
return FALSE;
case WM_COMMAND:
switch (LOWORD(wParam)) {
case IDOK:
/* Check if the type new passwords match. */
if (!ConfirmNewPassword (hwndDlg))
{
/* passwords don't match */
ShowLocalizedMsg(IDS_ERR_PWD_DONT_MATCH);
break;
}
/* Confirm if the new password is empty. */
if (NewPasswordLengh(hwndDlg) == 0)
{
if (ShowLocalizedMsgEx(MB_YESNO, NULL, _T(PACKAGE_NAME), IDS_NFO_EMPTY_PWD) == IDNO)
break;
}
/* Else check minimum length of password */
else if (NewPasswordLengh(hwndDlg) < MIN_PASSWORD_LEN)
{
ShowLocalizedMsg(IDS_ERR_PWD_TO_SHORT, MIN_PASSWORD_LEN);
break;
}
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
keyfile_format=GetDlgItemInt(hwndDlg, ID_TXT_KEYFORMAT, &Translated, FALSE);
if (keyfile_format == KEYFILE_FORMAT_PEM)
{
/* Change password of a PEM file */
if (ChangePasswordPEM(hwndDlg) == -1) /* Wrong password */
break;
}
else if (keyfile_format == KEYFILE_FORMAT_PKCS12)
{
/* Change password of a .P12 file */
if (ChangePasswordPKCS12(hwndDlg) == -1) /* Wrong password */
break;
}
else
{
/* Unknown key format */
ShowLocalizedMsg(IDS_ERR_UNKNOWN_KEYFILE_FORMAT);
}
DestroyWindow(hwndDlg);
break;
case IDCANCEL:
DestroyWindow(hwndDlg);
break;
}
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
case WM_CLOSE:
DestroyWindow(hwndDlg);
return FALSE;
}
return FALSE;
}
static int
LineBeginsWith(char *line, const char *keyword, const unsigned int len)
{
if (strncmp(line, keyword, len) == 0)
{
if ((line[len] == '\t') || (line[len] == ' '))
return true;
}
return false;
}
static int
ParseKeyFilenameLine(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, char *line)
{
const int STATE_INITIAL = 0;
const int STATE_READING_QUOTED_PARM = 1;
const int STATE_READING_UNQUOTED_PARM = 2;
int i=0;
unsigned int j=0;
int state = STATE_INITIAL;
int backslash=0;
TCHAR temp_filename[MAX_PATH];
while(line[i] != '\0')
{
if (state == STATE_INITIAL)
{
if (line[i] == '\"')
{
state=STATE_READING_QUOTED_PARM;
}
else if ((line[i] == 0x0A) || (line[i] == 0x0D))
break;
else if ((line[i] == ';') || (line[i] == '#'))
break;
else if ((line[i] != ' ') && (line[i] != '\t'))
{
if (line[i] == '\\')
{
if(!backslash)
{
keyfilename[j++]=line[i];
state=STATE_READING_UNQUOTED_PARM;
backslash=1;
}
else
{
backslash=0;
}
}
else
{
if (backslash) backslash=0;
keyfilename[j++]=line[i];
state=STATE_READING_UNQUOTED_PARM;
}
}
}
else if (state == STATE_READING_QUOTED_PARM)
{
if (line[i] == '\"')
break;
if ((line[i] == 0x0A) || (line[i] == 0x0D))
break;
if (line[i] == '\\')
{
if (!backslash)
{
keyfilename[j++]=line[i];
backslash=1;
}
else
{
backslash=0;
}
}
else
{
if (backslash) backslash=0;
keyfilename[j++]=line[i];
}
}
else if (state == STATE_READING_UNQUOTED_PARM)
{
if (line[i] == '\"')
break;
if ((line[i] == 0x0A) || (line[i] == 0x0D))
break;
if ((line[i] == ';') || (line[i] == '#'))
break;
if (line[i] == ' ')
break;
if (line[i] == '\t')
break;
if (line[i] == '\\')
{
if (!backslash)
{
keyfilename[j++]=line[i];
backslash=1;
}
else
{
backslash=0;
}
}
else
{
if (backslash) backslash=0;
keyfilename[j++]=line[i];
}
}
if (j >= (keyfilenamesize - 1))
{
/* key filename to long */
ShowLocalizedMsg(IDS_ERR_KEY_FILENAME_TO_LONG);
return(0);
}
i++;
}
keyfilename[j]='\0';
/* Prepend filename with configdir path if needed */
if ((keyfilename[0] != '\\') && (keyfilename[0] != '/') && (keyfilename[1] != ':'))
{
_tcsncpy(temp_filename, c->config_dir, _countof(temp_filename));
if (temp_filename[_tcslen(temp_filename) - 1] != '\\')
_tcscat(temp_filename, _T("\\"));
_tcsncat(temp_filename, keyfilename,
_countof(temp_filename) - _tcslen(temp_filename) - 1);
_tcsncpy(keyfilename, temp_filename, keyfilenamesize - 1);
}
return(1);
}
static int
GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int *keyfile_format, bool silent)
{
FILE *fp = NULL;
char line[256];
int found_key=0;
int found_pkcs12=0;
TCHAR configfile_path[MAX_PATH];
int ret = 0;
_tcsncpy(configfile_path, c->config_dir, _countof(configfile_path));
if (!(configfile_path[_tcslen(configfile_path)-1] == '\\'))
_tcscat(configfile_path, _T("\\"));
_tcsncat(configfile_path, c->config_file,
_countof(configfile_path) - _tcslen(configfile_path) - 1);
if (!(fp=_tfopen(configfile_path, _T("r"))))
{
/* can't open config file */
if (!silent)
ShowLocalizedMsg(IDS_ERR_OPEN_CONFIG, configfile_path);
goto out;
}
while (fgets(line, sizeof (line), fp))
{
if (LineBeginsWith(line, "key", 3))
{
if (found_key)
{
/* only one key option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_KEY_OPTION);
goto out;
}
if (found_pkcs12)
{
/* key XOR pkcs12 */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
goto out;
}
found_key=1;
*keyfile_format = KEYFILE_FORMAT_PEM;
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[4]))
goto out;
}
if (LineBeginsWith(line, "pkcs12", 6))
{
if (found_pkcs12)
{
/* only one pkcs12 option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_PKCS12_OPTION);
goto out;
}
if (found_key)
{
/* only key XOR pkcs12 */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
goto out;
}
found_pkcs12=1;
*keyfile_format = KEYFILE_FORMAT_PKCS12;
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[7]))
goto out;
}
}
if ((!found_key) && (!found_pkcs12))
{
/* must have key or pkcs12 option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_HAVE_KEY_OR_PKCS12);
goto out;
}
ret = 1;
out:
if (fp)
fclose(fp);
return ret;
}
static DWORD WINAPI
ChangePassphraseThread(LPVOID data)
{
HWND hwndChangePSW;
MSG messages;
TCHAR conn_name[100];
TCHAR keyfilename[MAX_PATH];
int keyfile_format=0;
connection_t *c = data;
/* Cut of extention from config filename. */
_tcsncpy(conn_name, c->config_file, _countof(conn_name));
conn_name[_tcslen(conn_name) - (_tcslen(o.ext_string)+1)]=0;
/* Get Key filename from config file */
if (!GetKeyFilename(c, keyfilename, _countof(keyfilename), &keyfile_format, false))
{
ExitThread(1);
}
/* Show ChangePassphrase Dialog */
hwndChangePSW = CreateLocalizedDialog(ID_DLG_CHGPASS, ChangePassphraseDialogFunc);
if (!hwndChangePSW)
ExitThread(1);
SetDlgItemText(hwndChangePSW, ID_TXT_KEYFILE, keyfilename);
SetDlgItemInt(hwndChangePSW, ID_TXT_KEYFORMAT, (UINT) keyfile_format, FALSE);
SetWindowText(hwndChangePSW, LoadLocalizedString(IDS_NFO_CHANGE_PWD, conn_name));
ShowWindow(hwndChangePSW, SW_SHOW);
/* Run the message loop. It will run until GetMessage() returns 0 */
while (GetMessage (&messages, NULL, 0, 0))
{
if(!IsDialogMessage(hwndChangePSW, &messages))
{
TranslateMessage(&messages);
DispatchMessage(&messages);
}
}
CloseHandle (hwndChangePSW);
ExitThread(0);
}
void
ShowChangePassphraseDialog(connection_t *c)
{
HANDLE hThread;
DWORD IDThread;
/* Start a new thread to have our own message-loop for this dialog */
hThread = CreateThread(NULL, 0, ChangePassphraseThread, c, 0, &IDThread);
if (hThread == NULL)
{
/* error creating thread */
ShowLocalizedMsg(IDS_ERR_CREATE_PASS_THREAD);
return;
}
CloseHandle (hThread);
}
bool
CheckKeyFileWriteAccess (connection_t *c)
{
TCHAR keyfile[MAX_PATH];
int format = 0;
if (!GetKeyFilename (c, keyfile, _countof(keyfile), &format, true))
return FALSE;
else
return CheckFileAccess (keyfile, GENERIC_WRITE);
}
#endif

35
passphrase.h
View File

@ -1,35 +0,0 @@
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
* 2010 Heiko Hund <heikoh@users.sf.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PASSPHRASE_H
#define PASSPHRASE_H
#include "options.h"
BOOL GetRandomPassword(char *, size_t);
#ifndef DISABLE_CHANGE_PASSWORD
void ShowChangePassphraseDialog(connection_t *);
#endif
BOOL CheckKeyFileWriteAccess (connection_t *);
#endif

2
plap/Makefile.am
View File

@ -37,7 +37,7 @@ lib_LTLIBRARIES = libopenvpn_plap.la
AM_CPPFLAGS = -I$(srcdir)/.. AM_CPPFLAGS = -I$(srcdir)/..
libopenvpn_plap_la_CFLAGS = -DDISABLE_PASSWORD_CHANGE -D_UNICODE -municode libopenvpn_plap_la_CFLAGS = -D_UNICODE -municode
test_plap_CXXFLAGS = -DDEBUG -D_UNICODE -municode test_plap_CXXFLAGS = -DDEBUG -D_UNICODE -municode
libopenvpn_plap_la_RESOURCES = \ libopenvpn_plap_la_RESOURCES = \

6
plap/stub.c
View File

@ -176,12 +176,6 @@ void echo_msg_load(UNUSED connection_t *c)
return; return;
} }
BOOL GetRandomPassword(char *p, size_t len)
{
if (p && len > 0) *p = '\0';
return 0;
}
BOOL CheckKeyFileWriteAccess(UNUSED connection_t *c) BOOL CheckKeyFileWriteAccess(UNUSED connection_t *c)
{ {
return 0; return 0;

2
save_pass.c
View File

@ -8,7 +8,7 @@
#include "main.h" #include "main.h"
#include "registry.h" #include "registry.h"
#include "save_pass.h" #include "save_pass.h"
#include "passphrase.h" #include "misc.h"
#define KEY_PASS_DATA L"key-data" #define KEY_PASS_DATA L"key-data"
#define AUTH_PASS_DATA L"auth-data" #define AUTH_PASS_DATA L"auth-data"

10
tray.c
View File

@ -207,11 +207,6 @@ CreatePopupMenus()
AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenu, MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenu, MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS));
#ifndef DISABLE_CHANGE_PASSWORD
if (o.chead->flags & FLAG_ALLOW_CHANGE_PASSPHRASE)
AppendMenu(hMenu, MF_STRING, IDM_PASSPHRASEMENU, LoadLocalizedString(IDS_MENU_PASSPHRASE));
#endif
AppendMenu(hMenu, MF_SEPARATOR, 0, 0); AppendMenu(hMenu, MF_SEPARATOR, 0, 0);
hMenuImport = CreatePopupMenu(); hMenuImport = CreatePopupMenu();
@ -303,11 +298,6 @@ CreatePopupMenus()
AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenuConn[i], MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenuConn[i], MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS));
#ifndef DISABLE_CHANGE_PASSWORD
if (c->flags & FLAG_ALLOW_CHANGE_PASSPHRASE)
AppendMenu(hMenuConn[i], MF_STRING, IDM_PASSPHRASEMENU, LoadLocalizedString(IDS_MENU_PASSPHRASE));
#endif
SetMenuStatus(c, c->state); SetMenuStatus(c, c->state);
} }
} }

3
vcpkg_manifests/openssl_3/vcpkg.json → vcpkg.json
View File

@ -2,7 +2,6 @@
"name": "openvpn-gui", "name": "openvpn-gui",
"version-string": "0.0.1", "version-string": "0.0.1",
"dependencies": [ "dependencies": [
"openssl",
"json-c" "json-c"
] ]
} }

15
vcpkg_manifests/openssl_1.1.1/vcpkg.json
View File

@ -1,15 +0,0 @@
{
"name": "openvpn-gui",
"version-string": "0.0.1",
"dependencies": [
"openssl",
"json-c"
],
"builtin-baseline": "4b766c1cd17205e1b768c4fadfd5f867c1d0510e",
"overrides": [
{
"name": "openssl",
"version-string": "1.1.1n"
}
]
}